Public Information

HISTORY.md

@@ -0,0 +1,409 @@
+# Version History
+
+## February 2025, beta 168
+
+- Remove extra certificate from RMS component
+
+## January 2025, beta 167
+
+- Update to nscale 9.3.1300
+- Added terminationGracePeriodSeconds to all PODs, can now be set with `.terminationGracePeriodSeconds`
+
+## december 2024, beta 166
+
+- the secondary disk is now optional and needs to be enabled with `mounts.disk.enabled: true`.
+- the default mount for the hid is now on the secondary disk. If you have hid enabled, this is a breaking change! Make sure you deal with existing HID files.
+
+## december 2024, beta 164
+
+- Separated the buffers and DA for performance reasons in nstl. The buffers are now stored on a new volume *disk*.
+- Added `/var/crash` to nstl, storing potential crash dumps on pTemp.
+
+## december 2024, beta 163
+
+- Update to nscale 9.3.1202
+- Next to .this.resources, you can now also set .this.sidecarResources and .this.initResources.
+  However, you should not do so unless you know what you are doing.
+
+## december 2024, beta 162
+
+- Changed Resources for Fluentbit Sidecar Container
+
+## december 2024, beta 161
+
+- Added startup probes for all components
+
+## November 2024, beta 160
+
+- Added a startup probe for nstl
+
+## November 2024, beta 159
+
+- Added .instance.stage to identify a stage
+
+## November 2024, beta 158
+
+- Added service.name for Open Telemetry
+
+## Oktober 2024, beta 157
+
+- Latest ERP-Proxy Version by Ceyoniq. This also has been **renamed** to **erpproxy** to match the **eprcmis** connector chart naming
+- First BETA of ERP-CMIS Connector in directory **erpcmis**
+- Added the possibility to add Annotations to Payloads, for the use with OpenTelemetry  
+  Also see [here](https://opentelemetry.io/docs/kubernetes/operator/automatic/)
+- Also added hard coded openTelemetry support for convenience
+- Fixed a bug where the prepper chart waited for post sync in argo deployments
+
+## Oktober 2024, beta 156
+
+- nscale ERP Proxy Chart now available. There is still a bug in this first image by Ceyoniq, so the chart will not bring up a running
+  system yet. But the Values are in, so you can start setting up the instances.
+
+## Oktober 2024, beta 155
+
+- Added the possibility to use configMaps and secrets in the generic mount interface.  
+  Please see the *generic* example for details
+
+## September 2024, release 1.2.1500
+
+- Update to nscale 9.2.1502
+- Added value `logForwarder.db` to set a fully qualified path to the database file, in case you do not want to have it along the logs.  
+  Example:
+  ```
+  logForwarder:
+  - name: Accounting
+    path: "/opt/ceyoniq/nscale-server/storage-layer/accounting/*.csv"
+    db: "/opt/ceyoniq/nscale-server/storage-layer/logsdb/logs.db"
+  ```
+- BASEFOLDER Value Typo corrected in SharePoint. Is now `Values.nappl.baseFolder`
+- The default value for `doInitialCrawl` was a bool. It is now a string `false` which is correct.
+- You can now add any extra Annotation to services and ingresses.
+  Example:
+  ```
+  global:
+    ingress:
+      annotations:
+        nginx.org/proxy-read-timeout: "20s"
+    service:
+      annotations:
+        consul.hashicorp.com/service-sync: "true"
+  ```
+- Add `.this.ingress.proxyReadTimeout` to set this extra annotation to ingress objects
+- Ports can now be disabled in NetworkPolicies, if you use a CNI driver that does not support them.
+  This is especially for the "endPort" Attribute, that is currently not supported by Cilium.
+- Added port 443 to the egress in Network Policies for Pods accessing the K8s API
+- there was a duplicate podDisruptionBudget. Fixed it.
+- Fixed a bug with respect to Volume Names / Static Volumes and Storage Classes
+- Correction of documentation regarding `global.pullSecretOverride` (wrong, missing s) and `global.pullSecretsOverride` (correct)
+- Fixed a bug where PAM could not communication with JOBSNAPPL in a HA scenario
+
+## August 2024, release 1.2.1400
+
+- Fixed bugs regarding KubePing Protocol in Version < 9.1
+
+- Fixed bugs regarding tenant-chart-agro. Be aware: It was the .helmignore after all.
+
+- Added nscale 9.1.1506 to versions and released the chart version to repo
+
+- The Application Chart now waits a minute before executing to prevent race condition problems
+- Setting SERVER_BASE_URL in Application Layer for SAML redirects to work
+- Added Liveness Probes
+
+- Added the possibility to define *PodDisruptionBudgets* for any component.
+
+- Added a readyness probe to postgres
+- reviewed the resource consumption and added better requests and limits. Also see the sample *resources*
+
+- Working on the documentation
+- updated sharepoint chart to meet the latest specs from Ceyoniq
+- Sharepoint Connector is now a StatefulSet
+- SharePoint DoInitialCrawl now defaults to false
+- Changed nstl and sharepoint updateStrategy to OnDelete
+- Update Sharepoint to version 9.2.1400
+
+- Update nscale auf 9.2.1402
+- The nstl HID Check was disabled by default, as it only made sense when using multiple volumes. Now, we habe pTemp since a few builds, so it makes  
+  sense now to store the hid file to pTemp. Therefore a new pTemp directory *hid* has been created to hold this file. The new sample *hid* shows how to turn this feature on.
+- nstl checks the *audit.log* size when starting up. After an update, the log directory on emptydir got deleted when re-creating the new pod. This caused  
+  the audit log to be empty and caused an error. The log directory of nstl has also now moved to pTemp to avoid this.
+- Added *limitations.md* to the docs directory and READMEs
+
+- Update jsonl structure to get AI Support Assistent running
+
+- Health Check des SP Connectors nun auf `/nscale_spc/images/icons/PowerPoint.svg`
+
+- Added *generic mounts* to be able to add any pre provisioned PV to a container. Like a smb, nfs oder cifs share with migration data for pipeliner for example.
+- Moved the nstl cluster service to the nstl chart and made sure the default ports etc. are used correctly
+- Bugfix in domain name
+
+- Adding *Service* configuration section to most components. This section can be used to disable a components service (along with the potential ingress) to  
+  be able to configure cluster services for retrieval (used in the SharePoint scenario). Please see the sharepoint sample for more information
+- Adding a clusterService configuration as an additional option to achieve above goal
+
+- Commented the SharePoint Probe out, because it needs work
+
+- New Instance Group Feature  
+  You can set an alternative `.instance.group` to bundle multiple Instances together. This will allow traffic to be passed beween all instances within this group.  
+  This is ment to be used for large instances that you might want to split up. Please see the `group` sample.
+- Fixed a bug in the resolver, preventing sliced maps to be deepCopied into .this
+
+- Fixed a bug concerning Postgres PullSecrets
+- Added pullSecretsOverride 
+- waitFor can now be turned off if you feel argoWaves are all you need:  
+  ```
+  utils.disableWait: true
+  ```
+- argoCD Waves can now be turned off if you feel waitFor is all you need:  
+  ```
+  utils.disableWave: true
+  ```
+- Added FluentBit:2.0 as default LogForwarder e.g. for the Accounting Log. 
+
+- Changed the default argoCD waves to make sure the prepper runs first
+- Fixed a bug, where the condition of the sharepoint instances were all bound to the same key
+- Adding *Maintenance Mode*, to start pods without starting the service, providing the possibility to gain access to the container to perform recovery tasks that need to be done offline. In order to do this:
+    - All *waitFor* definitions are ignored
+    - All *Health Checks* are ignored
+    - The container starts in idle
+    - Application Jobs are disabled
+  You can put a component, an instance or the whole environment into maintenance.
+- Adding a new values map: `.instance` holding `.instance.version` currently, showing the nscale Version installed (pinning the nappl)
+- Adding downward compatability for `nscaleVersion` and `componentVersion`
+- the *nplus Environment Chart* now has a *prepper* component you can turn on if needed
+- nstore Downloader is now *disabled* by default
+- Renamed Administrator Server aka RMS to *nplus Remote Management Server*  
+  This should show the proximity to the *nscale Remote Management Service* and the idea of using a *virtual Server* for the rich Admin Client
+- worked on Documentation
+- Re-Structuring the Samples Directory
+
+Breaking Changes
+
+- The **storageClass** of a static volume is now set to empty ("") to prevent the PV from being bound to the wrong PVC. We also recommend putting a claimRef into your PV to make sure only the correct PVC can bind to it.  
+  Your PV also has to set the storage class to "" otherwise it will not bind.  
+  see https://kubernetes.io/docs/concepts/storage/persistent-volumes/
+
+- Slicing Environment Chart into Subcharts:
+  The Environment Chart is now an Umbrella Chart. It references the operator, toolbox, dav and backend separately. By that means, you can now also add those charts to the Instance Umbrella Chart with *SIM*
+
+- Adding *SIM* to Instance
+  The *Single Instance Mode* lets you run a single *nplus Instance* in your namespace. The Instance *should* be named after the namespace. You can turn on the environmental components *operator, toolbox, dav and backend* in the Instance chart to get a single chart that brings all it needs
+
+- Excluding "globals" from ArgoCD Values
+  There was a large globals section in the ArgoCD Application, that was unnecessary. It is removed
+
+- Adding *Prepper* as a component to deploy git assets prior to component deployment:
+  Sometimes you need to deploy assets like Web Snippets to the Instance *before* any other component is deployed and initially started. The prepper can be used to download assets from git, extract tarballs and then calling scripts to perform any custom action. The prepper has no waitFor condition, thus running directly after the PVs are created, which happens in the *backend* chart of the environment. *Prepper* ist much like the *Application* Chart, but it of course cannot deploy anything into an Application Layer, as the nappl not yet exists.
+
+- Adding download capability to the Application Chart
+  You can now define downloads, that the Application Chart should perform prior to executing any script or App Installation
+
+- CIFS Mode for File Storage, preventing chmod from being run in scripts, is now *on* by default.
+- Renamed the *nappl* Cluster, if there is no prefix (as in instance name == Release.namespace due to SIM)
+- fixed a bug, where some resources (defaultconfig, networkpolicies, database config, ...) were not created in the release namespace but the default
+
+- Added `includeNamespace`
+  By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later
+
+Potentially Breaking Changes:
+
+- The former Environment Chart used non-Standard Labels you might have used for your firewall rules. These are now normalized and the new environmental components behave just like any other component.
+
+- Introduced *ptemp* as a persistent temp space, e.g. for the accounting logs or database dumps etc.
+- Accounting in Storage Layer: set `accounting: true` and the csv files will be written to *ptemp*
+
+## July 2024, release 1.2.1303
+
+- customizingMode as new switch in *web*
+- fixed a bug with timezone data
+- Add a key to switch off certificate generation if no issuer is set: createSelfSignedCertificate
+- Added tcps as port with 3006 to nstl
+- Fixed a bug with the resolver in combination with the instance name: Resolving was too late for some
+  String operations.
+- Normalized all examples that no more includes are used in templates (are not necessary any more) and also 
+  single quotes are normalized to double quotes for strings, as we now do not need to use double quotes for the
+  includes any more.
+- Adding nscale Web tls and completing Zerotrust Mode
+- Changed the default of priorityClasses: It is now OFF. See FAQ for documentation
+- global flags and defaults for TZDATA / Timezone setting
+
+Big things:
+
+- An all new Values sub-system:
+  - You can now stage **any** value!
+  - You can now override **any** value on **any** stage!
+  - This also works with your own values for your custom charts
+  - templates used in values are automatically and recursively resolved. This also works with your custom values!
+- Update to nscale 9.2.1302
+- Many cleanups
+
+Breaking Changes:
+
+- new .Values section: *meta*
+- *nscaleVersion* is now in section meta
+- *componentVersion* is now in section meta
+- *ports* is now in section meta
+- *type* is now in section meta
+- *wave* is now in section meta
+- *commercial.tenant* is now in section meta
+- *commercial.provider* is now in section meta
+
+Non breaking Changes:
+
+- *this*  
+    In code, you can now refer to `.this.*` instead of `.Values.*`.
+    *this* is build from .Values (for component values), .Values.global (for instance values) and .Values.global.environment (for environment values) automatically
+- automatic resolver  
+    after condensing the `.Values` into `.this`, a new recursive resolving function now looks for any template used in values and resolves it (using `.this` values)
+- new .Values section: *override*  
+    This section is automatically applied to all .this, overwriting any existing value.
+    *override* is also subject to automativ compression and resolving
+
+- Helper functions are moved from _helper.tpl to a new map in code, accessible via `$.component`.  
+    if you used helper functions in your templates, you need to port them. They are still working, but are depricated.
+
+- *_depricated.tpl* now holds depricated functions. They resolve to the new function / value and are subject for being removed in future majors.
+
+- new debugging mechanism:  
+    You might want to debug your values and functions and helm lacks some important functionality for this, like a callstack.
+    The new debug feature now provides this functionality. You can call `nplus.debug.enter` and `nplus.debug.leave` in your code to 
+    add this functionality to your own definitions.
+- debugging Values:
+    if debugging is enabled, Values are reported in the component custom resource. Just search for `DEBUG` in `helm template` code.
+- to enable debug, set `debug: true` on any level. Example:
+    ```
+    global:
+      environment:
+        utils:
+          debug: true
+    ```
+- debug also adds strict mode, so depricated functions are failing
+
+- *init function*  
+    if you want to use the new functionality (.this, .component, ...) in your template, call `include "nplus.init"` as first line in your code.
+    It initializes automatically
+
+- new .component section with calculated values for you to use in your templates.
+- fixed a bug, where nappl sync wave is after application sync wave (ArgoCD)
+- Sorting and Documenting the default ArgoCD Waves (see quickstart-argo)
+
+Breaking changes:
+
+- renamed nstlIPRange to nstlIpRange
+- In Application Chart, renamed .Values.rs to .Values.rs.host
+- In Application Chart, renamed .Values.nstl to .Values.nstl.host
+- changes in database Values.yaml, please check if you used it
+
+Non breaking changes:
+
+- Added nstlIpRange to the Storage Layer Chart to allow to open egress connections from internal Storage Layer to servers outside the cluster
+- New *defaultConfig* possibility to add default config files to Charts that are used prior to image templates (e.g. for a common cold.xml)
+- Added *sessionCacheStorageType* as a new parameter for NAPPL
+- Adding *dbIpRange* to the cni security options
+
+## June 2024, release 1.2.1204
+
+- RMS now including HA Mode (see samples)
+- Fixes a problem, that the SNC Files are not in the NAPPL lib directory
+- Encrypt Sample
+- ZeroTrust Mode
+- Code cleanup
+
+## June 2024, release 1.2.1203
+
+- Allow Application Scripts to run before and after globally and per DocArea
+- Add more logging to DAV Container
+- Add PAM and SharePoint Connector to dsl
+
+## June 2024, release 1.2.1202
+
+- Allow multiple nscale SharePoint Connector instances with a separate configuration each
+- Allow Certificate Stores to be defined as configMaps OR secrets
+- current alpha Version of nscale SharePoint Connector for testing
+
+## June 2024, release 1.2.1201
+
+- Fixed a bug in nscale Web due to the read only file system
+- Added SNC support to access SAP Server
+- Added Java Certificate Keystores (cacerts and component.store)
+
+## June 2024, release 1.2.1200
+
+- Update to nscale Version 9.2.1200
+- Adding nscale PAM (Process Automation Modeler) helm chart
+- Adding nscale SharePoint Connector helm Chart
+- Adding O365 Sample (with SP Connector)
+- Support extra fonts (like Microsoft Core Fonts)
+- Allow calling global or local custom installation scripts during initialization (application chart)
+- Add Applications to Health Status
+- Adding a *Zero Trust* Example (`zerotrust.yaml`). The functionality is not yet completely implemented, so this is alpha status.
+- Temporarily adding Custom Project API container ("dms-api") to the instance
+- Alpha Version of Ports cleanup
+
+## May 2024, Release 1.2.11xx
+
+- Support envFrom in all components, with secretRef. Set the secret name in `envSecret`
+- Support whitelisting in ingresses
+- Add Inter Pod AntiAffinity
+- Now using kube-linter for pre-release checking
+- Supporting CNI NetworkPolicies
+
+## Apr 2024, Release 1.2.1004
+
+- Test with nscale 9.2
+- Operator Web GUI switch
+- Deny in all ingresses
+- Added Priority Classes
+- Added Budgets
+- Support for volumeName in PVC to supress dynamic provisioning of PVs
+- Support for kubePing **and** KUBERNETES Discovery for Cluster Communication
+- Documentation Updates
+- Updates to dsl (nstl and operator)
+- Bug Fixes
+
+## Mar 2024, Release 1.1.1501
+
+- Added the Operator
+- Web GUI for Monitoring
+- RBAC enhancements
+- Remote Management Server (RMS) Preview
+
+## Feb 2024, Release 1.1.1401
+
+- Added Administrator Client
+
+## Jan 2024, Release 1.1.1302
+
+- Changed Packaging to enable new helm Repo (gitea)
+- Update dsl (C4) config files
+- Added support for up to 4 Storage Layer
+
+## Jan 2024, Release 1.1.1301
+
+- Fixed Application Chart Security Settings
+- Added possibility to easily overwrite Versions
+    (see versions/*.yaml and e90 Example)
+- Added Charts for nscale Administrator (RAP) and WebDAV Connector
+- Added nstl Cluster (up to 4 Storage Layer)
+- Added support for Docker Desktop Kubernetes
+
+
+## Jan 2024, Release 1.1.1300
+
+- Added Security Features:
+    - root-less Container
+    - dropped capabilities (all)
+    - read only root file systems on all container
+    - Prohibit Privilege Escalation
+- New Toolbox Image
+    - new (controlled source) "wait" function
+    - new (controlled source) "webdav server" function
+- Change DB Image to bitnami beacuse of better support for security features.
+    - User 1001 instead of 999
+    - no chown necessary
+    - support for read-only root
+- Support multi-temp paths (because of read-only root)
+
+## 23 December Release
+
+- Security Features:
+    - Support for Illumio Labels and Gates

README.md

@@ -0,0 +1,140 @@
+![logo_nplus](assets/logo_nplus.svg)
+
+The *nscale Plus Pack* (abbreviated as *nplus*) provides tools and instructions to deploy the [Ceyoniq](www.ceyoniq.com) *Enterprise Information Management* system [nscale](https://ceyoniq.com/produkte/) in a **multi-tenant** and **highly available** runtime environment in an **automated manner**. Additionally, the original **components are enhanced** to address common **enterprise requirements**.
+
+*nplus* is a **subscription**. The subscriber gains access to all *nplus* resources, ensuring an easy way to **protect their investment**.
+
+*nplus* does not include any nscale software, licenses or services, which are still to be obtained directly from Ceyoniq.
+
+
+## TL;DR
+
+Use `helm install` to install an nplus Instance. Setting the domain name is optional, but nplus will automatically generate an ingress including a certificate for you. 
+
+If you have *cert-manager* installed, it will issue a certificate for you. If not, nplus will generate a self-signed certificate.
+
+```bash
+helm install myinstance \
+    --set global.ingress.domain=myinstance.demo.nplus.cloud \
+    --set global.ingress.issuer=nplus-issuer \
+    nplus/nplus-instance
+```
+
+If you prefer to have *ArgoCD* perform the installation (instead of helm), you can use the *ArgoCD* chart to add the Argo Application:
+
+```bash
+helm install \
+  --set global.ingress.domain=myinstance-argo.demo.nplus.cloud \
+  --set global.ingress.issuer=nplus-issuer \
+  myinstance-argo nplus/nplus-instance-argo
+```
+
+
+
+You can check the status of the instance using:
+
+```bash
+# kubectl get instance
+NAME         HANDLER   VERSION    TENANT    STATUS
+myinstance   Helm      9.1.1501   default   starting
+```
+
+And the component status with:
+
+```bash
+# kubectl get components
+NAME                       INSTANCE     COMPONENT       VERSION    STATUS
+myinstance-nstl            myinstance   nstl            9.1.1200   healthy
+myinstance-rs              myinstance   rs              9.1.1300   healthy
+myinstance-database        myinstance   database        15         healthy
+myinstance-nappl           myinstance   nappl           9.1.1501   healthy
+myinstance-web             myinstance   web             9.1.1500   healthy
+myinstance-administrator   myinstance   administrator   9.1.1500   healthy
+```
+
+You can check the log files of the *Application Layer* for instance by typing:
+
+```bash
+# kubectl logs -l nplus/instance=myinstance,nplus/component=nappl
+```
+
+Uninstall myinstance using the following command:
+
+```bash
+helm uninstall myinstance
+```
+
+
+
+## Concept
+
+***nplus*** includes **helm charts** for individual components and umbrella charts orchestrating these components. It can be installed multiple times within a **Kubernetes cluster**, once **per namespace**. This allows the use of multiple separate *nplus* environments in a single Kubernetes cluster. For example, different **stages** (*DEV*, *QA*, *PROD*, etc.) or **tenants** (*A GmbH*, *B AG*, *C GbR*, ...) could be placed in different namespaces.
+
+With appropriate namespace separation, environments cannot see each other. However, it is optionally possible to create a separate namespace for **central services**, such as the *nscale Rendition Server* or the *nscale Storage Layer*, to be used across namespaces if desired.
+
+Within a Kubernetes namespace, the ***nplus environment*** manages any number of **instances**, **components** and **applications**:
+
+- An ***instance*** is a group of ***nscale**-*, ***nplus**-* and optionally ***open source**-* **components**, for example, an *nscale Application Layer* or a *KeyCloak* service. *nplus* includes separate, self-contained helm charts for each individual component, allowing a component to be deployed manually outside of an *instance*, although this is not recommended.
+
+- ***Applications*** are units that optionally bring *configurations* and *customizations* into the *instance*. This could include creating a document area or installing a customer record management via a ***Generic Base App***. Even ***smart apps*** can be packaged in applications. In the subscriber area, you find examples of *applications*, which are helm charts to transport your individual project specifics into an instance.
+
+  If you have custom components, such as an API component for business applications, you can also package them into an application to install them with the suite.
+
+For **GitOps projects**, all charts are also available as **ArgoCD** variants.
+
+A **central storage** for the **configuration data** of individual *components* is provided for each *nplus environment*. This central storage is versioned using **git**. All config files from all applications of an installation are stored here.
+
+
+
+## Features
+
+For operation in a Kubernetes cluster, *nplus* provides:
+
+- Versioned *helm charts* for all *nscale* components for installation, updating, and uninstallation.
+- The nscale components (Application Layer, Storage Layer, Web, CMIS, etc.) can be grouped into *instances* in any combination.
+- Multiple *instances* can run in a Kubernetes namespace (e.g., *Tenant1*, *Tenant2*, and *CentralServices*).
+- A namespace can represent either a tenant (e.g., *Sales*) or a stage (e.g., *prod*, *qa*, or *dev) if running multiple stages on one cluster.
+- Umbrella charts for complex environments, including:
+  - Optional LDAP directory with openLDAP.
+  - Optional central Single Sign-On with Multi-Factor Authentication using KeyCloak.
+  - Optional PostgreSQL database.
+  - Optional S3 connection for the Storage Layer.
+  - Optional Azure Blob connection for the Storage Layer.
+
+- All charts are also available in an *argoCD* variant to integrate them into a GitOps deployment pipeline.
+- Support for AppDynamics.
+- Support for security tools, especially Illumio, Cilium, or Calico.
+- Support for snc (for accessing SAP systems).
+- Support for cert-manager for automatic TLS certificate generation.
+- A separate application chart (*nplus Application*) for deploying and updating solutions.
+- Usability of the classic *nscale Administrator* in a K8s DEV environment, eliminating the need for developers and administrators to adapt.
+- Umbrella charts with tenant templates that can include and consolidate applications, solutions, and other external tools. Installing, uninstalling, or updating such tenants based on a template can then be done in a single line.
+- Use of dedicated Application Layers for jobs, SAP, and users. For each use case, any number of replicas can be specified.
+- Use of dedicated nscale Web instances for different departments, such as Department A and Department B. This allows loading different snippets or applying different SSO rules for each department.
+
+
+
+### Licensing
+
+The subscription credentials for *nplus* include access to the *nplus* (container) registry, the *nplus* (helm) repository, the *nplus* online documentation, and the *nplus* license from 42i GmbH.
+
+*nscale* must be obtained and licensed through the manufacturer (*Ceyoniq Technology GmbH*) as usual and is linked by *nplus*. You need access to the *nscale Container Registry* and a suitable *license.xml* for the instance.
+
+
+
+### Versioning
+
+The chart version of the *nplus* and *nplus-argocd* charts corresponds to the *nscale Application Layer* version. They include references to the components approved for this *nscale* version. This ensures that you always get the official versions from Ceyoniq in the official combination. This behavior can be individually adjusted, for example, if a web client needs to be tested with the latest version of the previous month's NAPPL.
+
+The (helm) app version corresponds to the helm git tag.
+
+The chart version of the components (*nappl*, *web*, ...) corresponds to the respective image version to pin them exactly. All charts can be used individually but require a suitable runtime environment (*nplus*) to run. They do not work outside of *nplus*. Within an *nplus* environment, additional individual components can be easily started.
+
+
+
+# Subscriber Area
+
+- The changelog is kept in the [HISTORY.md](/subscription/helm/src/branch/master/HISTORY.md).
+- More information, all source code, and samples can be found at the [official nplus repo](/subscription/helm).
+
+

VERSIONING.md

@@ -0,0 +1,47 @@
+
+# Versioning
+
+The *nplus chart versioning* is tied to the *nscale Application Layer* version, as we want to use `helm upgrade --version 9.2.1200` to upgrade to nappl 9.2.1200 for instance. As the Application Layer upgrades the database scheme in minor releases, this is the crutial version number.
+
+As the component charts also need to be deployable solo, so e.g. deploy a *nplus-component-web* chart into an existing instance, also the components use the version of the corresponding nscale component version. 
+
+So we end up having an *instance chart* version that is equal to the *nplus-component-nappl* chart version and a bunch of other components that might have different versions in that bundle, all tied to the component version.
+
+The *nplus code versioning*, meaning the version of the chart code, is written to the `appVersion` field in the `Chart.yaml`, so with a `helm list`, you will get both versions.
+
+The code is versioned with tags. If different code is necessary for specific versions of nscale, this is handled by the chart. So the latest chart code should be able to handle the latest nscale version and all versions below (since 8.0, the first container release). You can always take the code tagged with version and appVersion in the Chart.yaml and mix in completely different nscale versions to deploy a specific release with the current code version. Please see the samples how to do that.
+
+## Version Scheduling
+
+nscale releases monthly versions latest on the first weekday of the month. At the end of the first week, nplus releases the corresponding chart version. Since it is tied to the nscale versioning, also minor and major releases are using the nscale schedule: April and October for minors and April of every odd year for majors.
+
+## Version Naming
+
+The versioning uses *semver 2* (see [semver.org](https://semver.org)).
+
+Beta Versions get tagged with `-<build>`. In SemVer 2 syntax, these are pre-releases to the next version. In order to get the sorting correctly (so helm correctly fetches the *latest* version), pre-releases must use the version of the next release. Since these Versions are named by Ceyoniq for the nscale software, we do not know the next version for sure (but their naming theme is pretty straight and strict).
+
+However, what nplus does for this case is to increase the patch and use that on as the minimal next version. So after the release of version `9.2.1201` (nappl, thus als nplus), we will get the next development version `9.2.1202-1`. Until the next nscale release, probably being something like `9.2.130x`, when the pre-release then gets released and takes this version.
+
+## helm
+
+If you just use `helm install`, you will always get the latest released version available. Be carefull, as you might end up with an Application Layer version you might not want. So it is better to pin the version you want by something like `helm install --version 9.2.1200`.
+
+If you want to test with the latest development beta release, you can install `helm install --devel`, which gives you the latest beta.
+
+You can query available versions with `helm search repo nplus --versions --devel`
+
+So...
+
+- `helm search repo nplus` lists the latest released version of every component available
+- `helm search repo nplus --devel` lists the latest available version of every component available, including beta versions
+- `helm search repo nplus --versions --devel` lists all available versions of every component
+
+## Best Practise
+
+- use version pinning
+- use the right channel (--devel for dev, released for QA and PROD)
+
+## Using the chart source code
+
+The code in the git repository is updated automatically with the build version in development. So the `Chart.yaml` files get a new version with every push. The appVersion refers to the source code in the original (private) repo, so that - in case of a support call - the exact used code can be determined.

ai/README.md

@@ -0,0 +1,3 @@
+# Ingest Formats
+
+This directory contains the *nplus* documentation in formats, easily digestible for AI LLMs.

ai/jsonl/README.md

@@ -0,0 +1,4 @@
+# Documentation in jsonl format
+
+This directory contains the *nplus* documentation in an jsonl format to be injested into LLMs. This idea is to be able to create a support assistent, who can help with 
+the *nplus* chart configuration.

ai/jsonl/chart_administrator.jsonl

@@ -0,0 +1,137 @@
+{ "chart_name": "nplus-component-administrator", "chart_version": "1.2.1500-169", "chart_description": "nscale Administrator, providing the Web Version of the Administrator to be used in the Instance" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
+{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
+{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
+{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the  instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
+{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
+{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
+{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
+{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
+{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
+{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
+{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
+{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
+{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
+{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
+{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
+{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
+{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
+{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
+{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
+{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
+{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
+{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
+{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
+{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
+{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
+{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
+{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
+{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
+{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
+{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
+{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
+{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
+{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
+{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
+{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
+{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
+{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
+{ "key": "nappl.host", "description": "nappl host name", "default": "" }
+{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
+{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
+{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
+{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
+{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
+{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
+{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
+{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
+{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed.", "default": "" }
+

ai/jsonl/chart_application.jsonl

@@ -0,0 +1,116 @@
+{ "chart_name": "nplus-application", "chart_version": "1.2.1500-169", "chart_description": "nplus Application, used to install Apps and Customizations into the nscale Application Layer." }
+{ "key": "docAreas", "description": "Provide a list of docareas to create. Please also see the example files", "default": "" }
+{ "key": "download", "description": "A list of URLs (Links) to Assets to download before anything else if the download is a .tar.gz, it is automatically untared to /pool/downloads", "default": "" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
+{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
+{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
+{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
+{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
+{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
+{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
+{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
+{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
+{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
+{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
+{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
+{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
+{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
+{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
+{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
+{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
+{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
+{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
+{ "key": "nappl.host", "description": "nappl host name", "default": "" }
+{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
+{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
+{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
+{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
+{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "nstl.host", "description": "The dns of the *nscale Server Storage Layer*. This is used to add it to the nappl configuration", "default": "" }
+{ "key": "prerun", "description": "A list of scripts to run before the deployment of Apps", "default": "" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "rs.host", "description": "The dns of the *nscale rendition Server*. This is used to add it to the nappl configuration", "default": "" }
+{ "key": "run", "description": "A list of scripts to run after the deployment of Apps", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed.", "default": "" }
+

ai/jsonl/chart_cmis.jsonl

@@ -0,0 +1,140 @@
+{ "chart_name": "nplus-component-cmis", "chart_version": "1.2.1500-169", "chart_description": "nscale CMIS Connector, provides a CMIS Interface to the Instance" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
+{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
+{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
+{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the  instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
+{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
+{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
+{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
+{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
+{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
+{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
+{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
+{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
+{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
+{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
+{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
+{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
+{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
+{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
+{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "minReplicaCount", "description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
+{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
+{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
+{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
+{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
+{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
+{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
+{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
+{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
+{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
+{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
+{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
+{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
+{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
+{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
+{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
+{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
+{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
+{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
+{ "key": "nappl.host", "description": "nappl host name", "default": "" }
+{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
+{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
+{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
+{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
+{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "replicaCount", "description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.", "default": "" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
+{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
+{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
+{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
+{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "updateStrategy", "description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed.", "default": "" }
+

ai/jsonl/chart_database.jsonl

@@ -0,0 +1,117 @@
+{ "chart_name": "nplus-component-database", "chart_version": "1.2.1500-169", "chart_description": "Postgres Database, deploys a DEV or TESTING environment DB" }
+{ "key": "database.account", "description": "the technical account to own the nscale database, if not set by secret", "default": "" }
+{ "key": "database.name", "description": "name of the nscale database", "default": "" }
+{ "key": "database.password", "description": "password of the technical account, if not set by secret", "default": "" }
+{ "key": "database.secret", "description": "the secret with credentials (account, password) for the nscale technical account. This setting has priority over account and password", "default": "" }
+{ "key": "dbAdmin.account", "description": "the database admin account, if not set by secret", "default": "" }
+{ "key": "dbAdmin.password", "description": "the database admin password, if not set by secret", "default": "" }
+{ "key": "dbAdmin.secret", "description": "the secret with credentials (account, password) for the database admin account. This setting has priority over adminAccount and adminPassword", "default": "" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
+{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
+{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
+{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
+{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
+{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
+{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
+{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
+{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
+{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
+{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
+{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
+{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
+{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
+{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
+{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
+{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "priority", "description": "You can give a component a specific priorityClass to implement a quality of service. You can leave this empty, then no priority is set. If you set a class, this class is taken If you additionally enable create, the class is created for you with the value defined.", "default": "" }
+{ "key": "priority.className", "description": "Set the priority class for the Application Layer deployment if desired", "default": "" }
+{ "key": "priority.createClass", "description": "Creates an individual PriorityClass for this instance", "default": "" }
+{ "key": "priority.value", "description": "Sets the priorityValue", "default": "1000000" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
+{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
+{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
+{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
+{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+

ai/jsonl/chart_dmsapi.jsonl

@@ -0,0 +1,139 @@
+{ "chart_name": "eon-dms-api", "chart_version": "1.2.1500-169", "chart_description": "eon DMS-API provides a eon Standard Interface to the Instance" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
+{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
+{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
+{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the  instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
+{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
+{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
+{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
+{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
+{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
+{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
+{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
+{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
+{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
+{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
+{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
+{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
+{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
+{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "minReplicaCount", "description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
+{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
+{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
+{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
+{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
+{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
+{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
+{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
+{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
+{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
+{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
+{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
+{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
+{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
+{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
+{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
+{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
+{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
+{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
+{ "key": "nappl.host", "description": "nappl host name", "default": "" }
+{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
+{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
+{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
+{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
+{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "replicaCount", "description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.", "default": "" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
+{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
+{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
+{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
+{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "updateStrategy", "description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed.", "default": "" }
+

ai/jsonl/chart_envbackend.jsonl

@@ -0,0 +1,41 @@
+{ "chart_name": "nplus-environment-backend", "chart_version": "1.2.1500-169", "chart_description": "Installs Namespace-Wide Resources such as the conf PVC and the ptemp PVC" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "storage.conf.name", "description": "this is the name of the common config storage. please see section \"Storage\" for more information", "default": "" }
+{ "key": "storage.conf.size", "description": "this is the size of the common config storage. please see section \"Storage\" for more information", "default": "" }
+{ "key": "storage.conf.volumeName", "description": "you can set the volumeName to the value of a pre-existing volume to avoid having the PV created for you by the csi driver provisioner", "default": "" }
+{ "key": "storage.ptemp.name", "description": "this is the name of the common persistant temp storage. please see section \"Storage\" for more information", "default": "" }
+{ "key": "storage.ptemp.size", "description": "this is the size of the common ptemp storage. please see section \"Storage\" for more information", "default": "" }
+{ "key": "storage.ptemp.volumeName", "description": "you can set the volumeName to the value of a pre-existing volume to avoid having the PV created for you by the csi driver provisioner", "default": "" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+

ai/jsonl/chart_envdav.jsonl

@@ -0,0 +1,79 @@
+{ "chart_name": "nplus-environment-dav", "chart_version": "1.2.1500-169", "chart_description": "Provides WebDAV access to environment resources such as the conf PVC and the ptemp PVC" }
+{ "key": "account", "description": "the dav user", "default": "" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
+{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
+{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
+{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the  instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
+{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
+{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
+{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
+{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
+{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
+{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
+{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
+{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
+{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "password", "description": "password of the dav user", "default": "" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "secret", "description": "Alternatively, define a secret", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
+{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
+{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
+{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
+{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+

ai/jsonl/chart_environment.jsonl

@@ -0,0 +1,13 @@
+{ "chart_name": "nplus-environment", "chart_version": "1.2.1500-169", "chart_description": "Installs Namespace-Wide Resources such as the conf PVC, the toolbox and the nplus monitoring service" }
+{ "key": "components.dav", "description": "Enables WebDAV access to conf and ptemp", "default": "" }
+{ "key": "components.prepper", "description": "enables an optional prepper that you can use to deploy fonts, scripts etc. during environment setup", "default": "" }
+{ "key": "components.toolbox", "description": "enables the toolbox", "default": "" }
+{ "key": "environmentNameOverride", "description": "If you want to override the name of the Environment for display purposes, do it here.", "default": "" }
+{ "key": "global.environment.storage.conf.name", "description": "this is the name of the common config storage. please see section \"Storage\" for more information", "default": "" }
+{ "key": "global.environment.storage.conf.size", "description": "this is the size of the common config storage. please see section \"Storage\" for more information", "default": "" }
+{ "key": "global.environment.storage.conf.volumeName", "description": "you can set the volumeName to the value of a pre-existing volume to avoid having the PV created for you by the csi driver provisioner", "default": "" }
+{ "key": "global.environment.storage.ptemp.name", "description": "this is the name of the common persistant temp storage. please see section \"Storage\" for more information", "default": "" }
+{ "key": "global.environment.storage.ptemp.size", "description": "this is the size of the common ptemp storage. please see section \"Storage\" for more information", "default": "" }
+{ "key": "global.environment.storage.ptemp.volumeName", "description": "you can set the volumeName to the value of a pre-existing volume to avoid having the PV created for you by the csi driver provisioner", "default": "" }
+{ "key": "global.meta.isEnvironment", "description": "specifies that this is deployment is part of an Environment. Used to determine the correct  name of the deployment @internal -- Do not change", "default": "" }
+

ai/jsonl/chart_envoperator.jsonl

@@ -0,0 +1,74 @@
+{ "chart_name": "nplus-environment-operator", "chart_version": "1.2.1500-169", "chart_description": "Installs the nplus operator managin the custom resource definitions for nplus and nscale" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
+{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
+{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
+{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the  instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
+{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
+{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
+{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
+{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
+{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
+{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
+{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
+{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
+{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
+{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
+{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "ui", "description": "Enables the web ui, default under /monitoring", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+

ai/jsonl/chart_envtoolbox.jsonl

@@ -0,0 +1,58 @@
+{ "chart_name": "nplus-environment-toolbox", "chart_version": "1.2.1500-169", "chart_description": "Installs the environment toolbox with git and nstore downloader installed, also serving as target for pool copy actions in the pipeline" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "nstoreDownloader.enabled", "description": "enables the nstore downloader", "default": "" }
+{ "key": "nstoreDownloader.nstore", "description": "set the nstore URL", "default": "`https://nstore.ceyoniq.com...`" }
+{ "key": "nstoreDownloader.target", "description": "target directory in the conf pv", "default": "" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+

ai/jsonl/chart_erpcmis.jsonl

@@ -0,0 +1,157 @@
+{ "chart_name": "nplus-component-erpcmis", "chart_version": "1.2.1500-169", "chart_description": "nscale ERP CMIS, providing SAP S/4 HANA Public Cloud Archive Access" }
+{ "key": "alien.doAppend", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
+{ "key": "alien.port", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
+{ "key": "alien.server", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
+{ "key": "alien.ssl", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
+{ "key": "alien.url", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
+{ "key": "alien.useSign", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
+{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
+{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
+{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the  instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
+{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
+{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
+{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
+{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
+{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
+{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
+{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
+{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
+{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
+{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
+{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
+{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
+{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
+{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
+{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "migration.checkDocuments", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
+{ "key": "migration.checkIgnoreTime", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
+{ "key": "migration.delay", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
+{ "key": "migration.doListMigration", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
+{ "key": "migration.enabled", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
+{ "key": "migration.fileDelimiter", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
+{ "key": "migration.viaFileSystem", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
+{ "key": "minReplicaCount", "description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
+{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
+{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
+{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
+{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
+{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
+{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
+{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
+{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
+{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
+{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
+{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
+{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
+{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
+{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
+{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
+{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
+{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
+{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
+{ "key": "nappl.host", "description": "nappl host name", "default": "" }
+{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
+{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
+{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
+{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
+{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "replicaCount", "description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.", "default": "" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
+{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
+{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
+{ "key": "sign.authID", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
+{ "key": "sign.keyAlias", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
+{ "key": "sign.keyPassword", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
+{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
+{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "updateStrategy", "description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed.", "default": "" }
+{ "key": "xsap.useSign", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
+

ai/jsonl/chart_erpproxy.jsonl

@@ -0,0 +1,158 @@
+{ "chart_name": "nplus-component-erpproxy", "chart_version": "1.2.1500-169", "chart_description": "nscale ERP Proxy, providing SAP Archive Link access to alien Archive Components" }
+{ "key": "alien.doAppend", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
+{ "key": "alien.port", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
+{ "key": "alien.server", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
+{ "key": "alien.ssl", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
+{ "key": "alien.url", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
+{ "key": "alien.useSign", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
+{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
+{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
+{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the  instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
+{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
+{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
+{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
+{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
+{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
+{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
+{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
+{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
+{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
+{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
+{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
+{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
+{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
+{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
+{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "migration.checkDocuments", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
+{ "key": "migration.checkIgnoreTime", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
+{ "key": "migration.delay", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
+{ "key": "migration.doListMigration", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
+{ "key": "migration.enabled", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
+{ "key": "migration.fileDelimiter", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
+{ "key": "migration.viaFileSystem", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
+{ "key": "minReplicaCount", "description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
+{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
+{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
+{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
+{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
+{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
+{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
+{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
+{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
+{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
+{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
+{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
+{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
+{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
+{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
+{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
+{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
+{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
+{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
+{ "key": "nappl.host", "description": "nappl host name", "default": "" }
+{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
+{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
+{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
+{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
+{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "replicaCount", "description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.", "default": "" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
+{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
+{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
+{ "key": "sign.authID", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
+{ "key": "sign.keyAlias", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
+{ "key": "sign.keyPassword", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
+{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
+{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "updateStrategy", "description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed.", "default": "" }
+{ "key": "xsap.url", "description": "xsap url to use.", "default": "" }
+{ "key": "xsap.useSign", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
+

ai/jsonl/chart_ilm.jsonl

@@ -0,0 +1,140 @@
+{ "chart_name": "nplus-component-ilm", "chart_version": "1.2.1500-169", "chart_description": "nscale ILM Connector, providing a certified SAP ILM interface" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
+{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
+{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
+{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the  instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
+{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
+{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
+{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
+{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
+{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
+{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
+{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
+{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
+{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
+{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
+{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
+{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
+{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
+{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
+{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "minReplicaCount", "description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
+{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
+{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
+{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
+{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
+{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
+{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
+{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
+{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
+{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
+{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
+{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
+{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
+{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
+{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
+{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
+{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
+{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
+{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
+{ "key": "nappl.host", "description": "nappl host name", "default": "" }
+{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
+{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
+{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
+{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
+{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "replicaCount", "description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.", "default": "" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
+{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
+{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
+{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
+{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "updateStrategy", "description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed.", "default": "" }
+

ai/jsonl/chart_instance-argo.jsonl

@@ -0,0 +1,11 @@
+{ "chart_name": "nplus-instance-argo", "chart_version": "1.2.1500-169", "chart_description": "nplus Instance ArgoCD Edition, supporting the deployment of npus Instances through ArgoCD" }
+{ "key": "argocd.chart", "description": "The name of the chart to use for the instance", "default": "" }
+{ "key": "argocd.destinationNamespace", "description": "ArgoCD can deploy to any Namespace on the destination Server. You have to specify it. Default is the release namespace", "default": "" }
+{ "key": "argocd.destinationServer", "description": "ArgoCD can also remote deploy Applications to alien clusters. The server specifies the API Endpoint of the Cluster, where the Application should be deployed", "default": "" }
+{ "key": "argocd.namespace", "description": "The ArgoCD Namespace within the cluster. The ArgoCD Application will be deployed to this namespace You will need write privileges for this namespace", "default": "" }
+{ "key": "argocd.project", "description": "ArgoCD organizes Applications in Projects. This is the name of the project, the application should be deployed to", "default": "" }
+{ "key": "argocd.prune", "description": "Toggle pruning for this Application", "default": "" }
+{ "key": "argocd.repo", "description": "Specifiy the helm repo, from which ArgoCD should load the chart. Please make sure ArgoCD gets access rights to this repo", "default": "" }
+{ "key": "argocd.selfHeal", "description": "Toggle self healing feature for this Application", "default": "" }
+{ "key": "global.meta.isArgo", "description": "specifies that this is an Argo Installation. Used to determine the correct handler in the chart @internal -- Do not change", "default": "" }
+

ai/jsonl/chart_instance.jsonl

@@ -0,0 +1,262 @@
+{ "chart_name": "nplus-instance", "chart_version": "1.2.1500-169", "chart_description": "nplus Instance, an umbrella chart for orchestrating the components in a nplus Instance" }
+{ "key": "administrator.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "administrator.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "administrator.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "administrator.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "administrator.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "administrator.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
+{ "key": "application.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "application.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "application.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "application.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "application.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "application.nstl.host", "description": "sets the dns of the *nscale Server Storage Layer*, that should be configured", "default": "" }
+{ "key": "application.rs.host", "description": "sets the dns of the *nscale Rendition Server*, that should be configured", "default": "" }
+{ "key": "application.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
+{ "key": "backend.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "cmis.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "cmis.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "cmis.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "cmis.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "cmis.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "cmis.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
+{ "key": "components.administrator", "description": "enable a *nscale Administrator Web* component in this instance", "default": "" }
+{ "key": "components.application", "description": "deploy any solution using GBA, Standard Apps or shell copy with this generic deployment chart", "default": "" }
+{ "key": "components.cmis", "description": "enable a *nscale CMIS Connector* component in this instance", "default": "" }
+{ "key": "components.database", "description": "enable an internal *Postgres Database* in this instance", "default": "" }
+{ "key": "components.erpcmis", "description": "enable a *nscale ERP CMIS Connector* component in this instance", "default": "" }
+{ "key": "components.erpproxy", "description": "enable a *nscale ERP Proxy Connector* component in this instance", "default": "" }
+{ "key": "components.ilm", "description": "enable a *nscale ILM Connector* component in this instance", "default": "" }
+{ "key": "components.mon", "description": "enable a *nscale Monitoring Console* component in this instance", "default": "" }
+{ "key": "components.nappl", "description": "enable a consumer *nscale Application Layer* component in this instance", "default": "" }
+{ "key": "components.nappljobs", "description": "enable a dedicated jobs *nscale Application Layer* component in this instance please also make sure to set the *jobs* setting", "default": "" }
+{ "key": "components.nstl", "description": "enable a *nscale Server Storage Layer* component in this instance If you are in a **High Availability** scenario, disable this", "default": "" }
+{ "key": "components.nstla", "description": "enable an additional *nscale Server Storage Layer* node in this instance within a **High Availability** scenario.", "default": "" }
+{ "key": "components.nstlb", "description": "enable an additional *nscale Server Storage Layer* node in this instance within a **High Availability** scenario.", "default": "" }
+{ "key": "components.nstlc", "description": "enable an additional *nscale Server Storage Layer* node in this instance within a **High Availability** scenario.", "default": "" }
+{ "key": "components.nstld", "description": "enable an additional *nscale Server Storage Layer* node in this instance within a **High Availability** scenario.", "default": "" }
+{ "key": "components.pam", "description": "enable a *nscale Process Automation Modeler* component in this instance", "default": "" }
+{ "key": "components.pipeliner", "description": "enable *nscale Pipeliner* component in this instance", "default": "" }
+{ "key": "components.prepper", "description": "download, deploy and run any git asset or script prior to installation of the components", "default": "" }
+{ "key": "components.rms", "description": "enable a *nplus Remote Management Server* component in this instance If you are in a **High Availability** scenario, disable this", "default": "" }
+{ "key": "components.rmsa", "description": "enable an additional *nplus Remote Management Server* in this instance within a **High Availability** scenario.", "default": "" }
+{ "key": "components.rmsb", "description": "enable an additional *nplus Remote Management Server* in this instance within a **High Availability** scenario.", "default": "" }
+{ "key": "components.rs", "description": "enable a *nscale Rendition Server* component in this instance", "default": "" }
+{ "key": "components.sharepoint", "description": "enable a *nscale Sharepoint Connector* component in this instance", "default": "" }
+{ "key": "components.sharepointa", "description": "enable an additional *nscale Sharepoint Connector* component in this instance for another set of configuration parameters", "default": "" }
+{ "key": "components.sharepointb", "description": "enable an additional *nscale Sharepoint Connector* component in this instance for another set of configuration parameters", "default": "" }
+{ "key": "components.sharepointc", "description": "enable an additional *nscale Sharepoint Connector* component in this instance for another set of configuration parameters", "default": "" }
+{ "key": "components.sharepointd", "description": "enable an additional *nscale Sharepoint Connector* component in this instance for another set of configuration parameters", "default": "" }
+{ "key": "components.sim", "description": "This section is for the single-instance-mode in which all environement components are integrated into the instance", "default": "" }
+{ "key": "components.sim.backend", "description": "This is for *Single-Instance-Mode* **only**. Read the docu before enabling this. the backend components holds the common storages / PVCs for conf and ptemp umong other common environmental resources", "default": "" }
+{ "key": "components.sim.dav", "description": "This is for *Single-Instance-Mode* **only**. Read the docu before enabling this. DAV gives you WebDAV access to your conf and ptemp volumes", "default": "" }
+{ "key": "components.sim.operator", "description": "This is for *Single-Instance-Mode* **only**. Read the docu before enabling this. The Operator will let you query the Custom Resources for nscale, e.g. `kubectl get nscale`", "default": "" }
+{ "key": "components.sim.toolbox", "description": "This is for *Single-Instance-Mode* **only**. Read the docu before enabling this. the toolbox has a git client installed and is suitable for pulling, pushing, copying  stuff into the pool, fonts, certificates, snippets and configuration files", "default": "" }
+{ "key": "components.web", "description": "enable a *nscale Web* component in this instance", "default": "" }
+{ "key": "components.webdav", "description": "enable a *nscale WebDAV Connector* component in this instance", "default": "" }
+{ "key": "database", "description": "For the Database, we use a postgres 16 Ceyoniq uses docker.io/bitnami/postgresql:16", "default": "" }
+{ "key": "database.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "database.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "database.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "database.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "database.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "dmsapi.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "dmsapi.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
+{ "key": "erpcmis.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "erpcmis.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "erpcmis.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "erpcmis.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "erpcmis.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "erpcmis.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
+{ "key": "erpproxy.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "erpproxy.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "erpproxy.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "erpproxy.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "erpproxy.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "erpproxy.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
+{ "key": "global.database.account", "description": "DB account (if not using a secret)", "default": "" }
+{ "key": "global.database.dialect", "description": "nscale DB server dialect", "default": "" }
+{ "key": "global.database.driverclass", "description": "nscale DB server driverclass", "default": "" }
+{ "key": "global.database.name", "description": "name of the nscale DB", "default": "" }
+{ "key": "global.database.password", "description": "DB password (if not using a secret)", "default": "" }
+{ "key": "global.database.passwordEncoded", "description": "weather the password is stored encrypted", "default": "" }
+{ "key": "global.database.schema", "description": "DB schema name", "default": "" }
+{ "key": "global.database.secret", "description": "DB credential secret (account, password)", "default": "" }
+{ "key": "global.database.url", "description": "The URL to the database", "default": "" }
+{ "key": "global.ingress.appRoot", "description": "Sets the root for this instance, where incoming root traffic should be redirected to", "default": "" }
+{ "key": "global.ingress.class", "description": "sets the global ingressclass for all components to use - if they do not define a specific one, for example if there are separate controllers for internal and external traffic", "default": "`public``" }
+{ "key": "global.ingress.createSelfSignedCertificate", "description": "if you do not define an issuer to generate the tls secret for you, you still can have a self signed certificate generated for you, if you set this to true. The default is true, so either you have an issuer or not, you will always end up with a certificate. Set an empty issuer and createSelfSignedCertificate to false to have no certificate generated and use an external or existing secret. Then make sure the secret matches.", "default": "" }
+{ "key": "global.ingress.domain", "description": "Sets the global domain within the instance to be used, if the component does not define any domain. If this remains empty, no ingress is generated Example: `{{ .instance.group }}.lab.nplus.cloud`", "default": "" }
+{ "key": "global.ingress.issuer", "description": "Sets the name of the issuer to create the tls secret. Very common is to have it created by  cert-manager. Please see the documentation how to create a cert-manager cluster issuer for example. If no issuer is set, no certificate request will be generated", "default": "" }
+{ "key": "global.ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "`ingress, kube-system, ingress-nginx`" }
+{ "key": "global.ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. This secret is then either generated by cert-manager or self signed by helm - or not created", "default": "`{{ .this.ingress.domain }}-tls`" }
+{ "key": "global.ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
+{ "key": "global.instance.group", "description": "The group of the instance. This is used for the networkPolicies. Only Pods within one group are allowed to communicate if you enable the nplus Network Policies. By default, this is set the same as the instance name", "default": "" }
+{ "key": "global.instance.name", "description": "The name of the instance. Should this name be identical to the namespace name, then  the prefix will be dropped. By default, this is the .Release.Name", "default": "" }
+{ "key": "global.license", "description": "Globally set the license secret name", "default": "" }
+{ "key": "global.logForwarderImage.name", "description": "defines the nplus toolbox name to be used for the *wait* feature", "default": "" }
+{ "key": "global.logForwarderImage.pullPolicy", "description": "defines the nplus toolbox pull policy to be used for the *wait* feature", "default": "" }
+{ "key": "global.logForwarderImage.repo", "description": "defines the nplus toolbox image to be used for the *wait* feature", "default": "" }
+{ "key": "global.logForwarderImage.tag", "description": "defines the tag for the logforwarder (FluentBit) @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "global.meta.nscaleVersion", "description": "Sets the nscale version of this deployment / instance. This is used by the operator to display the correct version e.g. in the Web UI. @internal -- this is set by the devOps pipeline, so do not modify", "default": "" }
+{ "key": "global.nappl.account", "description": "The technical account to login with", "default": "" }
+{ "key": "global.nappl.domain", "description": "The domain of the technical account", "default": "" }
+{ "key": "global.nappl.host", "description": "sets the *nscale Server Application Layer* host to be used. As this is a global option, it can be overridden at component level.", "default": "" }
+{ "key": "global.nappl.instance", "description": "the instance of *nscale Server Application Layer* to be used @internal -- As this is depricated for nscale 10, you should never modify this.", "default": "" }
+{ "key": "global.nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
+{ "key": "global.nappl.port", "description": "sets the *nscale Server Application Layer* port to be used. As this is a global option, it can be overridden at component level. if you switch to zero trus mode or change the nappl backend to https, you want to modify this port to 8443", "default": "" }
+{ "key": "global.nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
+{ "key": "global.nappl.ssl", "description": "wether to use ssl or not for the advanced connector", "default": "" }
+{ "key": "global.security.cni.administratorInstance", "description": "sets the instance, from which Administration is allowed", "default": "" }
+{ "key": "global.security.cni.administratorNamespace", "description": "sets the namespace, from which Administration is allowed", "default": "" }
+{ "key": "global.security.cni.createNetworkPolicy", "description": "creates NetworkPolicies for each  component.", "default": "" }
+{ "key": "global.security.cni.defaultEgressPolicy", "description": "if defined, creates a default NetworkPolicy to handle  egress Traffic from the instance. Possible Values: deny, allow, none", "default": "" }
+{ "key": "global.security.cni.defaultIngressPolicy", "description": "if defined, creates a default NetworkPolicy to handle  ingress Traffic to the instance. Possible Values: deny, allow, none", "default": "" }
+{ "key": "global.security.cni.monitoringInstance", "description": "sets the instance, from which Monitoring is allowed", "default": "" }
+{ "key": "global.security.cni.monitoringNamespace", "description": "sets the namespace, from which Monitoring is allowed", "default": "" }
+{ "key": "global.security.cni.pamInstance", "description": "sets the instance, from which Process Automation Modeling is allowed", "default": "" }
+{ "key": "global.security.cni.pamNamespace", "description": "sets the namespace, from which Process Automation Modeling is allowed", "default": "" }
+{ "key": "global.security.zeroTrust", "description": "enables zero trust on the instance. When enabled, no unencrypted http connection is allowed. This will remove all http ports from pods, services, network policies and ingress rules", "default": "" }
+{ "key": "global.telemetry.openTelemetry", "description": "if you use a OpenTelemetry as a telemetry collector, you can enable it here. This will add the annotations to some known pods for the injector to use agents inside the pods for telemetry collection.  This often goes along with the `language` setting in the meta section to tell the  telemetry collector which agent to inject.", "default": "" }
+{ "key": "global.waitImage.name", "description": "defines the nplus toolbox name to be used for the *wait* feature", "default": "" }
+{ "key": "global.waitImage.pullPolicy", "description": "defines the nplus toolbox pull policy to be used for the *wait* feature", "default": "" }
+{ "key": "global.waitImage.repo", "description": "defines the nplus toolbox image to be used for the *wait* feature", "default": "" }
+{ "key": "global.waitImage.tag", "description": "defines the nplus toolbox tag to be used for the *wait* feature @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "ilm.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "ilm.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "ilm.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "ilm.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "ilm.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "ilm.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "mon.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "mon.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "mon.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "mon.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "mon.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "nappl.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nappl.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "nappl.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nappl.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nappl.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "nappl.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
+{ "key": "nappljobs.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nappljobs.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "nappljobs.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nappljobs.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nappljobs.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "nstl.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nstl.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "nstl.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nstl.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nstl.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "nstla.clusterService.enabled", "description": "When using multiple nstl Instances with different configurations, you still might want to use a cluster service for HA access This will generate one for you.", "default": "" }
+{ "key": "nstla.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nstla.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "nstla.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nstla.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nstla.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "nstlb.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nstlb.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "nstlb.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nstlb.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nstlb.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "nstlc.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nstlc.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "nstlc.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nstlc.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nstlc.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "nstld.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nstld.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "nstld.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nstld.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "nstld.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "pam.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "pam.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "pam.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "pam.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "pam.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "pam.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
+{ "key": "pipeliner.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "pipeliner.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "pipeliner.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "pipeliner.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "pipeliner.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "pipeliner.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
+{ "key": "prepper.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "prepper.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "prepper.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "prepper.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "prepper.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "rms", "description": "rms is not a Ceyoniq component, but a part of nplus", "default": "" }
+{ "key": "rms.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "rms.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "rms.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "rms.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "rms.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "rmsa.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "rmsa.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "rmsa.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "rmsa.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "rmsa.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "rmsb.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "rmsb.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "rmsb.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "rmsb.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "rmsb.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "rs.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "rs.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "rs.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "rs.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "rs.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "sharepoint", "description": "For SharePoint Connector, there is no entry in Github yet, so we set it hardcoded TODO: 9.3: Test again later, if there is a valid github entry.", "default": "" }
+{ "key": "sharepoint.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "sharepoint.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "sharepoint.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "sharepoint.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "sharepoint.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "sharepoint.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
+{ "key": "sharepointa.clusterService.contextPath", "description": "Set the context Path for the cluster Ingress. Make sure also the members are listening to this path", "default": "" }
+{ "key": "sharepointa.clusterService.enabled", "description": "When using multiple SharePoint Connectors with different configurations, you still might want to use a retrieval cluster for HA so you can enable the clusterService and define the context path.", "default": "" }
+{ "key": "sharepointa.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "sharepointa.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "sharepointa.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "sharepointa.ingress.contextPath", "description": "Defines the context path of this sharepoint instance, in case you might have multiple instances. We do not want them to consume the same ingress path, because it would block the ingress from being created.", "default": "" }
+{ "key": "sharepointa.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "sharepointa.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "sharepointa.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
+{ "key": "sharepointb.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "sharepointb.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "sharepointb.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "sharepointb.ingress.contextPath", "description": "Defines the context path of this sharepoint instance, in case you might have multiple instances. We do not want them to consume the same ingress path, because it would block the ingress from being created.", "default": "" }
+{ "key": "sharepointb.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "sharepointb.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "sharepointb.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
+{ "key": "sharepointc.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "sharepointc.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "sharepointc.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "sharepointc.ingress.contextPath", "description": "Defines the context path of this sharepoint instance, in case you might have multiple instances. We do not want them to consume the same ingress path, because it would block the ingress from being created.", "default": "" }
+{ "key": "sharepointc.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "sharepointc.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "sharepointc.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
+{ "key": "sharepointd.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "sharepointd.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "sharepointd.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "sharepointd.ingress.contextPath", "description": "Defines the context path of this sharepoint instance, in case you might have multiple instances. We do not want them to consume the same ingress path, because it would block the ingress from being created.", "default": "" }
+{ "key": "sharepointd.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "sharepointd.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "sharepointd.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
+{ "key": "web.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "web.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "web.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "web.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "web.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "web.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
+{ "key": "webdav.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "webdav.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
+{ "key": "webdav.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "webdav.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "webdav.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed.  This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
+{ "key": "webdav.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
+

ai/jsonl/chart_mon.jsonl

@@ -0,0 +1,130 @@
+{ "chart_name": "nplus-component-mon", "chart_version": "1.2.1500-169", "chart_description": "nscale Monitoring Console, used to provide sensor information from all components to dashboards" }
+{ "key": "activateRmi", "description": "Activates the RMI Interface. Due to security concern, this defaults to `false`", "default": "" }
+{ "key": "activateSsl", "description": "Activates SSL / TLS communication", "default": "" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
+{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
+{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
+{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the  instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
+{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
+{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
+{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
+{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
+{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
+{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
+{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
+{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
+{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
+{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
+{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
+{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
+{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
+{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
+{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
+{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
+{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
+{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
+{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
+{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
+{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
+{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
+{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
+{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
+{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
+{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
+{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
+{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
+{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
+{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
+{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
+{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
+{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
+{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
+{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed.", "default": "" }
+

ai/jsonl/chart_nappl.jsonl

@@ -0,0 +1,155 @@
+{ "chart_name": "nplus-component-nappl", "chart_version": "1.2.1500-169", "chart_description": "nscale Server Application Layer, the central component in the nscale ecosystem" }
+{ "key": "database", "description": "If you define the database in your values, this DB settings are taken. If you leave this empty, the settings from the config file are used.", "default": "" }
+{ "key": "database.account", "description": "alternative 1: the account name of the technical DB user for nscale", "default": "" }
+{ "key": "database.dialect", "description": "the database dialect to use", "default": "" }
+{ "key": "database.driverclass", "description": "the driver class to use", "default": "" }
+{ "key": "database.name", "description": "the name of the database to use", "default": "" }
+{ "key": "database.password", "description": "alternative 1: the password of the technical DB user for nscale", "default": "" }
+{ "key": "database.passwordEncoded", "description": "weather the DB password is stored encrypted", "default": "" }
+{ "key": "database.schema", "description": "the database schema to use", "default": "" }
+{ "key": "database.secret", "description": "alternative 2: use a secret for the account and password", "default": "" }
+{ "key": "database.url", "description": "the DB URL", "default": "" }
+{ "key": "disableSessionReplication", "description": "enables/disables the session replication for these cluster members.", "default": "" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
+{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
+{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
+{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the  instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
+{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
+{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
+{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
+{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
+{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
+{ "key": "ingress.includeDefaultPaths", "description": "toggles default paths like index.html, res and engine.properties", "default": "" }
+{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
+{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
+{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
+{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
+{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
+{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
+{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
+{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
+{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
+{ "key": "jobs", "description": "enables/disables the job affinity / priority for these cluster members", "default": "" }
+{ "key": "kubePing", "description": "sets the serviceAccount for NAPPL. Up to 9.1.1100, this was needed for  the cluster communication (kubePing). Starting 9.1.1201, this is not the case any more If it is left empty, also the automountServiceAccountToken is disabled. If you set Values, they are ignored in Versions > 9.1.1200", "default": "" }
+{ "key": "kubePing.create", "description": "Creates the ServiceAccount (only if Version < 9.1.1200) Later Versions use a Cluster Service and resolve the IP Adresses from the EndpointSlices", "default": "" }
+{ "key": "kubePing.name", "description": "Set the ServiceAccount Name for the kubePing Protocol", "default": "" }
+{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "minReplicaCount", "description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
+{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
+{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
+{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
+{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
+{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
+{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
+{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
+{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
+{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
+{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
+{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
+{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
+{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
+{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
+{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
+{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "priority", "description": "You can give a component a specific priorityClass to implement a quality of service. You can leave this empty, then no priority is set. If you set a class, this class is taken If you additionally enable create, the class is created for you with the value defined.", "default": "" }
+{ "key": "priority.className", "description": "Set the priority class for the Application Layer deployment if desired", "default": "" }
+{ "key": "priority.createClass", "description": "Creates an individual PriorityClass for this instance", "default": "" }
+{ "key": "priority.value", "description": "Sets the priorityValue", "default": "1000000" }
+{ "key": "replicaCount", "description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.", "default": "" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.cni.dbIpRange", "description": "defines the IP Range of out-of-cluster DB Servers, that the nappl is allowed to communicate with.", "default": "" }
+{ "key": "security.cni.sapIpRange", "description": "defines the IP Range of out-of-cluster SAP Servers, that the nappl is allowed to communicate with.", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
+{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
+{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
+{ "key": "sessionCacheStorageType", "description": "Sets the Session Cache Storage Type to HEAP or OFF_HEAP", "default": "" }
+{ "key": "snc.enabled", "description": "Enables the NAPPL SNC to access SAP Systems. Since nscale 8, the configuration is done in the Administration Client.", "default": "" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
+{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
+{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "updateStrategy", "description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed.", "default": "" }
+

ai/jsonl/chart_nstl.jsonl

@@ -0,0 +1,111 @@
+{ "chart_name": "nplus-component-nstl", "chart_version": "1.2.1500-169", "chart_description": "nscale Server Storage Layer, virtualizing the storage to be used by the nscale Server" }
+{ "key": "accounting", "description": "sets and enables / disables the accounting function. If enabled, it writes the csv files to *ptemp* (`<instance>/<component>/accounting`) The internal path is set to `/opt/ceyoniq/nscale-server/storage-layer/accounting` by `mounts.ptemp.paths`", "default": "" }
+{ "key": "checkHighestDocId", "description": "enables checking the highest DocID when starting the server. this only makes sense, if you also set a separate volume for the highest ID This is a backup / restore feature to avoid data mangling", "default": "" }
+{ "key": "dvCheckPath", "description": "sets the path of the highest ID file.", "default": "" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
+{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
+{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
+{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
+{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
+{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
+{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
+{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
+{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
+{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
+{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
+{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
+{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
+{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
+{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
+{ "key": "mounts.logs.medium", "description": "the medium for the emptyDisk volume if you unset it, it drops it from the manifest", "default": "" }
+{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
+{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.cni.nstlIpRange", "description": "You might want to access storage layer outside the cluster (proxy concept) To do so, you can add a specific IP Range here, which is set within the  network policy.", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
+{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
+{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
+{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
+{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+

ai/jsonl/chart_pam.jsonl

@@ -0,0 +1,137 @@
+{ "chart_name": "nplus-component-pam", "chart_version": "1.2.1500-169", "chart_description": "nscale Process Automation Modeler, providing Web UI Modeler for PAP" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
+{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
+{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
+{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the  instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
+{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
+{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
+{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
+{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
+{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
+{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
+{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
+{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
+{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
+{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
+{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
+{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
+{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
+{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
+{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
+{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
+{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
+{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
+{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
+{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
+{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
+{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
+{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
+{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
+{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
+{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
+{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
+{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
+{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
+{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
+{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
+{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
+{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
+{ "key": "nappl.host", "description": "nappl host name", "default": "" }
+{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
+{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
+{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
+{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
+{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
+{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
+{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
+{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
+{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed.", "default": "" }
+

ai/jsonl/chart_pipeliner.jsonl

@@ -0,0 +1,130 @@
+{ "chart_name": "nplus-component-pipeliner", "chart_version": "1.2.1500-169", "chart_description": "nscale Pipeliner, the mass import / export tool of nscale" }
+{ "key": "dav.account", "description": "the dav user", "default": "" }
+{ "key": "dav.image", "description": "the Image to use for the DAV server", "default": "" }
+{ "key": "dav.image.pullPolicy", "description": "the DAV server image pull policy", "default": "" }
+{ "key": "dav.password", "description": "password of the dav user", "default": "" }
+{ "key": "dav.secret", "description": "Alternatively, define a secret", "default": "" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
+{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
+{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
+{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the  instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
+{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
+{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
+{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
+{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
+{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
+{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
+{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
+{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
+{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
+{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
+{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
+{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
+{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
+{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
+{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.defaultConfig", "description": "Sets a configMap with default configuration files that get copied to a new and empty container just before the template folder gets copied. Existing files are not overwritten.", "default": "" }
+{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
+{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
+{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
+{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
+{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
+{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
+{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
+{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
+{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
+{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
+{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
+{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "replicaCount", "description": "Default ReplicaCount is 0 as the pipeliner requires a working cold.xml", "default": "" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
+{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
+{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
+{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
+{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed.", "default": "" }
+

ai/jsonl/chart_prepper.jsonl

@@ -0,0 +1,115 @@
+{ "chart_name": "nplus-prepper", "chart_version": "1.2.1500-169", "chart_description": "nplus Prepper, used to deploy assets prior to component deployment" }
+{ "key": "download", "description": "A list of URLs (Links) to Assets to download before anything else if the download is a .tar.gz, it is automatically untared to /pool/downloads", "default": "" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
+{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
+{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
+{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
+{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
+{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
+{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
+{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
+{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
+{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
+{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
+{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
+{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
+{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
+{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
+{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
+{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
+{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
+{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
+{ "key": "nappl.host", "description": "nappl host name", "default": "" }
+{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
+{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
+{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
+{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
+{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "nstl.host", "description": "The dns of the *nscale Server Storage Layer*. This is used to add it to the nappl configuration", "default": "" }
+{ "key": "prerun", "description": "A list of scripts to run before the deployment of Apps", "default": "" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "rs.host", "description": "The dns of the *nscale rendition Server*. This is used to add it to the nappl configuration", "default": "" }
+{ "key": "run", "description": "A list of scripts to run after the deployment of Apps", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed.", "default": "" }
+

ai/jsonl/chart_rms.jsonl

@@ -0,0 +1,171 @@
+{ "chart_name": "nplus-component-rms", "chart_version": "1.2.1500-169", "chart_description": "nplus Remote Management Server incl. RMS and Access Proxy" }
+{ "key": "comps.cmis.displayName", "description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change", "default": "" }
+{ "key": "comps.cmis.enabled", "description": "Toggles if this component should be available through RMS", "default": "" }
+{ "key": "comps.cmis.host", "description": "The host, where this component runs", "default": "" }
+{ "key": "comps.cmis.name", "description": "The internal name of the component @internal -- do not change", "default": "" }
+{ "key": "comps.cmis.ports", "description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change", "default": "" }
+{ "key": "comps.cmis.ports.http", "description": "proxied port @internal -- do not change", "default": "" }
+{ "key": "comps.cmis.ports.https", "description": "proxied port @internal -- do not change", "default": "" }
+{ "key": "comps.cmis.replicaSetType", "description": "The type of the replicaSet - important for the kubectl command @internal -- do not change", "default": "" }
+{ "key": "comps.cmis.restartReplicas", "description": "The amount of replicas to set when starting through the *nscale Administrator* client", "default": "" }
+{ "key": "comps.ilm.displayName", "description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change", "default": "" }
+{ "key": "comps.ilm.enabled", "description": "Toggles if this component should be available through RMS", "default": "" }
+{ "key": "comps.ilm.host", "description": "The host, where this component runs", "default": "" }
+{ "key": "comps.ilm.name", "description": "The internal name of the component @internal -- do not change", "default": "" }
+{ "key": "comps.ilm.ports", "description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change", "default": "" }
+{ "key": "comps.ilm.ports.http", "description": "proxied port @internal -- do not change", "default": "" }
+{ "key": "comps.ilm.ports.https", "description": "proxied port @internal -- do not change", "default": "" }
+{ "key": "comps.ilm.replicaSetType", "description": "The type of the replicaSet - important for the kubectl command @internal -- do not change", "default": "" }
+{ "key": "comps.ilm.restartReplicas", "description": "The amount of replicas to set when starting through the *nscale Administrator* client", "default": "" }
+{ "key": "comps.mon.displayName", "description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change", "default": "" }
+{ "key": "comps.mon.enabled", "description": "Toggles if this component should be available through RMS", "default": "" }
+{ "key": "comps.mon.host", "description": "The host, where this component runs", "default": "" }
+{ "key": "comps.mon.name", "description": "The internal name of the component @internal -- do not change", "default": "" }
+{ "key": "comps.mon.ports", "description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change", "default": "" }
+{ "key": "comps.mon.ports.http", "description": "proxied port @internal -- do not change", "default": "" }
+{ "key": "comps.mon.ports.https", "description": "proxied port @internal -- do not change", "default": "" }
+{ "key": "comps.mon.ports.tcp", "description": "proxied port @internal -- do not change", "default": "" }
+{ "key": "comps.mon.replicaSetType", "description": "The type of the replicaSet - important for the kubectl command @internal -- do not change", "default": "" }
+{ "key": "comps.mon.restartReplicas", "description": "The amount of replicas to set when starting through the *nscale Administrator* client", "default": "" }
+{ "key": "comps.nappl", "description": "Values for the nappl component", "default": "" }
+{ "key": "comps.nappl.displayName", "description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change", "default": "" }
+{ "key": "comps.nappl.enabled", "description": "Toggles if this component should be available through RMS", "default": "" }
+{ "key": "comps.nappl.host", "description": "The host, where this component runs", "default": "" }
+{ "key": "comps.nappl.name", "description": "The internal name of the component @internal -- do not change", "default": "" }
+{ "key": "comps.nappl.ports", "description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change", "default": "" }
+{ "key": "comps.nappl.ports.http", "description": "proxied port @internal -- do not change", "default": "" }
+{ "key": "comps.nappl.ports.https", "description": "proxied port @internal -- do not change", "default": "" }
+{ "key": "comps.nappl.replicaSetType", "description": "The type of the replicaSet - important for the kubectl command @internal -- do not change", "default": "" }
+{ "key": "comps.nappl.restartReplicas", "description": "The amount of replicas to set when starting through the *nscale Administrator* client", "default": "" }
+{ "key": "comps.nstl.displayName", "description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change", "default": "" }
+{ "key": "comps.nstl.enabled", "description": "Toggles if this component should be available through RMS", "default": "" }
+{ "key": "comps.nstl.host", "description": "The host, where this component runs", "default": "" }
+{ "key": "comps.nstl.name", "description": "The internal name of the component @internal -- do not change", "default": "" }
+{ "key": "comps.nstl.ports", "description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change", "default": "" }
+{ "key": "comps.nstl.ports.tcp", "description": "proxied port @internal -- do not change", "default": "" }
+{ "key": "comps.nstl.ports.tcps", "description": "proxied port @internal -- do not change", "default": "" }
+{ "key": "comps.nstl.replicaSetType", "description": "The type of the replicaSet - important for the kubectl command @internal -- do not change", "default": "" }
+{ "key": "comps.nstl.restartReplicas", "description": "The amount of replicas to set when starting through the *nscale Administrator* client", "default": "" }
+{ "key": "comps.pipeliner.displayName", "description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change", "default": "" }
+{ "key": "comps.pipeliner.enabled", "description": "Toggles if this component should be available through RMS", "default": "" }
+{ "key": "comps.pipeliner.host", "description": "The host, where this component runs", "default": "" }
+{ "key": "comps.pipeliner.name", "description": "The internal name of the component @internal -- do not change", "default": "" }
+{ "key": "comps.pipeliner.ports", "description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change", "default": "" }
+{ "key": "comps.pipeliner.ports.tcp", "description": "proxied port @internal -- do not change", "default": "" }
+{ "key": "comps.pipeliner.replicaSetType", "description": "The type of the replicaSet - important for the kubectl command @internal -- do not change", "default": "" }
+{ "key": "comps.pipeliner.restartReplicas", "description": "The amount of replicas to set when starting through the *nscale Administrator* client", "default": "" }
+{ "key": "comps.rs.displayName", "description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change", "default": "" }
+{ "key": "comps.rs.enabled", "description": "Toggles if this component should be available through RMS", "default": "" }
+{ "key": "comps.rs.host", "description": "The host, where this component runs", "default": "" }
+{ "key": "comps.rs.name", "description": "The internal name of the component @internal -- do not change", "default": "" }
+{ "key": "comps.rs.ports", "description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change", "default": "" }
+{ "key": "comps.rs.ports.http", "description": "proxied port @internal -- do not change", "default": "" }
+{ "key": "comps.rs.ports.https", "description": "proxied port @internal -- do not change", "default": "" }
+{ "key": "comps.rs.replicaSetType", "description": "The type of the replicaSet - important for the kubectl command @internal -- do not change", "default": "" }
+{ "key": "comps.rs.restartReplicas", "description": "The amount of replicas to set when starting through the *nscale Administrator* client", "default": "" }
+{ "key": "comps.web.displayName", "description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change", "default": "" }
+{ "key": "comps.web.enabled", "description": "Toggles if this component should be available through RMS", "default": "" }
+{ "key": "comps.web.host", "description": "The host, where this component runs", "default": "" }
+{ "key": "comps.web.name", "description": "The internal name of the component @internal -- do not change", "default": "" }
+{ "key": "comps.web.ports", "description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change", "default": "" }
+{ "key": "comps.web.ports.http", "description": "proxied port @internal -- do not change", "default": "" }
+{ "key": "comps.web.ports.https", "description": "proxied port @internal -- do not change", "default": "" }
+{ "key": "comps.web.replicaSetType", "description": "The type of the replicaSet - important for the kubectl command @internal -- do not change", "default": "" }
+{ "key": "comps.web.restartReplicas", "description": "The amount of replicas to set when starting through the *nscale Administrator* client", "default": "" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
+{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
+{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
+{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
+{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
+{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
+{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
+{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
+{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
+{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
+{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
+{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
+{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
+{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
+{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
+{ "key": "mounts.logs.medium", "description": "the medium for the emptyDisk volume if you unset it, it drops it from the manifest", "default": "" }
+{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
+{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.cni.adminIpRange", "description": "defines the IP Range of out-of-cluster Administrator Workplaces that are allowed to access the RMS Server.", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
+{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
+{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+

ai/jsonl/chart_rs.jsonl

@@ -0,0 +1,131 @@
+{ "chart_name": "nplus-component-rs", "chart_version": "1.2.1500-169", "chart_description": "nscale Rendition Server, providing means to format-convert common file types" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
+{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
+{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
+{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the  instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
+{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
+{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
+{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
+{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
+{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
+{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
+{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
+{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
+{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
+{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
+{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
+{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
+{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
+{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
+{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "minReplicaCount", "description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
+{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
+{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
+{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
+{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
+{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
+{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
+{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
+{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
+{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
+{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
+{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
+{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
+{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
+{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
+{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
+{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "replicaCount", "description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.", "default": "" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
+{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
+{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
+{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
+{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "updateStrategy", "description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed.", "default": "" }
+

ai/jsonl/chart_sharepoint.jsonl

@@ -0,0 +1,181 @@
+{ "chart_name": "nplus-component-sharepoint", "chart_version": "1.2.1500-169", "chart_description": "nscale SharePoint Connector, providing SP archiving to the Instance" }
+{ "key": "clusterService.contextPath", "description": "set the contextPath (url) for the SharePoint Cluster Service (for GET requests to a group of sharepoint instances)", "default": "" }
+{ "key": "connector.cTagPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "connector.eTagPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "connector.idPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "connector.listItemIdPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "connector.nscaleExpirationPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "connector.nscaleGdprRelevantPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "connector.nscaleLegalHidePropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "connector.nscaleLegalHoldPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "connector.nscaleRetentionPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "connector.parentIdPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "connector.sharePointChangeTokenPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "connector.sharePointCreatedPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "connector.sharePointCreatorPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "connector.sharePointEditedPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "connector.sharePointEditorPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "connector.stubIdPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "connector.stubListItemIdPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "connector.webUrlPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "doInitialCrawl", "description": "toggle initial crawling. This value is mandatory.", "default": "" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
+{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
+{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
+{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the  instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
+{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
+{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
+{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
+{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
+{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
+{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
+{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
+{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
+{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
+{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
+{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
+{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
+{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
+{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
+{ "key": "management.port", "description": "see mail from Manuel, 30.7.2024", "default": "" }
+{ "key": "management.security", "description": "see mail from Manuel, 30.7.2024", "default": "" }
+{ "key": "management.ssl", "description": "see mail from Manuel, 30.7.2024", "default": "" }
+{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
+{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
+{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
+{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
+{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
+{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
+{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
+{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
+{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
+{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
+{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
+{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
+{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
+{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
+{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
+{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
+{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
+{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
+{ "key": "nappl.baseFolder", "description": "The base folder, this component should write to", "default": "" }
+{ "key": "nappl.docArea", "description": "The document area, this component should write to", "default": "" }
+{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
+{ "key": "nappl.host", "description": "nappl host name", "default": "" }
+{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
+{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
+{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
+{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
+{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "parallelRequests", "description": "amount of parallel requests", "default": "" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
+{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
+{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
+{ "key": "sharepoint.clientCertPw", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "sharepoint.clientId", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "sharepoint.doCheckOut", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "sharepoint.secret", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "sharepoint.serviceBusConnectionString", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "sharepoint.serviceBusQueueName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "sharepoint.serviceBusRetentionConnectionString", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "sharepoint.serviceBusRetentionQueueName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "sharepoint.serviceBusTopicNameConfigUpdate", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "sharepoint.spHost", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "sharepoint.tenantId", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "sharepoint.triggerProperty", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "sharepoint.webUserPw", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "ssl.keyAlias", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "ssl.keyPassword", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "ssl.keystore", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "ssl.keystorePassword", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "ssl.keystoreSecret", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
+{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
+{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed.", "default": "" }
+

ai/jsonl/chart_web.jsonl

@@ -0,0 +1,151 @@
+{ "chart_name": "nplus-component-web", "chart_version": "1.2.1500-169", "chart_description": "nscale Web, providing a modern Web UI to nscale users" }
+{ "key": "authType", "description": "Set the authentication type login, basic, negotiate, implicit ntlmv2, kerberos", "default": "" }
+{ "key": "customizingMode", "description": "If this setting is enabled, layouts will update immediately when changes are made. It is no longer necessary to re-register or restart the service. If this setting is not activated, the automatic update of the metamodel is turned off. We recommend not using this setting in productive systems because it reduces system performance.", "default": "" }
+{ "key": "disableUsernamePassword", "description": "surpresses the login dialog", "default": "" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "immediateFederatedLogin", "description": "directly log in via identity providers", "default": "" }
+{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
+{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
+{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
+{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the  instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
+{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
+{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
+{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
+{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
+{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
+{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
+{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
+{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
+{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
+{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
+{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
+{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
+{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
+{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
+{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "metamodelMode", "description": "Refreshes the metamodel mode", "default": "" }
+{ "key": "minReplicaCount", "description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
+{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
+{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
+{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
+{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
+{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.defaultConfig", "description": "Sets a configMap with default configuration files that get copied to a new and empty container just before the template folder gets copied. Existing files are not overwritten.", "default": "" }
+{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
+{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
+{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
+{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
+{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
+{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
+{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
+{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
+{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
+{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
+{ "key": "mounts.logs.medium", "description": "the medium for the emptyDisk volume if you unset it, it drops it from the manifest", "default": "" }
+{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
+{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
+{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
+{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
+{ "key": "nappl.host", "description": "nappl host name", "default": "" }
+{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
+{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
+{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
+{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
+{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "oauthDomains", "description": "OAuth nscale domains", "default": "" }
+{ "key": "replicaCount", "description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.", "default": "" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "sameSite", "description": "nscale SameSite Cookie Header", "default": "" }
+{ "key": "samlDomains", "description": "SAML nscale domains", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
+{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
+{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
+{ "key": "smartCrossgrade", "description": "Enable Crossgrade for Smart Layouts", "default": "" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
+{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
+{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "updateStrategy", "description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed.", "default": "" }
+

ai/jsonl/chart_webdav.jsonl

@@ -0,0 +1,140 @@
+{ "chart_name": "nplus-component-webdav", "chart_version": "1.2.1500-169", "chart_description": "nscale WebDAV Connector, providing a standard WebDAV interface to the Instance" }
+{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
+{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
+{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
+{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
+{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
+{ "key": "image.name", "description": "the name of the image to use", "default": "" }
+{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
+{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
+{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
+{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
+{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
+{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
+{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the  instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
+{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
+{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
+{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
+{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
+{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
+{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
+{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
+{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
+{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
+{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
+{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
+{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
+{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
+{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
+{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
+{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
+{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
+{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
+{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
+{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
+{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
+{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
+{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
+{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
+{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
+{ "key": "minReplicaCount", "description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.", "default": "" }
+{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
+{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
+{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
+{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
+{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
+{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
+{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
+{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
+{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
+{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
+{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
+{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
+{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
+{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
+{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
+{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
+{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
+{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
+{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
+{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
+{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
+{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
+{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
+{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
+{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
+{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
+{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
+{ "key": "nappl.host", "description": "nappl host name", "default": "" }
+{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
+{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
+{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
+{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
+{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
+{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
+{ "key": "replicaCount", "description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.", "default": "" }
+{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
+{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
+{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
+{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
+{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
+{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
+{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
+{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
+{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
+{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
+{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
+{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
+{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
+{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
+{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
+{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
+{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
+{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
+{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
+{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
+{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
+{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
+{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
+{ "key": "updateStrategy", "description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.", "default": "" }
+{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide", "default": "`false`" }
+{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
+{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
+{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
+{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
+{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
+{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed.", "default": "" }
+

ai/jsonl/common.jsonl

@@ -0,0 +1,4 @@
+{"chapter": "Timzone (Package tzdata) setting", "level": 2, "text": "You can set the timezone in the PODs by\n- per Component:\n`timezone: \"Europe/Berlin\"`\n- per Instance:\n`global.timezone: \"Europe/Berlin\"`\n- per Environment:\n`global.environment.timezone: \"Europe/Berlin\"`\nThis is compatible to the *tzdata* package. If the image you use uses a different timezone package und thus a environment variable other than `TZ`, you can also set any global ENV Variables by\n- per Component:\n`env.TZ: \"Europe/Berlin\"`\n- per Instance:\n`global.env.TZ: \"Europe/Berlin\"`\n- per Environment:\n`global.environment.env.TZ: \"Europe/Berlin\"`\nIf you do not set the timezone, **it defaults to `Europe/Berlin`** and the `TZ` env variable.\n"}
+{"chapter": "Placement", "level": 2, "text": "The inter pod anti-affinity is set by default to avoid a placement of two replicas of the same set to one node.\nThis is done for nappl, rs, ilm, cmis, web, webdav based on instance, component and type\nFor the nstl, this is handled by instance and type only, since the nstl does not use replicas and we are using different sets to ensure HA.\nAdditionally, you can set the scheduler to avoid or prefer specific nodes by setting *tolerations* and use *nodeSelectors*:\n- `tolerations`\nList of Kubernetes [`tolerations`](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to add to the component\n- `nodeSelector`\nKubernetes [`nodeSelector`](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) to add to the component\n"}
+{"chapter": "Maintenance Mode", "level": 2, "text": "You can start the component in *Maintenance Mode*, starting the pod without starting the service, providing the possibility to gain access to the container to perform recovery tasks that need to be done offline.\nIn order to do this:\n- All *waitFor* definitions are ignored\n- All *Health Checks* are ignored\n- The container starts in idle\n"}
+{"chapter": "minReplicaCountType", "level": 2, "text": "If you set minReplicaCountType, a podDesruptionBudget will be created with this value as minReplicaCount. It will select pods based on the type of this component.\nThis is used for components, that do **not** support multiple replicas (for example sharepoint or storage layer).\nIf the component does in fact support replicas, it is better to use `minReplicaCount` instead.\nAlso pay attention to only set this on one ReplicaSet of this type, not all.\nPlease refer to the HA sample for more information.\n"}

ai/jsonl/cookbook.jsonl

@@ -0,0 +1,57 @@
+{"chapter": "Preparing the K8s Cluster", "level": 1, "text": "*nplus* Charts bring some custom resources, *Application*, *Instance* and *Component*. they are created during deployment of a chart and then updated by the environment operator every time the status changes.\nTo make this work, you will need to have the *Custom Resource Definitions* applied to your cluster prior to deploying any environment or component. This deployment is handled by the *Cluster Chart*.\n```bash\nhelm install nplus/nplus-cluster\n```\nThe *CRDs* are grouped into *nscale* and *nplus* (both synonym), so that you can either query for\n```bash\nkubectl get instance\nkubectl get component\nkubectl get application\n```\nor simply all at once with\n```bash\nkubectl get nscale -A\n```\nthe output looks like this (shortened output, showing the installed samples):\n```bash\n$ kubectl get nscale -A\nNAMESPACE   NAME                                                    INSTANCE                     COMPONENT       TYPE            VERSION        STATUS\nempty-sim   component.nplus.cloud/database                          empty-sim                    database        database        16             healthy\nempty-sim   component.nplus.cloud/nappl                             empty-sim                    nappl           core            9.2.1302       healthy\nlab         component.nplus.cloud/demo-centralservices-s3-nstl      demo-centralservices-s3      nstl            nstl            9.2.1302       healthy\nlab         component.nplus.cloud/demo-ha-web                       demo-ha                      web             web             9.2.1300       redundant\nlab         component.nplus.cloud/demo-ha-webdav                    demo-ha                      webdav          webdav          9.2.1000       redundant\nlab         component.nplus.cloud/demo-ha-zerotrust-administrator   demo-ha-zerotrust            administrator   administrator   9.2.1300       healthy\nlab         component.nplus.cloud/no-provisioner-nstl               no-provisioner               nstl            nstl            9.2.1302       healthy\nlab         component.nplus.cloud/no-provisioner-rs                 no-provisioner               rs              rs              9.2.1201       starting\nlab         component.nplus.cloud/no-provisioner-web                no-provisioner               web             web             9.2.1300       healthy\nlab         component.nplus.cloud/sbs-nappl                         sbs                          nappl           core            9.2.1302       healthy\nNAMESPACE   NAME                                                    INSTANCE            APPLICATION   VERSION        STATUS\nempty-sim   application.nplus.cloud/application                     empty-sim           application   9.2.1303-123   healthy\nempty-sim   application.nplus.cloud/prepper                         empty-sim           prepper       1.2.1300       healthy\nlab         application.nplus.cloud/demo-ha-zerotrust-application   demo-ha-zerotrust   application   9.2.1303-123   healthy\nlab         application.nplus.cloud/demo-shared-application         demo-shared         application   9.2.1303-123   healthy\nlab         application.nplus.cloud/sbs-sbs                         sbs                 SBS           9.2.1303-123   healthy\nlab         application.nplus.cloud/tenant-application              tenant              application   9.2.1303-123   healthy\nNAMESPACE   NAME                                              HANDLER   VERSION    TENANT   STATUS\nempty-sim   instance.nplus.cloud/empty-sim                    manual    9.2.1302            healthy\nlab         instance.nplus.cloud/default                      manual    9.2.1302            healthy\nlab         instance.nplus.cloud/demo-centralservices         manual    9.2.1302            healthy\nlab         instance.nplus.cloud/rms                          manual    9.2.1302            healthy\nlab         instance.nplus.cloud/sbs                          manual    9.2.1302            healthy\nlab         instance.nplus.cloud/tenant                       manual    9.2.1302            healthy\n```\n"}
+{"chapter": "K8s namespace aka *nplus environment*", "level": 1, "text": "*nplus instances* are deployed into K8s namespaces. Always. even if you do not specify a namespace, it uses a namespace: `default`.\nIn order to use this namespace for *nplus instances*, you need to deploy some shared *nplus components* into it, which are used by the instances. This is done by the environment chart:\n```\nhelm install \\\n--values demo.yaml \\\ndemo nplus/nplus-environment\n```\nAfter that, the K8s namespace is a valid *nplus environment* that can house multiple *nplus instances*.\n"}
+{"chapter": "deploying assets into the environment", "level": 2, "text": "Most likely, you will need assets to be used by your instances. Fonts for example: The *nscale Rendition Server* and die *nscale Server Application Layer* both require the Microsoft fonts, that are not allowed to be distributed by neither nscale nor nplus. So this example shows how to upload some missing pieces into the environment:\n```\nkubectl cp ./apps/app-installer-9.0.1202.jar nplus-toolbox-0:/conf/pool\nkubectl cp ./fonts nplus-toolbox-0:/conf/pool\nkubectl cp ./copy-snippet.sh nplus-toolbox-0:/conf/pool/scripts\nkubectl cp ./test.md nplus-toolbox-0:/conf/pool/snippets\nkubectl cp ./snc nplus-toolbox-0:/conf/pool\n```\nAlternatively, you can also use a `prepper` component, that you can activate on the environment chart, to download assets from any web site and deploy them into the environment:\n```\ncomponents:\nprepper: true\nprepper:\ndownload:\n- \"https://git.nplus.cloud/public/nplus/raw/branch/master/assets/sample.tar.gz\"\n```\nPlease see the prepper [README.md](../../charts/prepper/README.md) for more information.\n"}
+{"chapter": "Operator Web UI", "level": 2, "text": "The environment comes with the operator, responsible for managing / controlling the [custom resources](../cluster/README.md). It has a Web UI, that can be enabled in the environment chart.\n![screenshot operator](assets/operator.png)\n"}
+{"chapter": "*namespace*-less manifests", "level": 2, "text": "Speaking of namespaces: Sometimes you want to drop the namespace from your manifest. This can be done by\n```yaml\nutils:\nincludeNamespace: false\n```\nwhen you then call\n```bash\nhelm template myInstance nplus/nplus-instance > myInstance.yaml\n```\nthe manifest in `myInstance.yaml` will **not** have a namespace set, so you can apply it to multiple namespaces later:\n```bash\nkubectl apply --namespace dev -f myInstance.yaml\nkubectl apply --namespace qa -f myInstance.yaml\nkubectl apply --namespace prod -f myInstance.yaml\n```\n"}
+{"chapter": "Installing Document Areas", "level": 1, "text": ""}
+{"chapter": "Creating an empty document area while deploying an Instance", "level": 2, "text": "This is the simplest sample, just the core services with an empty document area:\n```\nhelm install \\\n--values samples/application/empty.yaml \\\n--values samples/environment/demo.yaml \\\nempty nplus/nplus-instance\n```\nThe empty Document Area is created with\n```yaml\ncomponents:\napplication: true\nprepper: true\n\napplication:\ndocAreas:\n- id: \"Sample\"\nrun:\n- \"/pool/downloads/sample.sh\"\nprepper:\ndownload:\n- \"https://git.nplus.cloud/public/nplus/raw/branch/master/assets/sample.tar.gz\"\n```\nThis turns on the *prepper* component, used to download a sample tarball from git. It will also extract the tarball into the `downloads` folder that is created on the *pool* automatically.\nThen, after the Application Layer is running, a document area `Sample` is created. The content of the sample script will be executed.\nIf you use **argoCD** as deployment tool, you would go with\n```\nhelm install \\\n--values samples/application/empty.yaml \\\n--values samples/environment/demo.yaml \\\nempty-argo nplus/nplus-instance-argo\n```\n"}
+{"chapter": "Deploying the *SBS* Apps to a new document area", "level": 2, "text": "In the SBS scenario, some Apps are installed into the document area:\n```bash\nhelm install \\\n--values samples/applications/sbs.yaml \\\n--values samples/environment/demo.yaml \\\nsbs nplus/nplus-instance\n```\nThe values look like this:\n```yaml\ncomponents:\napplication: true\napplication:\nnameOverride: SBS\ndocAreas:\n- id: \"SBS\"\nname: \"DocArea with SBS\"\ndescription: \"This is a sample DocArea with the SBS Apps installed\"\napps:\n- \"/pool/nstore/bl-app-9.0.1202.zip\"\n- \"/pool/nstore/gdpr-app-9.0.1302.zip\"\n...\n- \"/pool/nstore/ts-app-9.0.1302.zip\"\n- \"/pool/nstore/ocr-base-9.0.1302.zip\"\n```\nThis will create a document area `SBS` and install the SBS Apps into it.\n"}
+{"chapter": "Accounting in nstl", "level": 1, "text": "To collect Accounting Data in *nscale Server Storage Layer*, you can enable the nstl accouting feature by setting `accounting: true`.\nThis will create the accounting csv files in *ptemp* under `<instance>/<component>/accounting`.\nAdditionally, you can enable a log forwarder printing it to stdout.\n```\nnstl:\naccounting: true\nlogForwarder:\n- name: Accounting\npath: \"/opt/ceyoniq/nscale-server/storage-layer/accounting/*.csv\"\n```\n"}
+{"chapter": "(auto-) certificates and the pitfalls of *.this*", "level": 1, "text": "*nplus* will automatically generate certificates for your ingress. It either uses an issuer like *cert-manager* or generates a *self-signed-certificate*.\nIn your production environment though, you might want to take more control over the certificate generation process and don't leave it to *nplus* to automatically take care of it.\nIn that case, you want to switch the automation *off*.\nTo do so, you need to understand what is happening internally:\n- if `.this.ingress.issuer` is set, the chart requests this issuer to generate a tls secret with the name `.this.ingress.secret`\nby creating a certificate resource with the name of the domain `.this.ingress.domain`\n- else, so no issuer is set, the chart checks wether the flag `.this.ingress.createSelfSignedCertificate` is set to `true` and\ngenerates a tls secret with the name `.this.ingress.secret`\n- else, so neither issuer nor createSelfSignedCertificate are set, the charts will not generate anything\nThe way how `.this` works is, that it gathers the key from `.Values.global.environment`, `.Values.global` and then `.Values` and flattens them merged into `.this`so that you can set your values\non different levels.\nHowever, the *merge* function overwrites non exising values and also boolean `true` overwrites a boolean `false`, not just the nil values. So to make sure we still can cancel functionality\nby setting `null`or `false`, there is a forth merge which is set to forcefully overwrite existing keys: `override`, which can also be set on *environment*, *global* or on the *component* level.\nSo the correct way to cancel the generation process is to force the issuer to null (which will cancel the *cert-manager* generation) and also force `createSelfSignedCertificate` to false (to cancel the *self-signed-certificate* generation):\n```yaml\nglobal:\noverride:\ningress:\nenabled: true\nsecret: myCertificate\nissuer: null\ncreateSelfSignedCertificate: false\n```\nThis makes sure, you will get an ingress, that uses the tls certificate in the secret `myCertificate` for encryption and does not generate anything.\n"}
+{"chapter": "Grouping Instances", "level": 1, "text": "Sometimes Instances become quite large with many components. If you work on them with multiple team members, you end up having to synchronize the deployment of the Instances.\nYou can easily rip large Instances apart using the `group` tag, joining multiple Instances into one group and making sure the NetworkPolicies are opened to pods from other Instances within the Instance Group.\n```yaml\nglobal:\ninstance:\n# -- despite the instance name, all components within this group will be prefixed\n# with the group (unless the group name and the environment name are not identical)\n# Also this makes sure the network policies are acting on the group, not on the instance.\ngroup: \"sample-group\"\n```\nYou can query the instance group in your code with `.instance.group`.\nExample: We build multiple Instances in one group:\n- sample-group-backend\n- Database\n- nstl\n- rs\n- sample-group-middleware\n- nappl\n- application(s)\n- sample-group-frontend\n- web\n- cmis\nPortainer is showing the group as if it were an single instance:\n![Portainer](assets/portainer.png)\nThe nplus UI is showing the instances of the group:\n![nplus Web Monitoring](assets/monitor.png)\nAnd the nplus CLI is also showing single instances:\n```\n% kubectl get nscale\nNAME                                                                 INSTANCE                         COMPONENT       TYPE            VERSION    STATUS\ncomponent.nplus.cloud/sample-group-cmis                              sample-group-frontend            cmis            cmis            9.2.1200   healthy\ncomponent.nplus.cloud/sample-group-database                          sample-group-backend             database        database        16         healthy\ncomponent.nplus.cloud/sample-group-nappl                             sample-group-middleware          nappl           core            9.2.1302   healthy\ncomponent.nplus.cloud/sample-group-rs                                sample-group-backend             rs              rs              9.2.1201   healthy\ncomponent.nplus.cloud/sample-group-web                               sample-group-frontend            web             web             9.2.1300   healthy\nNAME                                                  HANDLER   VERSION    TENANT   STATUS\ninstance.nplus.cloud/sample-group-backend             manual    9.2.1302            healthy\ninstance.nplus.cloud/sample-group-frontend            manual    9.2.1302            healthy\ninstance.nplus.cloud/sample-group-middleware          manual    9.2.1302            healthy\n```\n"}
+{"chapter": "Sharing Instances", "level": 1, "text": "Some organisations have multiple tenants that share common services, like *nscale Rendition Server* or\nhave a common IT department, thus using only a single *nscale Monitoring Console* acress all tenants.\nThis is the Central Services Part:\n```\nhelm install \\\n--values samples/shared/centralservices.yaml \\\n--values samples/environment/demo.yaml \\\nsample-shared-cs nplus/nplus-instance\n```\nAnd this is the tenant using the Central Services:\n```\nhelm install \\\n--values samples/shared/shared.yaml \\\n--values samples/environment/demo.yaml \\\nsample-shared nplus/nplus-instance\n```\nIf you enable security based on *Network Policies*, you need to add additional Policies to allow access. Please see `shared-networkpolicy.yaml` and `centralservices-networkpolicy.yaml` as an example.\nYou also want to set the *monitoringInstance* in the `global` section of the values file to enable the Network Policy for incoming monitoring traffic.\n```yaml\nglobal:\nsecurity:\ncni:\nmonitoringInstance: sample-shared-cs\n```\n"}
+{"chapter": "Using detached applications", "level": 1, "text": "All the other samples use an application that is deployed **inside of an instance**. However, you can also deploy an application **detached** from the instance as a solo chart.\nThe reason for this is, that you\n- can update the instance without running the application update\n- update the application without touching the instance\n- have multiple applications deployed within one instance\nThere are two major things you need to do:\n1. make sure the application charts sets the instance name of the instance, it should connect to\n2. take the default values of the application match the ones it would get by an instance deployment\nThis is a sample: (find the complete one in the [application.yaml](application.yaml))\n```yaml\nnameOverride: SBS\ndocAreas:\n- id: \"SBS\"\nname: \"DocArea with SBS\"\ndescription: \"This is a sample DocArea with the SBS Apps installed\"\napps:\n...\ninstance:\n# this is the name of the instance, it should belong to\nname: \"sample-detached\"\n"}
+{"chapter": "make sure it can wait for the nappl of the instance to be ready, before it deploys.", "level": 1, "text": "waitImage:\nrepo: cr.nplus.cloud/subscription\nname: toolbox2\ntag: 1.2.1300\npullPolicy: IfNotPresent\nwaitFor:\n- \"-service {{ .component.prefix }}nappl.{{ .Release.Namespace }}.svc.cluster.local:{{ .this.nappl.port }} -timeout 1800\"\n"}
+{"chapter": "Now we define where and what to deploy", "level": 1, "text": "nappl:\nhost: \"{{ .component.prefix }}nappl.{{ .Release.Namespace }}\"\nport: 8080\nssl: false\ninstance: \"nscalealinst1\"\naccount: admin\ndomain: nscale\npassword: admin\nsecret:\nnstl:\nhost: \"{{ .component.prefix }}nstl.{{ .Release.Namespace }}\"\nrs:\nhost: \"{{ .component.prefix }}rs.{{ .Release.Namespace }}\"\n```\n"}
+{"chapter": "High Availability", "level": 1, "text": "To gain a higher level of availability for your Instance, you can\n- create more Kubernetes Cluster Nodes\n- create more replicas of the *nscale* and *nplus* components\n- distribute those replicas across multiple nodes using anti-affinities\nThis is how:\n```\nhelm install \\\n--values samples/ha/values.yaml\n--values samples/environment/demo.yaml \\\nsample-ha nplus/nplus-instance\n```\nThe essents of the values file is this:\n- We use three (3) *nscale Server Application Layer*, two dedicated to user access, one dedicated to jobs\n- if the jobs node fails, the user nodes take the jobs (handled by priority)\n- if one of the user nodes fail, the other one handles the load\n- Kubernetes takes care of restarting nodes should that happen\n- All components run with two replicas\n- Pod anti-affinities handle the distribution\n- any administration component only connects to the jobs nappl, leaving the user nodes to the users\n- PodDisruptionBudgets are defined for the crutial components. These are set via `minReplicaCount` for the components that can support multiple replicas, and `minReplicaCountType` for the **first** replicaSet of the components that do not support replicas, in this case nstla.\n```\nweb:\nreplicaCount: 2\nminReplicaCount: 1\nrs:\nreplicaCount: 2\nminReplicaCount: 1\nilm:\nreplicaCount: 2\nminReplicaCount: 1\ncmis:\nreplicaCount: 2\nminReplicaCount: 1\nwebdav:\nreplicaCount: 2\nminReplicaCount: 1\nnstla:\nminReplicaCountType: 1\nadministrator:\nnappl:\nhost: \"{{ .component.prefix }}nappljobs.{{ .Release.Namespace }}\"\nwaitFor:\n- \"-service {{ .component.prefix }}nappljobs.{{ .Release.Namespace }}.svc.cluster.local:{{ .this.nappl.port }} -timeout 600\"\npam:\nnappl:\nhost: \"{{ .component.prefix }}nappljobs.{{ .Release.Namespace }}\"\nwaitFor:\n- \"-service {{ .component.prefix }}nappljobs.{{ .Release.Namespace }}.svc.cluster.local:{{ .this.nappl.port }} -timeout 600\"\nnappl:\nreplicaCount: 2\nminReplicaCount: 1\njobs: false\nwaitFor:\n- \"-service {{ .component.prefix }}nappljobs.{{ .Release.Namespace }}.svc.cluster.local:{{ .this.nappl.port }} -timeout 600\"\nnappljobs:\nreplicaCount: 1\njobs: true\ndisableSessionReplication: true\ningress:\nenabled: false\nsnc:\nenabled: true\nwaitFor:\n- \"-service {{ .component.prefix }}database.{{ .Release.Namespace }}.svc.cluster.local:5432 -timeout 600\"\napplication:\nnstl:\nhost: \"{{ .component.prefix }}nstl-cluster.{{ .Release.Namespace }}\"\nnappl:\nhost: \"{{ .component.prefix }}nappljobs.{{ .Release.Namespace }}\"\n```\n"}
+{"chapter": "Assigning CPU and RAM", "level": 2, "text": "You **should** assign resources to your components, depending on the load that you expect.\nIn a dev environment, that might be very little and you may be fine with the defaults.\nin a qa or prod environment, this should be wisely controlled, like this:\n```yaml\nnappl:\nresources:\nrequests:\ncpu: \"100m\"         # Minimum 1/10 CPU\nmemory: \"1024Mi\"    # Minimum 1 GB\nlimits:\ncpu: \"2000m\"        # Maximum 2 Cores\nmemory: \"4096Mi\"    # Maximum 4 GB. Java will see this as total.\njavaOpts:\njavaMinMem: \"512m\"    # tell Java to initialize the heap with 512 MB\njavaMaxMem: \"2048m\"   # tell Java to use max 2 GB of heap size\n```\nThere are many discussions going on how much memory you should give to Java processes and how they react. Please see the internet for insight.\n"}
+{"chapter": "Our **current** opinion is:", "level": 4, "text": "Do not limit ram. You are not able to foresee how much Java is really consuming as the heap is only part of the RAM requirement. Java also needs *metaspace*, *code cache* and *thread stack*. Also the *GC* needs some memory, as well as the *symbols*.\nJava will crash when out of memory, so even if you set javaMaxMem == 1/2 limits.memory (what many do), that guarantees nothing and might be a lot of waste.\nSo what you can consider is:\n```yaml\nnappl:\nresources:\nrequests:\ncpu: \"1000m\"        # 1 Core guaranteed\nmemory: \"4096Mi\"    # 4GB guaranteed\nlimits:\ncpu: \"4000m\"        # Maximum 4 Cores\n"}
+{"chapter": "memory:             # No Limit but hardware", "level": 2, "text": "javaOpts:\njavaMinMem: \"1024m\"   # Start with 1 GB\njavaMaxMem: \"3072m\"   # Go up to 3GB (which is only part of it) but be able to take more (up to limit) without crash\n```\nDownside of this approach: If you have a memory leak, it might consume all of your nodes memory without being stopped by a hard limit.\n"}
+{"chapter": "A possible **Alternative**:", "level": 4, "text": "You can set the RAM limit equal to the RAM request and leave the java Memory settings to *automatic*, which basically simulates a server. Java will *see* the limit as being the size of RAM installed in the machine and act accordingly.\n```yaml\nnappl:\nresources:\nrequests:\ncpu: \"1000m\"        # 1 Core guaranteed\nmemory: \"4096Mi\"    # 4GB guaranteed\nlimits:\ncpu: \"4000m\"        # Maximum 4 Cores\nmemory: \"4096Mi\"    # No Limit but hardware\n"}
+{"chapter": "javaOpts:", "level": 1, "text": ""}
+{"chapter": "javaMinMem:           # unset, leaving it to java", "level": 2, "text": ""}
+{"chapter": "javaMaxMem:           # unset, leaving it to java", "level": 2, "text": "```\n"}
+{"chapter": "In a **DEV** environment,", "level": 4, "text": "you might want to do more **overprovisioning**. You could even leave it completely unlimited, as in **DEV** you want to see memory and cpu leaks, so a limit might hide them from your sight.\nSo this is a possible allocation for **DEV**, defining only the bare minimum requests:\n```yaml\nnappl:\nresources:\nrequests:\ncpu: \"1m\"           # 1/1000 Core guaranteed,\n# but can consume all cores of the cluster node if required and available\nmemory: \"512Mi\"     # 512MB guaranteed,\n# but can consume all RAM of the cluster node if required and available\n```\nIn this case, Java will see all node RAM as the limit and use whatever it needs. But as you are in a **dev** environment, there is no load and no users on the machine, so this will not require much.\n"}
+{"chapter": "Resources you should calculate", "level": 2, "text": "The default resources assigned by *nplus* are for demo / testing only and you should definitely assign more ressources to your components.\nHere is a very rough estimate of what you need:\n| Component       | Minimum (Demo and Dev) | Small            | Medium            | Large              | XL   | Remark                                                      |\n| --------------- | ---------------------- | ---------------- | ----------------- | ------------------ | ---- | ----------------------------------------------------------- |\n| ADMIN           | 1 GB RAM, 1 Core       | 2 GB RAM, 1 Core | 2 GB RAM, 1 Core  | 2 GB RAM, 1 Core   |      |                                                             |\n| **Application** | -                      | -                | -                 | -                  |      | Resources required during deployment only                   |\n| CMIS            | 1 GB RAM, 1 Core       | 2 GB RAM, 2 Core | 2 GB RAM, 2 Core  | 2 GB RAM, 2 Core   |      |                                                             |\n| **Database**    | 2 GB RAM, 2 Core       | 4 GB RAM, 4 Core | 8 GB RAM, 6 Core  | 16 GB RAM, 8 Core  | open |                                                             |\n| ILM             | 1 GB RAM, 1 Core       | 2 GB RAM, 2 Core | 2 GB RAM, 2 Core  | 2 GB RAM, 2 Core   |      |                                                             |\n| MON             | 1 GB RAM, 1 Core       | 2 GB RAM, 2 Core | 2 GB RAM, 2 Core  | 2 GB RAM, 2 Core   |      | quite fix                                                   |\n| **NAPPL**       | 2 GB RAM, 2 Core       | 4 GB RAM, 4 Core | 8 GB RAM, 6 Core  | 16 GB RAM, 8 Core  | open | CPU depending on Jobs / Hooks, RAM depending on amount user |\n| **NSTL**        | 500 MB RAM, 1 Core     | 1 GB RAM, 2 Core | 1 GB RAM, 2 Core  | 1 GB RAM, 2 Core   |      | quite fix                                                   |\n| PAM             |                        | 2 GB RAM, 1 Core | 2 GB RAM, 1 Core  | 2 GB RAM, 1 Core   |      |                                                             |\n| PIPELINER       | 2 GB RAM, 2 Core       | 4 GB RAM, 4 Core | 4 GB RAM, 4 Core  | 4 GB RAM, 4 Core   | open | Depending on Core Mode *or* AC Mode, No Session Replication |\n| **RS**          | 1 GB RAM, 1 Core       | 8 GB RAM, 4 Core | 32 GB RAM, 8 Core | 64 GB RAM, 12 Core | open | CPU depending on format type, RAM depending on file size    |\n| SHAREPOINT      |                        | 2 GB RAM, 2 Core | 2 GB RAM, 2 Core  | 2 GB RAM, 2 Core   |      |                                                             |\n| WEB             | 1 GB RAM, 1 Core       | 2 GB RAM, 2 Core | 4 GB RAM, 4 Core  | 8 GB RAM, 4 Core   | open |                                                             |\n| WEBDAV          |                        | 2 GB RAM, 2 Core | 2 GB RAM, 2 Core  | 2 GB RAM, 2 Core   |      |                                                             |\n**Bold** components are required by a *SBS* setup, so here are some estimates per Application:\n| Component | Minimum (Demo and Dev) | Minimum (PROD)    | Recommended (PROD) | Remark             |\n| --------- | ---------------------- | ----------------- | ------------------ | ------------------ |\n| SBS       | 6 GB RAM, 4 Core       | 16 GB RAM, 8 Core | 24 GB RAM, 12 Core | Without WEB Client |\n| eGOV      | TODO                   | TODO              | TODO               | eGOV needs much more CPU than a non eGOV system |\nA word on **eGOV**: The eGOV App brings hooks and jobs, that require much more resources than a *normal* nscale system even with other Apps installed.\n"}
+{"chapter": "Real Resources in DEV Idle", "level": 2, "text": "```\n% kubectl top pods\n...\nsample-ha-administrator-0                                2m           480Mi\nsample-ha-argo-administrator-0                           2m           456Mi\nsample-ha-argo-cmis-5ff7d78c47-kgxsn                     2m           385Mi\nsample-ha-argo-cmis-5ff7d78c47-whx9j                     2m           379Mi\nsample-ha-argo-database-0                                2m           112Mi\nsample-ha-argo-ilm-58c65bbd64-pxgdl                      2m           178Mi\nsample-ha-argo-ilm-58c65bbd64-tpxfz                      2m           168Mi\nsample-ha-argo-mon-0                                     2m           308Mi\nsample-ha-argo-nappl-0                                   5m           1454Mi\nsample-ha-argo-nappl-1                                   3m           1452Mi\nsample-ha-argo-nappljobs-0                               5m           2275Mi\nsample-ha-argo-nstla-0                                   4m           25Mi\nsample-ha-argo-nstlb-0                                   6m           25Mi\nsample-ha-argo-pam-0                                     5m           458Mi\nsample-ha-argo-rs-7d6888d9f8-lp65s                       2m           1008Mi\nsample-ha-argo-rs-7d6888d9f8-tjxh8                       2m           1135Mi\nsample-ha-argo-web-f646f75b8-htn8x                       4m           1224Mi\nsample-ha-argo-web-f646f75b8-nvvjf                       11m          1239Mi\nsample-ha-argo-webdav-d69549bd4-nz4wn                    2m           354Mi\nsample-ha-argo-webdav-d69549bd4-vrg2n                    3m           364Mi\nsample-ha-cmis-5fc96b8f89-cwd62                          2m           408Mi\nsample-ha-cmis-5fc96b8f89-q4nr4                          3m           442Mi\nsample-ha-database-0                                     2m           106Mi\nsample-ha-ilm-6b599bc694-5ht57                           2m           174Mi\nsample-ha-ilm-6b599bc694-ljkl4                           2m           193Mi\nsample-ha-mon-0                                          3m           355Mi\nsample-ha-nappl-0                                        3m           1278Mi\nsample-ha-nappl-1                                        4m           1295Mi\nsample-ha-nappljobs-0                                    6m           1765Mi\nsample-ha-nstla-0                                        4m           25Mi\nsample-ha-nstlb-0                                        4m           25Mi\nsample-ha-pam-0                                          2m           510Mi\nsample-ha-rs-7b5fc586f6-49qhp                            2m           951Mi\nsample-ha-rs-7b5fc586f6-nkjqb                            2m           1205Mi\nsample-ha-web-7bd6ffc96b-pwvcv                           3m           725Mi\nsample-ha-web-7bd6ffc96b-rktrh                           9m           776Mi\nsample-ha-webdav-9df789f8-2d2wn                          2m           365Mi\nsample-ha-webdav-9df789f8-psh5q                          2m           345Mi\n...\n```\n"}
+{"chapter": "Defaults", "level": 2, "text": "Check the file `default.yaml`. You can set default memory limits for a container. These defaults are applied if you do not specify any resources in your manifest.\n"}
+{"chapter": "Single-Instance-Mode", "level": 1, "text": "If you choose to separate tenants on your system not only by *nplus Instances* but also by *nplus Environments*, thus running each tenant in a separate Kubernetes *Namespace*, you do not need to create an *nplus Environment* first, but you can rather enable the *nplus Environment Components* within your instance:\n```yaml\ncomponents:\nsim:\ndav: true\nbackend: true\noperator: true\ntoolbox: true\n```\nSteps to run a SIM Instance:\n1. Create the namespace and the necessary secrets to access the repo, registry as well as the nscale license file\n```\nSIM_NAME=\"empty-sim\"\nkubectl create ns $SIM_NAME\nkubectl create secret docker-registry nscale-cr \\\n--namespace $SIM_NAME \\\n--docker-server=ceyoniq.azurecr.io \\\n--docker-username=$NSCALE_ACCOUNT \\\n--docker-password=$NSCALE_TOKEN\nkubectl create secret docker-registry nplus-cr \\\n--namespace $SIM_NAME \\\n--docker-server=cr.nplus.cloud \\\n--docker-username=$NPLUS_ACCOUNT \\\n--docker-password=$NPLUS_TOKEN\nkubectl create secret generic nscale-license \\\n--namespace $SIM_NAME \\\n--from-file=license.xml=$NSCALE_LICENSE\n```\n2. Deploy the Instance\n```\nhelm install \\\n--values lab.yaml \\\n--values single-instance-mode.yaml \\\n--namespace $SIM_NAME \\\n$SIM_NAME nplus/nplus-instance\n```\nIf you do not have any Application that requires assets such as scripts or apps, you are good to go with this.\nHowever, if your Application does require assets, the *problem* is to get them into your (not existing) environment before the Applications is trying to access them.\nThere are three possible solutions:\n1. You create an umbrella chart and have a job installing the assets into your Instance\n2. You pull / download assets from your git server or an asset server before the Application deployment\n3. You pull / download assets from your git server or an asset server before the Component deployment, including the Application\n**Solution 1** obiously involes some implementation on your end. That is not covered in this documentation.\n**Solution 2** can be achieved by defining a downloader in your application chart (see `empty-download.yaml`):\n```yaml\ncomponents:\napplication: true\napplication:\ndocAreas:\n- id: \"Sample\"\ndownload:\n- \"https://git.nplus.cloud/public/nplus/raw/branch/master/samples/assets/sample.sh\"\nrun:\n- \"/pool/downloads/sample.sh\"\n```\n**Solutions 3** should be used if you have any assets that need to be available **before** the nscale Components start, like snippets for the web client etc.\nYou can use the *Prepper* for that purpose. The *Prepper* prepares everything required for the Instance to work as intended. It is very much like the *Application*, except that it does not connect to any nscale component (as they do not yet run by the time the prepper executes). But just like the Application, the Prepper is able to download assets and run scripts.\nYou can add this to your deployment:\n```yaml\ncomponents:\nprepper: true\nprepper:\ndownload:\n- \"https://git.nplus.cloud/public/nplus/raw/branch/master/assets/sample.tar.gz\"\nrun:\n- \"/pool/downloads/sample/sample.sh\"\n```\n"}
+{"chapter": "Deploying with Argo", "level": 1, "text": ""}
+{"chapter": "the argo version of the instance", "level": 2, "text": "Deployin with argoCD is straight forward, as there is a ready-to-run instance chart version for argo, that takes **exactly** the same values as the *normal* chart:\n```bash\nhelm install \\\n--values samples/application/empty.yaml \\\n--values samples/environment/demo.yaml \\\nsample-empty-argo nplus/nplus-instance-argo\n```\n"}
+{"chapter": "Using Waves", "level": 2, "text": "The instance chart already comes with pre-defined waves. They are good to go with (can be modified though):\n```yaml\nnappl:\nmeta:\nwave: 15\n```\n**But**: You might be annoyed by ArgoCD, when some services do not come up preventing other services to not be started at all since ArgoCD operates in Waves, so later services might not be deployed at all if an early wave services fails.\nEspecially in DEV, this can become a testing problem.\nTo turn *off* Waves completely for a Stage, Environment or Instance, go\n```\nglobal:\nenvironment:\nutils:\ndisableWave: true\n```\n"}
+{"chapter": "Pinning Versions", "level": 1, "text": ""}
+{"chapter": "Old Version", "level": 2, "text": "If you like to test rolling updates and the updates to new minor versions, check out the *e90* sample:\nThis sample will install a version 9.0.1400 for you to test. Since the Cluster Node Discovery changed due to a new jGroups version in nscale, the chart will notice the old version and turn on the legacy discovery mechanism to allow the Pod to find its peers in Versions prior to 9.1.1200.\n```\nhelm install \\\n--values samples/empty.yaml \\\n--values samples/demo.yaml \\\n--values versions/9.0.1400.yaml \\\nsample-e90 nplus/nplus-instance\n```\n"}
+{"chapter": "New Version Sample", "level": 2, "text": "Some nscale Versions are License-Compatible, meaning that for example a Version 9.1 License File will also be able to run a nscale Version 9.0 Software. But that is not always the case.\nSo you might need to set individual licenses per instance:\n```\nkubectl create secret generic nscale-license-e10 \\\n--from-file=license.xml=license10.xml\n```\nCheck, if the license has been created:\n```\n"}
+{"chapter": "kubectl get secret | grep license", "level": 1, "text": "nscale-license          Opaque              1      7d22h\nnscale-license-e10      Opaque              1      17s\n```\nNow, we install the instance:\n```\nhelm upgrade -i \\\n--values samples/empty.yaml \\\n--values samples/demo.yaml \\\n--values versions/10.0.yaml \\\n--set global.license=nscale-license-e10 \\\nsample-e10 nplus/nplus-instance\n```\n"}
+{"chapter": "Security", "level": 1, "text": ""}
+{"chapter": "All the standards", "level": 2, "text": "There are several features that will enhance the security of your system:\n- all components are running rootless by default\n- all components drop all privileges\n- all components deny escalation\n- all components have read only file systems\n- Access is restricted by NetworkPolicies\n"}
+{"chapter": "Additional: The backend Protocol", "level": 2, "text": "Additionally, you can increase security by encrypting communication in the backend. Depending on your network driver, this might already been done automatically beween the Kubernetes Nodes. But you can double that even within a single node by switching the backend Protocol to https:\n```yaml\nglobal:\nnappl:\nport: 8443\nssl: true\n"}
+{"chapter": "Web and PAM do not speak https by default yet, CRs have been filed.", "level": 1, "text": "nappl:\ningress:\nbackendProtocol: https\ncmis:\ningress:\nbackendProtocol: https\nilm:\ningress:\nbackendProtocol: https\nwebdav:\ningress:\nbackendProtocol: https\nrs:\ningress:\nbackendProtocol: https\nmon:\ningress:\nbackendProtocol: https\nadministrator:\ningress:\nbackendProtocol: https\n```\nThis will turn every communication to https, **but** leave the unencrypted ports (http) **open** for inter-pod communication.\n"}
+{"chapter": "Zero Trust Mode", "level": 2, "text": "This will basically do the same as above, **but** also turn **off** any unencrypted port (like http) and also implement NetworkPolicies to drop unencrypted packages.\nThis will also affect the way how *probes* are checking the pods health: *nplus* will switch them to use https instead, so even the very internal Healtch Check infrastructure will be encrypted in *zero trust mode*:\n```yaml\ncomponents:\npam: false  #TODO: ITSMSD-8771: PAM does not yet support https backend.\nglobal:\nsecurity:\nzeroTrust: true\nnappl:\nport: 8443\nssl: true\n```\n"}
+{"chapter": "(virtual-) Remote Management Server", "level": 1, "text": "The *nplus RMS* creates a virtual IP Address in your subnet. On this IP, you will find an *nscale Remote Management Service* and a Layer 4 Proxy, forwarding the ports of the components to the\nbelonging pods.\nThe result is, that under this VIP, it looks as if there is a real server with a bunch of *nscale* components installed. So you can use the desktop admin client to connect to it and configure it. Including offline configuration.\nThe offline configuration writes settings to the configuration files of the components. These files are injected into the Pods by *nplus* making the legacy magic work again.\nAlso, Shotdown, Startup and Restart buttons in the Admin client will work, as that will by translated to Kubernetes commands by *nplus*\nAnyways, there are some restrictions:\n- In a HA scenario, you need multiple virtual server, as nscale does not allow some components to deploy more than one instance per server (like nstl) and they would then also block the default ports. So better to have more RMS\n- Log Files are not written, so the Admin cannot grab them. So no log file viewing in Admin\n> Please notice that this is a BETA Feature not released for Production use.\nThis is a sample of RMS in a HA environment with two virtual servers:\n```yaml\ncomponents:\nrmsa: true\nrmsb: true\nrmsa:\ningress:\ndomain: \"server1.{{ .instance.group | default .Release.Name }}.lab.nplus.cloud\"\ncomps:\nnappl:\nenabled: true\nrestartReplicas: 2\nnstl:\nenabled: true\nname: nstla\nrestartReplicas: 1\nhost: \"{{ .component.prefix }}nstla.{{ .Release.Namespace }}.svc.cluster.local\"\nrs:\nenabled: true\nrestartReplicas: 2\nweb:\nenabled: true\nrestartReplicas: 2\nrmsb:\ningress:\ndomain: \"server2.{{ .instance.group | default .Release.Name }}.lab.nplus.cloud\"\ncomps:\nnappl:\nenabled: true\nname: nappljobs\nrestartReplicas: 1\nreplicaSetType: StatefulSet\nhost: \"{{ .component.prefix }}nappljobs.{{ .Release.Namespace }}.svc.cluster.local\"\nnstl:\nname: nstlb\nenabled: true\nrestartReplicas: 1\nhost: \"{{ .component.prefix }}nstlb.{{ .Release.Namespace }}.svc.cluster.local\"\n```\n"}
+{"chapter": "Using Object Stores", "level": 1, "text": "Blobstores aka Objectstores have a REST Interface that you can upload your Payload to and receive an ID for it. They are normally structured into *Buckets* or *Containers* to privide\nsome sort of pooling payload within the store.\nThe *nscale Server Storage Layer* supports multiple brands of objectstores, the most popular being Amazon S3 and Microsoft Azure Blobstore.\nIn order to use them, you need to\n- get an account for the store\n- configure the *nstl* with the url, credentials etc.\n- Add firewall rules to access to store\nHave a look at the sample files\n- s3-env.yaml\nfor Amazon S3 compatible storage, and\n- azureblob.yaml\nfor Azure Blobstore\nFor S3 compatible storage, there are multiple S3 flavours available.\n"}
+{"chapter": "Custom Environment Variables", "level": 1, "text": "There are multiple ways of how to set custom environment variables in addition to the named values, you set in helm:\n"}
+{"chapter": "Using `env`", "level": 2, "text": "Please have a look at `s3-env.yaml` to see how custom environment variables can be injected into a component:\n```\nnstl:\nenv:\n# Archivtyp\nNSTL_ARCHIVETYPE_900_NAME: \"S3\"\nNSTL_ARCHIVETYPE_900_ID: \"900\"\nNSTL_ARCHIVETYPE_900_LOCALMIGRATION: \"0\"\nNSTL_ARCHIVETYPE_900_LOCALMIGRATIONTYPE: \"NONE\"\nNSTL_ARCHIVETYPE_900_S3MIGRATION: \"1\"\n```\nThis will set the environment variables in the storage layer to add an archive type with id 900.\n"}
+{"chapter": "Using `envMap` and `envSecret`", "level": 2, "text": "Alternatively to the standard `env`setting, you can also use configmaps and secrets for additional environment variables.\nThe file `s3-envres.yaml` creates a configmap and a secret with the same variables as used in the `s3-env.yaml` sample. `s3-envfrom.yaml` shows how to import them.\nPlease be aware, that data in secrets need to be base64 encoded:\n```\necho \"xxx\" | base64\n```\nSo in order to use the envFrom mechanism,\n- prepare the resources (as in `s3-envres.yaml`)\n- upload the resources to your cluster\n```\nkubectl apply -f s3-envres.yaml\n```\n- add it to your configuration\n```\nnstl:\n# These resources are set in the s3-envres.yaml sample file\n# you can set single values (envMap or envSecret) or lists (envMaps or envSecrets)\nenvMaps:\n- env-sample-archivetype\n- env-sample-device\nenvSecret: env-sample-device-secret\n```\n"}
+{"chapter": "Specifics of the Sharepoint Connector", "level": 1, "text": "Normally, you will have different configurations if you want multiple Sharepoint Connectors. This makes the *nsp* somewhat special:\n"}
+{"chapter": "Multi Instance HA Sharepoint Connector", "level": 2, "text": "This sample shows how to setup a sharepoint connector with multiple instances having **different** configurations for archival, but with **High Availability** on the retrieval side.\nSharePoint is one of the few components for which is is quite common to have multiple instances instead of replicas. Replicas would include, that the configuration for all pods is identical. However, you might want to have multiple configurations as you also have multiple sharepoint sites you want to archive.\nRunning multiple instances with ingress enabled leads to the question, what the context path is for each instance. It cannot be the same as the load balancer would not be able to distinguish between them and thus refuses to add the configuration object - leading in a deadlock situation.\nSo *nplus* defined different context paths if you have multiple instances:\n- sharepointa on `/nscale_spca`\n- sharepointb on `/nscale_spcb`\n- sharepointc on `/nscale_spcc`\n- sharepointd on `/nscale_spcd`\nIf you only run one instance, it defaults to `/nscale_spc`.\n"}
+{"chapter": "HA on retrieval", "level": 2, "text": "Once archived, you might want to use all instances for retrieval, since they share a common retrieval configuration (same nappl, ...). So in order to gain High Availability even across multiple instances, there are two options:\n1. You turn off the services and ingresses on any sharepoint instance but sharepointa. Then you switch sharepointa's service selector to *type mode*, selecting all pods with type `sharepoint` instead of all pods of component `sharepointa`. Then you can access this one service to reach them all.\n2. You can turn on the *clusterService*, which is an additional service that selects all `sharepoint` type pods and then adds an extra ingress on this service with the default context path `nscale_spc`\nHowever, in both scenarios, beware that the sharepoint connector can only service one context path at a time, so you will need to change the context path accordingly.\n"}
+{"chapter": "Sample for solution 1", "level": 2, "text": "On the instance, define the following:\n```\ncomponents:\n# -- First, we switch the default SharePoint OFF\nsharepoint: false\n# -- Then we enable two sharepoint instances to be used with different configurations\nsharepointa: true\nsharepointb: true\nsharepointa:\nservice:\n# -- Switching the service to \"type\" makes sure we select not only the component pods (in this case all replicas of sharepointa)\n# but rather **any** pod of type sharepoint.\nselector: \"type\"\ningress:\n# -- The default contextPath for sharepointa is `nscale_spca` to make sure we have distinguishable paths for all sharepoint instances.\n# however, in this case we re-use the service as cluster service and die ingress as cluster ingress, so we switch to the general\n# contextPath, as if it was a single component deployment\ncontextPath: \"/nscale_spc\"\nsharepointb:\nservice:\n# -- The other SP Instance does not need a service any more, as it is selected by the cluster service above. So we switch off the component\n# service which also switches off the ingress as it would not have a backing service any more\nenabled: false\n# -- The default contextPath for sharepointb is `nscale_spcb` to make sure we have distinguishable paths for all sharepoint instances.\n# however, in this case we re-use the service as cluster service and die ingress as cluster ingress, so we switch to the general\n# contextPath, as if it was a single component deployment\ncontextPath: \"/nscale_spc\"\n```\n"}
+{"chapter": "Sample for Solution 2", "level": 2, "text": "On the instance, define the following:\n```\ncomponents:\n# -- First, we switch the default SharePoint OFF\nsharepoint: false\n# -- Then we enable two sharepoint instances to be used with different configurations\nsharepointa: true\nsharepointb: true\nsharepointa:\nclusterService:\n# -- This enabled the cluster service\nenabled: true\n# -- the cluster Ingress needs to know the context path it should react on.\ncontextPath: \"/nscale_spc\"\ningress:\n# -- we turn off the original ingress as the common context path would block the deployment\nenabled: false\n# -- The default contextPath for sharepointa is `nscale_spca` to make sure we have distinguishable paths for all sharepoint instances.\n# however, in this case we re-use the service as cluster service and die ingress as cluster ingress, so we switch to the general\n# contextPath, as if it was a single component deployment\ncontextPath: \"/nscale_spc\"\nsharepointb:\nclusterService:\n# -- on the second SharePoint Instance, we **disable** the cluster service, as it is already created by sharepointa.\nenabled: false\n# -- however, we need to set the context path, as this tells the networkPolicy to open up for ingress even though we switch die Ingress off in the\n# next step\ncontextPath: \"/nscale_spc\"\ningress:\n# -- we turn off the original ingress as the common context path would block the deployment\nenabled: false\n# -- The default contextPath for sharepointb is `nscale_spcb` to make sure we have distinguishable paths for all sharepoint instances.\n# however, in this case we re-use the service as cluster service and die ingress as cluster ingress, so we switch to the general\n# contextPath, as if it was a single component deployment\ncontextPath: \"/nscale_spc\"\n```\n"}
+{"chapter": "Static Volumes", "level": 1, "text": ""}
+{"chapter": "Assigning PVs", "level": 2, "text": "For security reasons, you might want to use a storage class that does not perform automatic provisioning of PVs.\nIn that case, you want to reference a pre-created volume in the PVC.\nIn nplus, you can do so by setting the volumeName in the values.\nPlease review `values.yaml` as an example:\n```yaml\ndatabase:\nmounts:\ndata:\nvolumeName: \"pv-{{ .component.fullName }}-data\"\nnstl:\nmounts:\ndata:\nvolumeName: \"pv-{{ .component.fullName }}-data\"\n```\nYou can also set the environment config volume. Please refer to the environment documentation for that.\n```\nhelm install \\\n--values samples/environment/demo.yaml \\\n--values samples/static/values.yaml\nsample-static nplus/nplus-instance\n```\n"}
+{"chapter": "Creating PVs", "level": 2, "text": "https://github.com/ceph/ceph-csi/blob/devel/docs/static-pvc.md\n"}
+{"chapter": "Data Disk:", "level": 3, "text": "1. Create a pool on your cep cluster\n```\nceph osd pool create k-lab 64 64\n```\n2. Create a block device pool\n```\nrbd pool init k-lab\n```\n3. Create an image\n```\nrbd create -s 50G k-lab/pv-sample-static-database-data\nrbd create -s 50G k-lab/pv-sample-static-nstl-data\nrbd ls k-lab | grep pv-sample-static-\n```\nResize:\n```\nrbd resize --size 50G k-lab/pv-no-provisioner-database-data --allow-shrink\n```\n"}
+{"chapter": "File Share:", "level": 3, "text": "1. Create a Subvolume (FS)\n```\nceph fs subvolume create cephfs pv-no-provisioner-rs-file --size 53687091200\n```\n2. Get the path of the subvolume\n```\nceph fs subvolume getpath  cephfs pv-no-provisioner-rs-file\n```\n"}
+{"chapter": "Troubleshooting", "level": 3, "text": "```\nkubectl describe pv/pv-no-provisioner-rs-file pvc/no-provisioner-rs-file\nkubectl get volumeattachment\n```\n"}
+{"chapter": "PV Manifests", "level": 3, "text": "```yaml\napiVersion: v1\nkind: PersistentVolume\nmetadata:\nname: pv-no-provisioner-database-data\nspec:\naccessModes:\n- ReadWriteOnce\ncapacity:\nstorage: 50Gi\ncsi:\ndriver: rook-ceph.rbd.csi.ceph.com\nfsType: ext4\nnodeStageSecretRef:\n# node stage secret name\nname: rook-csi-rbd-node\n# node stage secret namespace where above secret is created\nnamespace: rook-ceph-external\nvolumeAttributes:\n# Required options from storageclass parameters need to be added in volumeAttributes\nclusterID: rook-ceph-external\npool: k-lab\nstaticVolume: \"true\"\nimageFeatures: layering\n#mounter: rbd-nbd\n# volumeHandle should be same as rbd image name\nvolumeHandle: pv-no-provisioner-database-data\npersistentVolumeReclaimPolicy: Retain\n# The volumeMode can be either `Filesystem` or `Block` if you are creating Filesystem PVC it should be `Filesystem`, if you are creating Block PV you need to change it to `Block`\nvolumeMode: Filesystem\nstorageClassName: ceph-rbd\n---\napiVersion: v1\nkind: PersistentVolume\nmetadata:\nname: pv-no-provisioner-nstl-data\nspec:\naccessModes:\n- ReadWriteOnce\ncapacity:\nstorage: 50Gi\ncsi:\ndriver: rook-ceph.cephfs.csi.ceph.com\nfsType: ext4\nnodeStageSecretRef:\n# node stage secret name\nname: rook-csi-rbd-node\n# node stage secret namespace where above secret is created\nnamespace: rook-ceph-external\nvolumeAttributes:\n# Required options from storageclass parameters need to be added in volumeAttributes\nclusterID: rook-ceph-external\npool: k-lab\nstaticVolume: \"true\"\nimageFeatures: layering\n#mounter: rbd-nbd\n# volumeHandle should be same as rbd image name\nvolumeHandle: pv-no-provisioner-nstl-data\npersistentVolumeReclaimPolicy: Retain\n# The volumeMode can be either `Filesystem` or `Block` if you are creating Filesystem PVC it should be `Filesystem`, if you are creating Block PV you need to change it to `Block`\nvolumeMode: Filesystem\nstorageClassName: ceph-rbd\n---\napiVersion: v1\nkind: PersistentVolume\nmetadata:\nname: pv-no-provisioner-rs-file\nspec:\naccessModes:\n- ReadWriteMany\ncapacity:\nstorage: 50Gi\ncsi:\ndriver: cephfs.csi.ceph.com\nnodeStageSecretRef:\nname: rook-csi-cephfs-secret\n#rook-csi-cephfs-node\nnamespace: rook-ceph-external\nvolumeAttributes:\n# Required options from storageclass parameters need to be added in volumeAttributes\nclusterID: rook-ceph-external\nfsName: cephfs\npool: cephfs_data\nstaticVolume: \"true\"\n# rootPath kriegt man per ceph fs subvolume getpath  cephfs pv-no-provisioner-rs-file\nrootPath: \"/volumes/_nogroup/pv-no-provisioner-rs-file/3016f512-bc19-4bfb-8eb2-5118430fbbe5\"\n#mounter: rbd-nbd\n# volumeHandle should be same as rbd image name\nvolumeHandle: pv-no-provisioner-rs-file\npersistentVolumeReclaimPolicy: Retain\n# The volumeMode can be either `Filesystem` or `Block` if you are creating Filesystem PVC it should be `Filesystem`, if you are creating Block PV you need to change it to `Block`\nvolumeMode: Filesystem\nstorageClassName: cephfs\n```\n"}

ai/jsonl/faq.jsonl

@@ -0,0 +1,29 @@
+{"question": "How do I add my custom Generic Base App (GBA) to the deployment?", "answer": "You can use the application chart to add your GBAs to a deployment. Please follow the instructions\nin the [chart README](../charts/application/README.md)."}
+{"question": "I do not find any of my custom objects (roles, classes, ...) from my GBA in the system. Is there an install log file that I can check?", "answer": "Yes. You can either check the log of the application job with\n```\nkubectl logs -l nplus/instance=sbs,nplus/component=application\n```\nor you can check the log at `/conf/<instance>/application/10init.log` from the environment toolbox.\nPlease check out the [chart README](../charts/application/README.md) for more information.\n> Please note, that the job/pod is automatically removed shortly after app installation, so the `kubectl logs` command might not find the ressource any more."}
+{"question": "Network Policies", "answer": "Kubernetes CNI supports the use of `NetworkPolicy` resources. Every resource, that has a NetworkPolicy attached is monitored by a compatible CNI driver such as Calico oder Cilium and Network Filter Rules are implemented.\nBy this means, one pod can only communicate with other pods, if a network rule has explicely been applied.\nnplus supports NetworkPolicies by the following control structures:\nsecurity.cni. (on component, instance or environment level)\n- defaultIngressPolicy\n    can be set to *deny*, *allow* or none.\n    *deny* will drop all undefined inbound packages,\n    *allow* will forward all undefined inbound packages\n    If not defined, the Policy will not be created.\n- defaultEgressPolicy\n    can be set to *deny*, *allow* or none.\n    *deny* will drop all undefined outbound packages,\n    *allow* will forward all undefined outbound packages\n    If not defined, the Policy will not be created.\n- createNetworkPolicy\n    toggles the policy creation in general\nFor larger projects, it is likely to have a *Central Services* Instance that hold e.g. the *Administrator* and the *Monitoring Console*. If these services are in the same namespace and within the same instance, nothing need to be done (default).\nHowever, if you use *Central Services* you can define the Namespace and the Instance of these services in order to have NetworkPolicies created for inter-namespace and inter-instance traffic.\n- administratorNamespace\n- administratorInstance\n- monitoringNamespace\n- monitoringInstance\n- pamNamespace\n- pamInstance\n> If you use a centralized *Storage Layer* and *Rendition Server*, you will have to apply extra Policies to allow access. Please remember to write ingress and egress rules.\nExample:\n```\nglobal:\n  environment:\n    security:\n      cni:\n        defaultIngressPolicy: deny\n        defaultEgressPolicy: deny\n        createNetworkPolicy: true\n```"}
+{"question": "How can I use snc in NAPPL to access my SAP System?", "answer": "To use *snc* in NAPPL, you need to\n1. Enable it in NAPPL (`nappl.snc.enabled: true`)\n2. Add the IP Range of your SAP Systems to allow egress access (`nappl.snc.sapIpRange: \"0.0.0.0/0\"`)\n3. Copy the *snc* files to the nplus environment (`kubectl cp snc nplus-toolbox-0:/conf/pool`)\nPlease find more information in the [nappl chart README](../charts/nappl/README.md)"}
+{"question": "How can I use extra fonts for rendition or OCR?", "answer": "Extra fonts, like the *mscorefonts* can be installed by copying them into the *nplus environment*. The fonts are then automatically applied to all *rendition Server* and *Application Layer* components within all *nplus Instances* within this environment.\nTo copy fonts to the pool, use\n```\nkubectl cp test/fonts nplus-toolbox-0:/conf/pool\n```\nThis copies the local *fonts* directory to the environment pool.\nThe target is `pool/fonts`, where all extra fonts must reside.\nThis is then picked up by the components."}
+{"question": "How can I completely remove any trace of *nplus* from my cluster?", "answer": "1. Remove all *nplus Instances* from your *nplus Environment*:\nIf you installed with helm:\n```\nhelm uninstall myInstance\n```\nIf you installed using Argo:\n```\nhelm install myInstance-argo\n```\nor whatever the name of your instance is.\nIf you installed by kubectl:\n```\nkubectl delefe -f myInstance.yaml\n````\nDo this for all instances.\n2. Remove the *nplus Environment* from the Kubernetes Namespace\nif installed by helm:\n```\nhelm uninstall <name>\n```\nwhere *name* is the name you used when installing\n3. Remove the *nplus Cluster* from the Kubernetes Cluster\nif installed by helm:\n```\nhelm uninstall <name>\n```\nwhere *name* is the name you used when installing"}
+{"question": "I would like to connect to the environment dav server to access the config files", "answer": "You can access the *nplus Environment conf dav server* either\n- through an ingress, if you enable it. But you might want to keep it disabled for security reasons. Instead you can access it\n- via a port forwarding from your local machine, in case you have kubectl access to the cluster:\n```\nkubectl port-forward pods/nplus-davserver-0 8080:8080\n```\nThen, you can connect to the server via http://localhost:8080/dav"}
+{"question": "How can I manually delete all Resources belonging to a specific instance?", "answer": "To delete everything belonging to a specific instance, you can use:\n```\nkubectl delete $(kubectl get svc,sts,deployment,cm,secret,networkpolicy,ing,pvc,certificate,nscale -l nplus/instance=<instance> -o name)\n```"}
+{"question": "I changed the image tag of *nscale Web*, but when I apply, the component stays healthy", "answer": "Even though it might seem *nscale Web* would not restart, it actually does.\n*nscale Web* is configured as a *Rolling Update DeamonSet*, so it first creates a new Pod and waits till that is ready. Then it stops the old one.\nDuring the update cycle, the services stays healthy.\nNotice, that the *Application* job (if defined) runs as well. That is, because updating the Web component might require new Snippets etc. to be installed,\nto *nplus* is giving the *Application* the chance to do so."}
+{"question": "Can I check out a nappl image?", "answer": "Yes, you can:\n```sh\ndocker run --rm -it ceyoniq.azurecr.io/release/nscale/application-layer:ubi.9.2.1200.2024052713 /bin/bash\n```"}
+{"question": "Can I bash into my nappljobs?", "answer": "Indeed:\n```sh\nkubectl exec --stdin --tty demo-ha-nappljobs-0 -- /bin/bash\n```"}
+{"question": "I keep getting errors, that *chmod* is not allowed on the conf file system", "answer": "This might be because you might be using a CIFS / smb shared file system (like Microsoft Azure File).\nYou can switch off all internal chmod commands by setting `.Values.global.environment.storage.conf.cifs` to `true`."}
+{"question": "We use multiple ingress controllers in different namespaces. How do we set that?", "answer": "You can set the ingress class per enviroment, per instance or per component.\nComponent bein the highest priority.\nAdditionally, you might want to set the namespace of your controller to allow ingress traffic from that namespace to the pods. Since you probably have multiple namespaces, this is a comma separated list:\n```\n# Set Ingress namespace per component\ningress:\n  namespace: \"nginx-ingress\"\n```\nor\n```\n# Set Ingress namespaces for all instances in an environment\nglobal:\n  environment:\n    ingress:\n      namespace: \"ingress, kube-system, external-ingress, internal-ingress, backup-ingress\"\n```"}
+{"question": "How do I know which tags exist in the registry?", "answer": "You can use Skopeo:\n```\nskopeo list-tags  docker://ceyoniq.azurecr.io/release/nscale/application-layer\n```\nThis lists all nappl tags in the registry"}
+{"question": "We use a forward proxy in our DMZ and have problems with OAuth (or others)", "answer": "If you use a forward proxy, such as in a DMZ Scenario, you will probably need to configure your cluster Load Balancer so it forwards the real IP adress of your clients.\nIn nginx, this is done by the setting `use-forwarded-headers` which needs to be put into the clusterwide config (this is a global option):\n```\nkind: ConfigMap\napiVersion: v1\nmetadata:\n  name: nginx-load-balancer-microk8s-conf\n  namespace: ingress\ndata:\n  use-forwarded-headers: \"true\"\n  proxy-real-ip-cidr: \"<Your Reverse Proxy IP>\"\n```\nApply this config map to your nginx LB namespace setting the IP Adress CIDR of your DMZ Reverse Proxy.\nIn the DMZ nginx configuration, make sure you submit all necessary information:\n```\nserver {\n    server_name                 demo.nscale.cloud;\n    client_max_body_size        10G;\n    proxy_set_header            X-Forwarded-For $remote_addr;\n    proxy_set_header            X-Forwarded-Host $host;\n    proxy_set_header            X-Forwarded-Proto $scheme;\n    if ( $is_bot ) { return 410; }\n    location = / { return 301 \"/nscale_web\"; }\n    location = /me { return 301 \"/auth/realms/cloud/account\"; }\n    location /robots.txt { return 200 \"User-agent: *\\nDisallow: /\"; }\n    location /nscale_web                                { proxy_pass https://dmz.lan; }\n    location ~ ^/(auth/realm|auth/login|auth/resources) { proxy_pass https://centralservices.lan; }\n    location /nscalealinst1                             { proxy_pass https://dms.lan; }\n    listen 443 ssl;\n    ssl_certificate            fullchain.pem;\n    ssl_certificate_key        privkey.pem;\n}\n```"}
+{"question": "How yan I set Ressources (CPU / RAM) for the components?", "answer": "You can set the ressources in the Values:\n```yaml\nresources:\n  requests:\n    cpu: \"100m\"         # Minimum 1/10 CPU\n    memory: \"500Mi\"     # Minimum 500 MB\n  limits:\n    cpu: \"2000m\"        # Maximum 2 Cores\n    memory: \"4096Mi\"    # Maximum 4 GB. Java will see this as total.\n```\nIf you want to set Java Memory Options:\n```yaml\njavaOpts:\n  javaMinMem: \"1024m\"\n  javaMaxMem: \"2048m\"\n```"}
+{"question": "How can I bash into nappl?", "answer": "This is an example of how to bash into a nappl, in this case empty-nappl-0:\n```\nkubectl exec --stdin --tty empty-nappl-0 -- /bin/bash\n```"}
+{"question": "How can I set the timezone?", "answer": "You can set the timezone per component, instance and/or environment, using the `timezone` value. Please refer to the\ncomponent README.md for more information."}
+{"question": "How can I use priorityClasses for the components?", "answer": "You can use an existing priorityClass by setting `priority.className: <your class>` on the component, instance or environment.\nIf you want to have the class created for you, you can set `priority.createClass: true`.\nYou can also set the desired value.\nExample:\n```yaml\npriority:\n  className: '{{ .component.fullName }}'\n  createClass: true\n  value: \"1000000\"\n```\n> If you omit the quotes for value, you will end up having a float64 like `1e+06` in your values, which will cause problems.\nTo forcefully switch off any previously set priority for a specific instance, you can override:\n```yaml\nglobal:\n  override:\n    priority:\n```\nThe **default** is to have no priorityClass at all."}
+{"question": "How can I enable and access the Web Administrator?", "answer": "To enable the nscale Administrator (Web, aka *RapAdmin*), you have to first enable the *administrator* chart in your instance:\n```yaml\ncomponents.administrator: true\n```\nBy default, the Administrator will use the standard Application Layer for login. You can change that by setting\n```yaml\nadministrator:\n  nappl:\n    host: '{{ include \"nplus.prefix\" . }}nappljobs.{{ .Release.Namespace }}'\n  waitFor:\n    - '-service {{ include \"nplus.prefix\" . }}nappljobs.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.nappl.port }} -timeout 600'\n```\nThis is an example, where we use multiple Application Layer and one designated Application Layer for Jobs. And we use this `nappljobs` for administration as well. So the above configuration changes the default and lets the admin client access nappljobs.\nIf you run the Administrator in another instance (Central Services or something alike), you can also cross namespaces and/or instances here to access multiple tenants if desired. But in that case you might need to add individual *networkPolicies* to allow access.\nOnce the Admin Client is running, you can reach it at `https://<Your Domain>/rapadm`."}
+{"question": "I want to use the same domain for my environment and my instance, so the certificates are created twice", "answer": "First of all, are you sure you want the same domain? Because the environment ingress is used by admins to access the config by dav or the monitoring data from the operator. You normally would not want that to use the same domain / ingress as the users of your services.\nHowever, if you decide to use the same domain, you can easily switch off certificate generation: Certificates are either generated by an issuer like cert-manager or are self-signed and generated by helm.\n- if `.this.ingress.issuer` is set, the chart requests this issuer to generate a tls secret with the name `.this.ingress.secret`\n  by creating a certificate resource with the name of the domain `.this.ingress.domain`\n- else, so no issuer is set, the chart checks wether the flag `.this.ingress.createSelfSignedCertificate` is set to `true` and\n  generates a tls secret with the name `.this.ingress.secret`\n- else, so neither issuer nor createSelfSignedCertificate are set, the charts will not generate anything\nAfter the instance or environment ran through the generation process, the components use the name of the tls\nsecret `.this.ingress.secret` for their ingresses, in case `.this.ingress.enabled` is `true`.\nSo to cut a long story short:\n1. You better not have the same domain for end users and admins. Please re-consider and try something like\n    - `admin.my-domain.internal` for admin access and\n    - `my-domain.cloud` for public access\n2. If you do want the same domain, you need to switch off the generation process in either the instance or the environment.\n   You can still use the same secret. As the environment is deployed before the instance, it might be a good idea to switch off the instance:\n   ```yaml\n   global:\n    ingress:\n      issuer: null\n      createSelfSignedCertificate: false\n   ```"}
+{"question": "How can I access my services with a browser?", "answer": "Well, that of course depends on\n- which services you enabled\n- if these services gain access through a web interface\n- this access (ingress) is enabled.\nYou can check like this:\n```bash\nkubectl get ingress -l nplus/instance=<your instance>\n```\nExample using the *demo-ha* example:\n```bash\n% kubectl get ingress -l nplus/instance=demo-ha\nNAME                    CLASS    HOSTS                     ADDRESS     PORTS     AGE\ndemo-ha-administrator   public   demo-ha.lab.nplus.cloud   127.0.0.1   80, 443   10h\ndemo-ha-cmis            public   demo-ha.lab.nplus.cloud   127.0.0.1   80, 443   10h\ndemo-ha-ilm             public   demo-ha.lab.nplus.cloud   127.0.0.1   80, 443   10h\ndemo-ha-mon             public   demo-ha.lab.nplus.cloud   127.0.0.1   80, 443   10h\ndemo-ha-nappl           public   demo-ha.lab.nplus.cloud   127.0.0.1   80, 443   10h\ndemo-ha-pam             public   demo-ha.lab.nplus.cloud   127.0.0.1   80, 443   10h\ndemo-ha-web             public   demo-ha.lab.nplus.cloud   127.0.0.1   80, 443   10h\ndemo-ha-webdav          public   demo-ha.lab.nplus.cloud   127.0.0.1   80, 443   10h\n```\nThen, you can drill into an ingress, to get the paths:\n```bash\nkubectl describe ingress <ingress>\n```\nYou can also get a list of all hosts + paths:\n```bash\n% kubectl get ingress -l nplus/instance=demo-ha -o json 2> /dev/null| jq -r '.items[] | .spec.rules[] | .host as $host | .http.paths[] | ( $host + .path)' | sort | grep -v ^/\ndemo-ha.lab.nplus.cloud/cmis\ndemo-ha.lab.nplus.cloud/dav\ndemo-ha.lab.nplus.cloud/engine.properties\ndemo-ha.lab.nplus.cloud/index.html\ndemo-ha.lab.nplus.cloud/modeler\ndemo-ha.lab.nplus.cloud/nscale_web\ndemo-ha.lab.nplus.cloud/nscalealinst1\ndemo-ha.lab.nplus.cloud/nscalealinst1/webb/configuration\ndemo-ha.lab.nplus.cloud/nscalealinst1/webc/configuration\ndemo-ha.lab.nplus.cloud/nscalemc\ndemo-ha.lab.nplus.cloud/rapadm\ndemo-ha.lab.nplus.cloud/res\ndemo-ha.lab.nplus.cloud/sap_ilm\n```"}
+{"question": "I would like to disable the ingress on the operator, but access it through a NodePort Service", "answer": "Sure. Just disable the ingress first on your environment deployment:\n```yaml\noperator:\n  ingress:\n    enabled: false\n```\nThen add a NodePort Service to access it:\n```bash\ncat << EOF | kubectl apply -f -\napiVersion: v1\nkind: Service\nmetadata:\n  name: nplus-operator-nodeport-access\nspec:\n  type: NodePort\n  selector:\n    nplus/component: operator\n  ports:\n    - port: 8080\n      targetPort: 8080\n      nodePort: 31976\nEOF\n```\nAccess it:\n- `http://<Your Cluster Node IP>:31976/monitoring`\n- `https://<Your Cluster Node IP>:31977/monitoring`\nhttps://10.17.1.31:31977/monitoring/index.html?page=overview"}
+{"question": "During Desaster Recovery tests we noticed that we cannot change the Document ID in runtime. What should we do?", "answer": "You can switch the component (in this case the Storage Layer as you mention the Document ID, but this method work for any component) into *Maintenance Mode*. Maintenance Mode will\n- start pods without starting the service, providing the possibility to gain access to the container to perform recovery tasks that need to be done offline. In order to do this:\n  - All *waitFor* definitions are ignored\n  - All *Health Checks* are ignored\n  - The container starts in idle\n  - Application Jobs are disabled\nYou can put a component, an instance or the whole environment into maintenance.\n```yaml\nutils:\n  maintenance: true\n```\nor global for the instance:\n```yaml\nglobal:\n  utils:\n    maintenance: true\n```"}
+{"question": "Why can't I specify pullSecrets on the waitImage?", "answer": "pullSecrets are defined at pod level, not at container level. WaitFor is a container, so it doesn't have its own pullSecrets but rather takes the pod ones."}
+{"question": "We do not want to use argoCD Waves, can we switch it off?", "answer": "Yes, just add the following to the `values.yaml` to globally turn off the argoCD Wave feature:\n```yaml\nglobal:\n  utils:\n    disableWave: true\n```\nPlease also see the *nowaves* example"}
+{"question": "Out Instances became pretty large with lots of components and multiple team members working on parts of it. Can we somehow slices it into smaller chunks?", "answer": "Yes, you can. Simply create multiple Instances with the components you like and then join them all together using a common `.instance.group` tag.\nThis will open the firewall (Network Policies) to allow traffic within the group / between multiple Instances.\nPlease see the *group* example for details"}
+{"question": "I get frequent DV/DA HID check failures in nstl in my dev Environment", "answer": "In the lab / dev environment, you probably quite often throw away the data disk while keeping the conf folder. The default for the DA_HID.DAT is the conf folder, so they do not match any more. You can easily switch the check off:\n```yaml\nnstl:\n  checkHighestDocId: \"0\"\nnstla:\n  checkHighestDocId: \"0\"\nnstlb:\n  checkHighestDocId: \"0\"\n```\nif you do this in the environment, you have globally switched all nstl da checks off."}
+{"question": "We use the postgres DB for DEV and would like to get a dump. How can we do that?", "answer": "You can call pg_dump from the command line. Make sure you have the right password and pod.\n```\nkubectl exec --stdin --tty sample-empty-database-0 -- env PGPASSWORD=\"postgres\" pg_dump -U postgres -w nscale > test.dump\n```"}

ai/jsonl/image.jsonl

@@ -0,0 +1 @@
+{"chapter": "Common Image Configuration", "level": 2, "text": "The `image` configuration consists of\n- the Image Name\n- the Image Repository\n- the Image Tag\n- the Image Pull Policy\nIf the Pull Policy is not set, it is automatically `IfNotPresent`.\nThe `Repository` can be overridden at Instance Level and Environment Level to accomodate multiple stages:\n```\nimage:\nname: test\ntag: 1.0.0\nrepo: cr.nplus.cloud          # Prio 3\npullPolicy: Always\nglobal:\nrepo: myrepo_i1               # Prio 4\nrepoOverride: myrepo_i2       # Prio 2\nenvironment:\nrepo: myrepo_e1             # Prio 5\nrepoOverride: myrepo_e2     # Prio 1\n```\nIn this example, finding the repo to use would be:\n```helm\n$repo := global.environment.repoOverride | default global.repoOverride | default image.repo | default global.repo | default global.environment.repo\n```\nOnce you override the repo, you might als want to override the `pullSecrets` globally to allow login to your private registry. Since you do not want to do that per image definition, you - just like the repos - can override that globally:\n```\nglobal:\npullSecretsOverride:\n- myPrivateRegistrySecret\n```\nThe override procedure is identical to the repo example above.\n**The Use Case** is to easily enable you to download the images to a private and secure registry. *nplus* by default uses the official registries, but\nthat is most likely not wanted by enterprise customers. So you can just set your own registry in the environment and keep dev, qa and prod apart and secured.\n"}

ai/jsonl/ingress.jsonl

@@ -0,0 +1,2 @@
+{"chapter": "Common Ingress Configuration", "level": 2, "text": "The Ingress Configuration can be performed at various levels:\n- Per Component / Chart\n`ingress.`\n- Per Instance\n`global.ingress.`\n- Per Environment\n`global.environment.ingress.`\nThis enables you to have configuration yaml files per environment (e.g. for DEV, QA and PROD) setting environment defaults.\nYou then do not have to touch the Instance configuration.\nExample:\n```\nhelm upgrade -i \\\n--values $SAMPLES/big-instance.yaml \\\n--values $SAMPLES/applications.yaml \\\n--values $SAMPLES/dev.yaml \\\ndemo nplus/instance-argo\n```\nYou might have your Instance values in the `big-instance` file, the Apps you want to have deployed to that instance\nin the `applications` file, and then you add your default setting for the `dev` stage, potentionally overwriting anything\nfrom the above. The priority in this is *last one wins*.\n> The Values are taken by the chart in the following order:\n> Component, then Instance, then Environment.\nIf no value is set, the configuration is dropped from the manifest.\nIn the following table, you see what value can be defined in which section:\n| Key  | Component  | Instance  | Environment |\n| ---- | ----------- | ----------- | ----------- |\n| domain | ✔︎ | ✔︎ | ✔︎ |\n| issuer | ✔︎ | ✔︎ | ✔︎ |\n| class | ✔︎ | ✔︎ | `public` |\n| enabled | ✔︎ | - | - |\n| backendProtocol | ✔︎ | - | - |\n| cookie | ✔︎ | - | - |\n| inputPath | ✔︎ | - | - |\n| deny  | ✔︎ | - | - |\n| whitelist | ✔︎ | ✔︎ | ✔︎ |\n| namespace | ✔︎ | ✔︎ | ✔︎ |\nFor the component ingress, you can specify the following values:\n| Key | Description | Default |\n|-----|-------------|---------|\n| backendProtocol | choose wether you want http or https as the backend protocol. This will encrypt traffic from the ingress controller to your pods if you set it to https. | `\"http\"` |\n| class | sets the ingressclass to use. e.g. `public` or `nginx` | `\"public\"` |\n| cookie | on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web | component dependent |\n| domain | sets the ingress domain, like `tenant1.mydomain.com`. If no domain is set, no ingress will be configured automatically | none |\n| enabled | on component level, enable or disable the ingress | component dependent |\n| inputPath | this defines the path (on component level) for this component Example: `nscale_web` for nscale Web | component dependent |\n| issuer | if you use *cert-manager* or any other certificate issuer, you can add the class here to hand certificate issuing requests to this issuer. if you do not set any issuer, the chart will generate a self-signed certificate for your ingress (if you defined a domain) |  |\n| deny | you can specify specific paths to be denied by this ingress | component dependent |\n| whitelist | optionally specify a list of allowed ip ranges to use an ingress | not restricted |\n| namespace | when securing the instance with network policies, you can specify the source namespace of the ingress controller | \"ingress\" |\n| annotations | adds extra annotations\n> Please the the FAQ for information about using a DMZ, where additional cluster configuration will be necessary\n"}
+{"chapter": "Annotations", "level": 3, "text": "You can add extra Annotations to the ingress by adding\n```\nglobal:\ningress:\nannotations:\nnginx.org/proxy-connect-timeout: \"30s\"\nnginx.org/proxy-read-timeout: \"20s\"\nnginx.org/client-max-body-size: \"4m\"\nnginx.org/server-snippets: |\nlocation / {\nreturn 302 /coffee;\n}\n```\n"}

ai/jsonl/java.jsonl

@@ -0,0 +1 @@
+{"chapter": "Definig Java VM Resources", "level": 2, "text": "For those components implemented in Java, it is possible to set Java Options:\n- nscale CMIS Connector\n- nscale ILM Connector\n- nscale Application Layer\n- nscale Rendition Server\n- nscale Web\n| Key | Description | Default |\n|-----|-------------|---------|\n| javaOpts.javaMaxRamPercentage | Maximum memory given to Java in % | - |\n| javaOpts.javaMinMem | Minimum memory given to Java | - |\n| javaOpts.javaMaxMem | Maximum memory given to Java | - |\n| javaOpts.javaMisc | Additional Java Options | - |\n> **Note**: if you defined settings for *appDynamics*, the agent will automatically be added to the Java Options when the above components are run. Please refer to `global.appDynamics.agent` for more information.\n"}

ai/jsonl/mounts.jsonl

@@ -0,0 +1,12 @@
+{"chapter": "Common Storage Configuration", "level": 2, "text": "This works just the same way as the Ingress settings: The Configuration can be performed at various levels:\n- Per Component / Chart\n`storage.`\n- Per Instance\n`global.storage.`\n- Per Environment\n`global.environment.storage.`\nThis enables you to have configuration yaml files per environment (e.g. for DEV, QA and PROD) setting environment defaults.\nYou then do not have to touch the Instance configuration.\nFor storage, there are several volume types:\n- **conf**, Shared File, RWX, global per environment\n- **data**, Disk, RWO, optional per component\n- **file**, Shared File, RWX, optional per ReplicaSet\n- **temp**, EmptyDir\n- **ptemp**, Shared File, RWX, global per environment\n- **log**, EmptyDir, should be empty, so just in case\n- **pool**, optional path on the conf share mounted by some components\n- **generic**, allows to mount any pre-defined PV into a container\n"}
+{"chapter": "conf", "level": 3, "text": "The *conf* storage is a global PVC with RWX (file) shared by every component in the environment. The component creates a sub directory\non the share and mounts it to the config directory in the container.\n`storage.conf.name` sets the name of the PVC to be created and used.\n`mounts.conf.path` defines the target directory in the container.\nAs the environment normally provides the *conf* share, you can set the class and the size in the environment.\nIf you habe your RWX storage class provided by a CIFS / SMB shared file system, you need to disable linux commands like *chmod*.\nThis can be done in the storage environment settings:\n```\nglobal:\nenvironment:\nstorage:\nconf:\ncifs: true\n```\n"}
+{"chapter": "data", "level": 3, "text": "Every component can create a data PVC with RWO (disk). You can set the `class` for this disk directly at the mount definition `mounts.data.class`. If unset, it uses the definition for the data class from `global.storage.data.class` or from the environment definition at `global.environment.storage.data.class`.\nIf the class is not defined, it is not included in the manifest and so the cluster default is taken.\nSet the size at `mounts.data.size`.  No default for the size.\n"}
+{"chapter": "file", "level": 3, "text": "Every component can create a file PVC with RWX (shared file). You can set the `class` for this share directly at the mount definition `mounts.file.class`. If unset, it uses the definition for the file class from `global.storage.file.class` or from the environment definition at `global.environment.storage.file.class`.\nIf the class is not defined, it is not included in the manifest and so the cluster default is taken.\nSet the size at `mounts.file.size`.  No default for the size.\nThis file mount is used for example for the *nscale Rendition Server* to create a common workload directory for all PODs across cluster nodes.\n"}
+{"chapter": "temp", "level": 3, "text": "If a *temp* mount point is given in the values file, it creates an `emptyDir` volume with the `sizeLimit` of `mounts.temp.size`. If no limit is given, the volume will have no limit and the cluster node default is used.\nIf you want to back this volume by memory, specify `mounts.temp.medium: memory`. Be aware, that this will utilize a RAM disk and count against your PODs resources.\n> The *nscale Application Layer* caches fulltext data in temp. Please be aware of your component behaviour when setting medium and size. Your plugins might be requireing speed or size.\n"}
+{"chapter": "ptemp", "level": 3, "text": "*ptemp* is a shared, persistant version of temp. It is used to store temporary data, that needs to live beyond the life of a pod, like exports from the database or account logs from storage layer.\nThe ptemp is created by the environment and all pods are free to use it, just like conf.\n"}
+{"chapter": "logs", "level": 3, "text": "If a *logs* mount point is given in the values file, it creates an `emptyDir` volume with the `sizeLimit` of `mounts.logs.size`. If no limit is given, the volume will have no limit and the cluster node default is used.\nThe components are writing logs to `stdout` and `stderr`, so the logs directory should not be necessary. This is just in case any plugin writes something to the contaainers file system.\nAdditionally, if you use the *nplus Remote Management Server* component, you might want the legacy way of reading log files, and this would be the storage for that.\n"}
+{"chapter": "pool", "level": 3, "text": "You can define a path at `mount.pool`, then this component will have access. This is used to hand binary data to the components, such as plugins or *nscale Generic Base Apps* along with the *nscale App Installer*.\n"}
+{"chapter": "Pre-Created Persistent Volumes", "level": 3, "text": "For security reasons, Persistent Volumes can be pre-created and then referenced by the PVC. In order to do so, you can set\n- `storage.conf.volumeName` in the environment configuration to set a specific volume reference for the config share, and\n- `mounts.data.volumeName` in each components values to set a specific volume reference for the (optional) data volume, as well as\n- `mounts.file.volumeName` in each components values to set a specific volume reference for the (optional) file volume\nAs the volume is specific to a certain volume, it cannot be set globally.\n"}
+{"chapter": "Setting storage values", "level": 3, "text": "| Key  | Component  | Instance  | Environment |\n| ---- | ----------- | ----------- | ----------- |\n| conf.name | ✔︎ | ✔︎ | `conf` |\n| data.class | ✔︎ | ✔︎ | ✔︎ |\n| data.size | ✔︎ | - | - |\n| data.paths | predefined list | - | - |\n| data.volumeName | ✔︎ | - | - |\n| file.class | ✔︎ | ✔︎ | ✔︎ |\n| file.size | ✔︎ | - | - |\n| file.paths | predefined list | - | - |\n| file.volumeName | ✔︎ | - | - |\n| temp.size | ✔︎ | - | - |\n| temp.medium | ✔︎ | - | - |\n| temp.path | predefined | - | - |\n| logs.size | ✔︎ | - | - |\n| logs.medium | ✔︎ | - | - |\n| logs.path | predefined | - | - |\nAvoid to change the values marked as *predefined*.\n"}
+{"chapter": "Working with Certificates", "level": 3, "text": "There are two types of certificates than you might want to customize in your deployment:\n- (Root-) Certificate Authorities\n- Private Certificates and Key Files\n**Root CA** extensions will be needed if you want to access other services via https (egress), that have certificates signed by a non-default authority.\nIn that case, you can upload the authority (public) certificate to trust it.\nThe process differs from component to component, as some are written in java (and require the certificate to be inside a keystore)\nand others are written in C++ or else and might require a PEM certificate store (like the Storage Layer).\nFirst thing is to create the store in whatever format it is needed and then upload it into a secret. Within the helm values, you can then\nset the destination path and file name next to the secret where you stored the certificate. There can be multiple certificates.\n```\nmounts:\ncaCerts:\npaths:\n- \"/etc/pki/tls/certs/ca-bundle.crt\"\n- \"/usr/lib/jvm/jre/lib/security/cacerts\"\nsecret: ca-secret\n```\nIn this example, the secret *ca-secret* needs to hold two files:\n- a cacerts file (under that key), which is a java keystore file and will\nbe placed as the cacerts file in the Java deployment of the component (In this case the NAPPL).\n- a *ca-bundle.crt* file which is a PEM format file that holds all trusted CAs you need.\nThe *paths* list defines the path and filename of the target as well as the key of the files within the secret.\nIn Storage Layer, this might look like this:\n```\nmounts:\ncaCerts:\npaths:\n- \"/opt/ceyoniq/nscale-server/storage-layer/etc/CA.CER\"\nsecret: ca-secret\n```\nIn this case, the Sorage Layer requires the root ca certs to be a file of exactly this name in the etc directory of the deployment.\nPlease consult the storage layer manual for more information.\n**component Certificates** and Key files are normally used to hold private tls certificates to encrypt https traffic (ingress).\nThe configuration of these keystores is identical to the ca stores:\n```\nmounts:\ncomponentCerts:\npaths:\n- \"/opt/ceyoniq/nscale-server/application-layer/conf/certificates.store\"\nsecret:\n```\nIn this case, the secret must have a key named *certificates.store* that holds the java keystore with the required certificates.\n> Please note, that alternatively, you can also upload this file to the conf directory of the application layer. If you do not specify a secret, this\nmount will not be implemented.\nUploading to this file to the conf would be like this:\n```\nkubectl cp certificates.store nplus-toolbox-0:/conf/<myInstance>/nappl\n```\n**Alternatively, you can also define a configMap** for the public CA certificates, then the configuration would be like this:\n```\nmounts:\ncaCerts:\npaths:\n- \"/opt/ceyoniq/nscale-server/storage-layer/etc/CA.CER\"\nconfigMap: ca-map\n```\n"}
+{"chapter": "Using the generic mount interface", "level": 3, "text": "This allows you to mount any pre-provisioned PVs, secret or configMap as a directory or single file into any container.\nIt can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.\nUse the following format:\n```\nmounts:\ngeneric:\n- name: <name>:\npath: <the path in the container, where you want to mount this>\nvolumeName: <the name of the PV to be mounted>\nconfigMap: <the name of the configMap to bemounted>\nsecret: <the name of the secret to bemounted>\nsubPath: [a (optional) subpath to be used inside the PV]\naccessMode: <ReadWriteMany|ReadWriteOnce|ReadOnlyMany|ReadWriteOncePod>\nsize: <size request>\n```\nPlease see the *generic* sample in the samples directory for detailes.\n"}

ai/jsonl/operations1.jsonl

@@ -0,0 +1,2 @@
+{"chapter": "Day 1 Ops: Install, Update, Uninstall", "level": 1, "text": "1. Install instance *sample*\nTo demonstrate, we use the sample-tenant chart we find in the samples directory. The main difference\nto the default instance chart is, that a domain is set to `*.sample.nplus.cloud`, so we will be able to\nlog into the web client right away if we redirected this domain correctly.\nYou can easily adopt the examples to your environment.\n```\nhelm install sample nplus/sample-tenant --version 9.0.1400\n```\n2. **Rolling update** of instance *sample* to a later monthly release\nAll nscale components support rolling updates, **but** the *nscale Application Layer*.\nAs the Application Layer has the connection to the database, and this depends on the DB scheme,\nonly cluster members with the same version can work with that DB at the same time.\nThere are no scheme updates in monthly releases, so we can use the default rolling updates here.\n```\nhelm upgrade sample nplus/sample-tenant --version 9.0.1501\n```\n3. **Minor / Major Update** of instance *sample*\nMinor or Major updates require the *nscale Application Layer* to have the same version on all cluster nodes. And since the *nscale Pipeliner* may also have an integrated *nappl* in core mode, we also need to update the pipeliner at the same time.\nWe first need to shut down all *nappl* cluster members, so set the *nscale Application Layer*, the potential *nappl Jobs Node* and the *nscale Pipeliner* stateful sets to replica 0.\nIn *nplus*, these replicaSets are labeled with `nplus/type=core`, so we can easily select them:\n```\nkubectl scale statefulset -l nplus/type=core,nplus/instance=sample --replicas=0\n```\nAfter that, the update is just like a monthly release:\n```\nhelm upgrade sample nplus/sample-tenant --version 9.1.1001\n```\n> As nplus does not know if you run the Pipeliner in core mode, make sure you change the default type `pipeliner` to `core` when installing, indicating that this pipeliner node needs to be scaled down as well.\n4. **Uninstall** the instance *sample*\n\n```\nhelm uninstall sample\n```\n"}
+{"chapter": "Install, Update, Uninstall *with argoCD*", "level": 1, "text": "1. Install instance *sample-argo*\n```\nhelm install sample-argo nplus/sample-tenant-argo --version 9.0.1400\n```\n2. **Rolling update** of instance *sample-argo* to a later monthly release\n```\nhelm upgrade sample-argo nplus/sample-tenant-argo --version 9.0.1501\n```\n3. **Minor / Major Update** of instance *sample-argo*\nThe difference to a deployment without argoCD is, that if we manually scale down the *nappl* cluster nodes,\nargoCD tries to immediately **heal** this discrepancy between the description and the status.\nSo we first switch off this healing mechanism, to be able to scale down:\n```\nkubectl -n argocd  patch --type='merge' application sample-argo -p \"{\\\"spec\\\":{\\\"syncPolicy\\\":null}}\"\n```\nAfter that, it is the same update procedure as we have with a standard deployment:\n```\nkubectl scale statefulset -l nplus/type=core,nplus/instance=sample-argo --replicas=0\nhelm upgrade sample-argo nplus/sample-tenant-argo --version 9.1.1001\n```\nWhen done, we switch the healing back on which will start to re-sync and recreate all cluster members\nwith the new version:\n```\nkubectl -n argocd patch --type=merge application sample-argo -p \"{\\\"spec\\\":{\\\"syncPolicy\\\":{\\\"automated\\\":{\\\"prune\\\":true,\\\"selfHeal\\\":true}}}}\"\n```\n4. **Uninstall** the instance *sample-argo*\n\n```\nhelm uninstall sample-argo\n```\n"}

ai/jsonl/operations2.jsonl

@@ -0,0 +1,11 @@
+{"chapter": "Day 2 Ops: Tips & Tricks", "level": 1, "text": ""}
+{"chapter": "Re-Installation, re-using the former volumes", "level": 2, "text": "Whether with or without ArgoCD, the used volumes can be reattached during reinstallation. However, a few steps are required:\n1. **Before** deleting the instance, set the instance volumes to *Retain*:\n```bash\nkubectl get pv | grep Delete | grep demo-argo | cut -d' ' -f1 | xargs -I PV_NAME \\\nkubectl patch pv PV_NAME -p '{\"spec\":{\"persistentVolumeReclaimPolicy\":\"Retain\"}}'\n```\n2. **After** deletion, these volumes will be in *Released* state.\nHere, the ID of the old PVC must be deleted, but not the entire Ref, otherwise, the disk cannot be assigned to the instance and service later.\n```bash\nkubectl get pv -A | grep Released | grep demo-argo | cut -d' ' -f1 | xargs -I PV_NAME \\\nkubectl patch pv PV_NAME --type json -p '[{\"op\": \"remove\", \"path\": \"/spec/claimRef/uid\"}]'\n```\nNow, the volumes are in an *Available* state and still have the *claimRef* of the instance and the component. If you now recreate the instance, these disks/volumes will be correctly reused.\nExample:\n```bash\nhelm upgrade --install demo-argo nplus/instance-argo --version 9.1.1001\n```\nHowever, if you create an instance with a different name, the claimRefs won't match, and new volumes will be generated.\n"}
+{"chapter": "Cleanup / Completely remove an instance", "level": 2, "text": "1. **Uninstall** the helm charts\nDeletion is *Cascading*, meaning it deletes everything it installed.\n```bash\nhelm uninstall demo-argo\nhelm uninstall demo\n```\n2. The **configuration** is in the **git** of the Toolbox, and it needs to be removed\n```bash\nkubectl exec --stdin --tty nplus-0 -- rm -rf /conf/demo\nkubectl exec --stdin --tty nplus-0 -- rm -rf /conf/demo-argo\n```\n3. If the volumes were **not** on *Delete* but on *Retain*, they can be deleted:\n```bash\nkubectl get pv -A | grep Released | grep \"demo\" | cut -d' ' -f1 | xargs -n1 kubectl delete pv\n```\nNow you can start over.\n"}
+{"chapter": "Working with Persistent Volumes", "level": 2, "text": ""}
+{"chapter": "Delete all \"Released\" PV", "level": 3, "text": "```bash\nkubectl get pv -A | grep Released | cut -d' ' -f1 | xargs -n1 kubectl delete pv\n```\n"}
+{"chapter": "Delete all \"Available\" PV", "level": 3, "text": "```bash\nkubectl get pv -A | grep Available | cut -d' ' -f1 | xargs -n1 kubectl delete pv\n```\n"}
+{"chapter": "Make \"Released\" PVs available again", "level": 3, "text": "1. Switch Delete to Retain:\n```bash\nkubectl get pv | grep Delete | grep demo-argo | cut -d' ' -f1 | xargs -I PV_NAME \\\nkubectl patch pv PV_NAME -p '{\"spec\":{\"persistentVolumeReclaimPolicy\":\"Retain\"}}'\n```\n2. Delete ClaimRef UID\n```bash\nkubectl get pv -A | grep Released | grep demo-argo | cut -d' ' -f1 | xargs -I PV_NAME \\\nkubectl patch pv PV_NAME --type json -p '[{\"op\": \"remove\", \"path\": \"/spec/claimRef/uid\"}]'\n```\n"}
+{"chapter": "Monitoring", "level": 2, "text": "The Monitoring Console can be configured through the RAP Administrator. For each component to be monitored, an entry needs to be added in a component group (RMS doesn't exist!).\nAs a \"computer,\" FQDN, `<instance>.<service>.<namespace>` can be used, for example, `demo-ha-nappl-0.demo-ha-nappl.lab`.\n"}
+{"chapter": "Restart a pod", "level": 2, "text": "A Pod might be stuck and you might need to re-deploy this replicaset.\nThis example restarts the *web* component of instance *empty*:\n```\nkubectl rollout restart $(kubectl get deployment,statefulset -l nplus/component=web,nplus/instance=empty -o name)\n```\nTo restart all replicasets without available pods, use\n```\nkubectl get deployment,statefulset --field-selector=status.availableReplicas=0\n```\n"}
+{"chapter": "Delete pending pods to have them re-created by the replicasets", "level": 2, "text": "When a pod gets into pending state forever, that is due to a lack of resources, tolerations or missing PVs.\nYo should correct the cause and then you can simply delete the pod and have it re-created by the RS.\nThis is how you get all pending pods:\n```bash\nkubectl get pods --field-selector status.phase=Pending\n```\nYou can delete all of them by\n```bash\nkubectl delete $(kubectl get pods --field-selector status.phase=Pending -o name)\n```\n"}
+{"chapter": "Deleting all jobs", "level": 2, "text": "```bash\nkubectl delete $(kubectl get jobs -o name)\n```\n"}

ai/jsonl/overview.jsonl

@@ -0,0 +1,6 @@
+{"chapter": "Setting up a demo / dev infrastructure", "level": 1, "text": "- If you do not have a running system yet, please see the [Infrastructure Guide](docs/infrastructure.md) to install a *microk8s* based demo system\n- If you like to run a full demo system incl. ArgoCD, MetalLb, and cert-manager, please see the [Add-On Guide](docs/addons.md) and read how to add the additional components to your demo *microk8s* cluster\n"}
+{"chapter": "Getting the first *nplus Instance* up and running", "level": 1, "text": "- In the [Quickstart Guide](docs/quickstart.md), you will learn how to install the first nplus system.\n- To check out the installation of an nplus Instance using ArgoCD, please see the [ArgoCD Quickstart Guide](docs/quickstart-argo.md).\n"}
+{"chapter": "Examples of more complex setups", "level": 1, "text": "- Have a look at the [samples directory](samples) to see how Instances get deployed in the *nplus Demo Environment*.\n"}
+{"chapter": "Operations", "level": 1, "text": "- [Day One Operations](docs/operations1) shows how to install, update and uninstall instances\n- [Day Two Operations](docs/operations2) explains how to re-use Persistent Volumes, Perform a proper cleanup after uninstall and tips on monitoring\n"}
+{"chapter": "Limitations, Cookbook & FAQ", "level": 1, "text": "- please note the [limitations](docs/limitations.md) of the system\n- there is a FAQ located [here](docs/faq.md)\n- *nplus* also has a [cookbook](docs/cookbook.md), which is an *easy reading* version of all the READMEs from the samples. So basically you will get all source files of the [cookbook](docs/cookbook.md) in the [samples directory](samples)\n"}
+{"chapter": "Further Reading", "level": 1, "text": "- For each component, there are corresponding instructions in the README of the chart.\nYou can always get the most up-to-date information via Helm, for example, for the Instance Chart:\n```\nhelm show readme nplus/nplus-instance\n```\nor here:\n**Environment**\n\n- [nplus Environment Chart README](charts/environment/README.md)\n\n**Instance**\n\n- [nplus Instance Chart README](charts/instance/README.md)\n- [nplus Instance ArgoCD Chart README](charts/instance-argo/README.md)\n\n**Components**\n\n- [nscale Application Layer Chart README](charts/nappl/README.md)\n- [nscale Storage Layer Chart README](charts/nstl/README.md)\n- [nscale Pipeliner Chart README](charts/pipeliner/README.md)\n- [nscale CMIS Connector Chart README](charts/cmis/README.md)\n- [nscale ILM Connector Chart README](charts/ilm/README.md)\n- [nscale Web Chart README](charts/web/README.md)\n- [nscale Monitoring Console Chart README](charts/mon/README.md)\n- [nscale Rendition Server Chart README](charts/rs/README.md)\n- [nscale Process Automation Modeler Chart README](charts/rms/README.md)\n- [nscale Sharepoint Connector Chart README](charts/sharepoint/README.md)\n- [nscale WebDAV Connector Chart README](charts/webdav/README.md)\n- [nplus Remote Management Server Chart README](charts/rms/README.md)\n- [Postgres Database Chart README](charts/database/README.md)\n\n**Application**\n\n- [nplus Application Chart README](charts/application/README.md)\n- Please see the [Version History](HISTORY.md) for a changelog\n"}

ai/jsonl/priority.jsonl

@@ -0,0 +1 @@
+{"chapter": "Priority Class", "level": 2, "text": "You can select a specific *PriorityClass* which is then used for this component. If you enable `createClass`, it will be created.\n"}

ai/jsonl/quickstart-argo.jsonl

@@ -0,0 +1,9 @@
+{"chapter": "Adding ArgoCD", "level": 1, "text": "In order to be able to deploy *nplus instances* using ArgoCD, you need to add the Chart Repository to Argo:\n```\ncat << EOF | kubectl apply -f -\napiVersion: v1\nkind: Secret\nmetadata:\nname: nplus-repo\nnamespace: argocd\nlabels:\nargocd.argoproj.io/secret-type: repository\nstringData:\ntype: helm\nurl: https://git.nplus.cloud\npassword: $NPLUS_TOKEN\nusername: $NPLUS_ACCOUNT\nEOF\n```\n> This requires the Environment Variables for the *NPLUS_ACCOUNT* and *NPLUS_TOKE* to be set. Check the Quickstart Guide if you are uncertain\nNow you are good to go adding an instance using ArgoCD. We will re-use the myinstance.yaml we created during the Quickstart Guide. You will also find it in [Samples](../samples/myinstance.yaml).\n```\nhelm upgrade -i \\\n--values myinstance.yaml \\\nmyinstance-argo nplus/nplus-instance-argo\n```\nThe only difference with ArgoCD is, that we use a different Chart for the instance: *nplus-instance-argo*.\nThe settings / values file is identical.\n![&nbsp](assets/argo1.png)\nArgoCD will automatically pick up the new instance and start installing it.\nYou can check via command line\n```\n# kubectl get instance\nNAME              HANDLER   VERSION    TENANT    STATUS\nmyinstance        Helm      9.1.1501   default   healthy\nmyinstance-argo   argoCD    9.1.1501   default   healthy\n```\nOr via agroCD Web UI the current status of the deployment\n![&nbsp](assets/argo2.png)\n>  The Instance will report *healthy* in argoCD as well as using command line, even though the SBS Installer is not ready yet (as Applications are installed asynchronously as soon as the instance is healthy)\nAs soon as the Application Installer is done, it looks like this:\n![&nbsp](assets/argo3.png)\n"}
+{"chapter": "Monitoring ArgoCD", "level": 1, "text": "ArgoCD also has a custom resource, called *application*. The nscale argoCD Resources are created in the *argocd* Namespace. You can get them by\n```\n"}
+{"chapter": "kubectl get app -n argocd", "level": 1, "text": "NAME              SYNC STATUS   HEALTH STATUS\nmyinstance-argo   Synced        Healthy\n```\nOf course you can also check with\n```\n"}
+{"chapter": "kubectl get instances", "level": 1, "text": "NAME              HANDLER   VERSION    TENANT    STATUS\nmyinstance        Helm      9.1.1501   default   healthy\nmyinstance-argo   argoCD    9.1.1501   default   healthy\n```\nBut if you require detailed information, the best is to start describing the argoCD App:\n```\n"}
+{"chapter": "kubectl describe app myinstance-argo -n argocd", "level": 1, "text": "```\nThis gives you a much higher level of detail.\n"}
+{"chapter": "Troubleshooting ArgoCD", "level": 1, "text": ""}
+{"chapter": "Cache", "level": 2, "text": "ArgoCD caches helm Chart content. This can be a problem especially during development, when you might now always increase version numbers.\nThen, you might want to hard reset an argoCD Appication to void the cache:\n```\nkubectl patch app/myinstance-argo -n argocd --type merge -p='{\"metadata\": {\"annotations\":{\"argocd.argoproj.io/refresh\": \"hard\"}}}'\n```\n"}
+{"chapter": "Finalizer", "level": 2, "text": "Finalizers in Kubernetes are taking care of cleanup tasks. Sometimes, these finalizers in argoCD get stuck on deleting complex nplus instances. As a last option, you might want to try removing the finalizer and then cleaning the instance up manually:\n```\nkubectl patch app/myinstance-argo -n argocd \\\n--type json \\\n--patch='[ { \"op\": \"remove\", \"path\": \"/metadata/finalizers\" } ]'\n```\nThen delete the argoCD Application:\n```\nkubectl delete app/myinstance-argo -n argocd\n```\nSince the finalizer did not clean up, all *nplus instance* parts are still there. Luckily, they are labeled, so easy to identify:\n```\nkubectl get all,pvc,ing -l nplus/instance=myinstance-argo\n```\nWe can now use this list to delete everything:\n```\nkubectl delete $(kubectl get all,pvc,ing -l nplus/instance=myinstance-argo -o name)\n```\n> ArgoCD does not use helm to install but rather get the helm template and renders it internally. So there is no need to clean up helm after removing the argo app.\n"}
+{"chapter": "Default Waves", "level": 1, "text": "The instance chart has some default waves defined. You can use them or overwrite the values with your own demands:\n- **wave 1**: prepper\n- **wave 2**: requirements: nstl, database\n- **wave 3**: essential services: rs, nappljobs, nappl (standalone, if jobs are enabled)\n- **wave 4**: hook: free to use for anything that needs to be done before the cluster starts\n- **wave 5**: consumer services: nappl (serving consumers) if jobs are disabled\n- **wave 6**: consumer services: web\n- **wave 7**: peripheral services: mon, pipeliner, ilm, cmis, webdav, sharepoint\n- **wave 8**: tools: administrator, pam\n- **wave 9**: tools: rms (Remote Management Server)\n- **wave 10**: solutions: application (incl. GBAs)\n"}

ai/jsonl/quickstart.jsonl

@@ -0,0 +1,17 @@
+{"chapter": "*nplus* Quickstart Guide", "level": 1, "text": "The charts are built in a way that they provide minimal functionality without any configuration, using default values.\n- If you want ingress, you have to configure the domain. Without the domain set, your charts will not have any default way to access them. However, you can still forward traffic to them or configure a *NodePort* or *LoadBalancer* manually.\n- If you want proper TLS, you need a certificate. Without the certificate provided, a self-signed certificate will secure your connection.\n- If you want specific storage, configure the storage class to use. Without it, you will get the default class for RWO and RWX.\nThis Quick Start example has nothing configured, so you will get:\n- No ingress, and\n- Default storage.\n"}
+{"chapter": "Access to the *nplus* Subscription and the nscale License", "level": 1, "text": "You need access to:\n- The *nplus* Helm chart repository\n- The *nplus* container registry\n- The *nscale* license\n- The *nscale* container registry\nIn the next examples, we will use environment variables to access:\n```bash\nNPLUS_ACCOUNT=\"[your nplus subscription]\"\nNPLUS_TOKEN=\"[your nplus access token]\"\nNSCALE_ACCOUNT=\"[your account to access the Ceyoniq container registry]\"\nNSCALE_TOKEN=\"[the access token for above]\"\nNSCALE_LICENSE=\"[the path and license file to use]\"\n```\n"}
+{"chapter": "The nplus helm repository", "level": 2, "text": "You can register the *nplus* Helm registry:\n```bash\nhelm repo add nplus https://git.nplus.cloud \\\n--username $NPLUS_ACCOUNT \\\n--password $NPLUS_TOKEN\nhelm repo update\n```\nYou should now be able to access the charts:\n```bash\n% helm search repo nplus --versions --devel\nNAME                            CHART VERSION  APP VERSION  DESCRIPTION\ngitea/nplus-application         9.1.1201-16    0.2.2        Application Chart\ngitea/nplus-application         9.1.1201-15    0.2.2        Application Chart\ngitea/nplus-application         9.1.1201-14    0.2.2        Application Chart\n...\n```\n> The `--devel` option gives you beta versions as well. Otherwise, you will only see release versions.\n"}
+{"chapter": "The nscale license", "level": 2, "text": "Make sure you received an nscale license that fulfills the following criteria:\n- `Container: 1` - otherwise it will not allow to be run in a container environment\n- The Storage Layer `ServerID` *must not* be included in the license, as we cannot override it if it is fixed\n- `FullyQualifiedHostName: 0` - If this setting is *on*, the nstl will not work without the ServerID in the license\n- `DomainOnly: 1` - If this setting is *on*, the nstl will not work without the ServerID in the license\n- `hostname: \"*\"` - As hostnames are not really deterministic in Kubernetes, we need a license that allows the hosts to\nhave *any* name.\n- Make sure you have the storage adapter licensed, that you want to use (like S3, Azure BlobStore or Harddisk)\n- Optional: If you want High Availability with *nscale Server Storage Layer*, you need to have\n`DistributedService: 1`, otherwise the nstl instances can not communicate.\n"}
+{"chapter": "*nplus* Cluster Resources", "level": 1, "text": "*nplus* also includes Cluster Resources (independent of Namespaces). These need to be installed first and globally.\n```bash\nhelm install nplus nplus/nplus-cluster\n```\nYou only need to perform this step once per Cluster, regardless of Environments/Namespaces.\n> If you don't want the *nplus* Helm application to appear in the current Namespace, you can install it as follows:\n```bash\nhelm template nplus nplus/nplus-cluster | kubectl apply -f -\n```\nAfter installing the cluster chart, you can test it by asking your cluster for deployed nscale resources:\n```bash\n$ kubectl get instance,component\nNo resources found in lab namespace.\n```\n*Instances* (also accessible via *nscale* or *nplus*) and *components* are custom resource definitions. Every Instance/Component installed will add an instance/component resource, and an *nplus operator* (which comes with the environment chart) will continuously check the instance/component health and report it via this command line or a web interface (see below).\n"}
+{"chapter": "Create an *nplus* Environment", "level": 1, "text": "You can deploy *nplus* into a Kubernetes namespace. If you do not specify one, you will use the default one, which is fine for our test cluster. If you use namespaces, you can have multiple *nplus* environments in your cluster. Any environment can operate multiple *nplus* instances. Every *nplus* instance normally holds many components, each being *ReplicaSets* with multiple replicas.\nTo create a simple *nplus* environment without any additional features, deploy it into your new cluster:\n> By setting `--devel`, we are fetching the latest development version\n```bash\n% helm install --devel demo nplus/nplus-environment\nNAME: demo\nLAST DEPLOYED: Tue Dec 19 16:39:51 2023\nNAMESPACE: default\nSTATUS: deployed\nREVISION: 1\nTEST SUITE: None\nNOTES:\nnplus-environment 0.2.2-16 / 0.2.2\nThis Environment Chart provides a common config pool and administrative tools to operate all nplus instances in this namespace. There must be exactly one deployed instance of this environment chart. Without the environment, the instance and component charts will fail to deploy.\nTo uninstall, use\nhelm uninstall demo\nThe environment DAV Server is disabled.\nThe nstore Downloader is disabled.\nThe toolbox is disabled.\nProviding 10Gi of storage under the name \"conf\" of class \"default\"\n```\nNow you have an empty cluster ready to get a first instance deployment.\n"}
+{"chapter": "Single Instance Mode", "level": 1, "text": "If you want to separate tenants on your system not only by instance but also by environment / namespace, you can run *nplus* in *single instance mode*.\nSIM (Single Instance Mode) lets you deploy your instance including all components of the environment in one single chart. Please see the [Instance README.md](../charts/instance/README.md) file for more details. This Quickstart Guide however is **not** using SIM.\n"}
+{"chapter": "Deploy an *nplus* Instance", "level": 1, "text": "Before we can deploy the first *nplus* Instance, we need to add the Secrets for the registries and also the nscale license to the environment:\n```bash\nkubectl create secret docker-registry nscale-cr \\\n--docker-server=ceyoniq.azurecr.io \\\n--docker-username=$NSCALE_ACCOUNT \\\n--docker-password=$NSCALE_TOKEN\nkubectl create secret docker-registry nplus-cr \\\n--docker-server=cr.nplus.cloud \\\n--docker-username=$NPLUS_ACCOUNT \\\n--docker-password=$NPLUS_TOKEN\nkubectl create secret generic nscale-license \\\n--from-file=license.xml=$NSCALE_LICENSE\n```\n> Make sure the license key is called `license.xml` as that is used as the key in the charts.\nSecrets are namespace-dependent (one cannot access secrets from other namespaces), so we have to deploy them for every environment/namespace we use in our cluster.\nThere are multiple ways of deploying an *nplus* Instance, the easiest one is by simply calling the helm install on the command line:\n```bash\nhelm install --devel myinstance nplus/nplus-instance\n```\nYou can check the status of the instance using:\n```bash\n"}
+{"chapter": "kubectl get instance", "level": 1, "text": "NAME         HANDLER   VERSION    TENANT    STATUS\nmyinstance   Helm      9.1.1501   default   starting\n```\nAnd the component status with:\n```bash\n"}
+{"chapter": "kubectl get components", "level": 1, "text": "NAME                                             INSTANCE     COMPONENT       TYPE            VERSION    STATUS\ncomponent.nplus.cloud/myinstance-nstl            myinstance   nstl            nstl            9.1.1200   healthy\ncomponent.nplus.cloud/myinstance-rs              myinstance   rs              rs              9.1.1300   healthy\ncomponent.nplus.cloud/myinstance-database        myinstance   database        database        15         healthy\ncomponent.nplus.cloud/myinstance-nappl           myinstance   nappl\ncore            9.1.1501   healthy\ncomponent.nplus.cloud/myinstance-web             myinstance   web             web             9.1.1500   healthy\ncomponent.nplus.cloud/myinstance-administrator   myinstance   administrator   administrator   9.1.1500   healthy\n```\nYou can check the log files of the *Application Layer* for instance by typing:\n```bash\n"}
+{"chapter": "kubectl logs -l nplus/instance=myinstance,nplus/component=nappl", "level": 1, "text": "```\n> Notice the locator in the logs example: Instead of telling kubectl the name of the pod or rs, we use locators because there may be multiple instances of these pods later, and we want to see all logs in one go (or have ELK, EFK, Splunk, or anything similar to do that for us).\n"}
+{"chapter": "Adding an Ingress", "level": 1, "text": "We need to know the available ingressClasses in our new Kubernetes Cluster, so we check that:\n```bash\n"}
+{"chapter": "kubectl get ingressclass", "level": 1, "text": "NAME     CONTROLLER             PARAMETERS   AGE\npublic   k8s.io/ingress-nginx   <none>       72m\nnginx    k8s.io/ingress-nginx   <none>       72m\n```\n*Microk8s* comes with the most common classes, which both point to the same controller (in this case, nginx). *public* is indeed the default class for *nplus*. So we do not need to set that; it is already configured. We just need to tell the *nplus* instance to use a Domain for the ingress:\n```bash\nhelm upgrade --devel \\\n--set global.ingress.domain=myinstance.demo.nplus.cloud \\\nmyinstance nplus/nplus-instance\n```\nThis now activates an ingress for [https://myinstance.demo.nplus.cloud/nscale_web](https://myinstance.mydomain.demo.nplus.cloud/nscale_web). The easiest and fastest is probably to add the IP to the server into your `/etc/hosts` file.\n"}
+{"chapter": "Adding a Certificate", "level": 1, "text": "After just adding the domain, the browser will complain about the self-signed certificate. You can easily add your certificate into the secret `myinstance.demo.nplus.cloud-tls`, which has been created for you.\nHowever, the canonical way is to have *cert-manager* or a similar tool take care of your certificates and have them generated by your CA or *Lets Encrypt* or similar.\nIf you have a running instance of cert-manager, you just need to specify the issuer:\n```bash\nhelm upgrade --devel \\\n--set global.ingress.domain=myinstance.demo.nplus.cloud \\\n--set global.ingress.issuer=nplus-issuer \\\nmyinstance nplus/nplus-instance\n```\nIn this example, *nplus-issuer* is the name of the issuer we created during the [Addons Guide](docs/addons.md).\nYou can now access your new instance with [https://myinstance.demo.nplus.cloud](https://myinstance.demo.nplus.cloud) or whatever domain you might have for it.\n"}
+{"chapter": "Adding an Application", "level": 1, "text": "Trying to log in to your new instance will probably give you an error message:\n![Web Error](assets/noda.png)\nSo we need to create the Document Area and maybe even add some Business App.\nBusiness Apps can be installed from the *pool*. The *pool* is a shared file system, the *nplus environment* exposes to the *nplus instances*. This is handled by the *toolbox* feature, which is disabled by default.\nSo first, we enable it:\n```bash\nhelm upgrade --devel \\\n--set toolbox.enabled=true \\\n--set nstoreDownloader.enabled=true \\\ndemo nplus/nplus-environment\n```\nAnd while we are at it, we also enable the *nstore downloader*, which is a job running in the background automatically downloading the latest business app installer from Ceyoniq.\nIt will take a couple of minutes before the apps are downloaded by the job. You can peek into the folder:\n```bash\nkubectl exec --stdin --tty nplus-toolbox-0 -- ls -lais /conf/pool\n```\nThe Business Apps alone will not install without a proper *App-Installer*. You can download it from the Ceyoniq Service Portal. Once you have it, upload it to the pool as well:\n```bash\nkubectl cp app-installer-9.0.1202.jar nplus-toolbox-0:/conf/pool\n```\nNow, you have everything you need to get an App up:\n- The App Installer\n- Apps\nThe Command Line for installing our *myinstance* Instance is getting quite large, so here is how to put all that into one (or more) yaml files. Create a yaml called *myinstance.yaml* and add the following (which is identical to the command lines above plus the App Install)\nNotice that the domain is using a template function in this example. This adds the ability to reuse the same yaml for multiple instances. We will reuse it for the ArgoCD sample during the [ArgoCD Quickstart Guide](quickstart-argo.md).\n```yaml\nglobal:\ningress:\ndomain: \"{{ .Release.Name }}.demo.nplus.cloud\"\nissuer: \"nplus-issuer\"\ncomponents:\napplication: true\napplication:\nappInstaller: \"/pool/app-installer-9.0.1202.jar\"\ndocAreas:\n- id: \"SBS\"\nname: \"DocArea with SBS\"\ndescription: \"This is a sample DocArea with the SBS Apps installed\"\napps:\n- \"/pool/nstore/bl-app-9.0.1202.zip\"\n- \"/pool/nstore/gdpr-app-9.0.1302.zip\"\n- \"/pool/nstore/sbs-base-9.0.1302.zip\"\n- \"/pool/nstore/sbs-app-9.0.1302.zip\"\n- \"/pool/nstore/tmpl-app-9.0.1302.zip\"\n- \"/pool/nstore/cm-base-9.0.1302.zip\"\n- \"/pool/nstore/cm-app-9.0.1302.zip\"\n- \"/pool/nstore/hr-base-9.0.1302.zip\"\n- \"/pool/nstore/hr-app-9.0.1302.zip\"\n- \"/pool/nstore/pm-base-9.0.1302.zip\"\n- \"/pool/nstore/pm-app-9.0.1302.zip\"\n- \"/pool/nstore/sd-base-9.0.1302.zip\"\n- \"/pool/nstore/sd-app-9.0.1302.zip\"\n- \"/pool/nstore/kon-app-9.0.1302.zip\"\n- \"/pool/nstore/kal-app-9.0.1302.zip\"\n- \"/pool/nstore/dok-app-9.0.1302.zip\"\n- \"/pool/nstore/ts-base-9.0.1302.zip\"\n- \"/pool/nstore/ts-app-9.0.1302.zip\"\n- \"/pool/nstore/ocr-base-9.0.1302.zip\"\n```\nThis yaml will:\n- Switch on the *application chart*, which will install Apps\n- Tell the application to use the App Installer we just uploaded\n- Define a new Document Area (*SBS*) to be created\n- And then finally, in this example, we install SBS completely based on the Apps we downloaded from *nstore*. Make\nsure your license covers SBS; otherwise, it will fail.\nThen, you can upgrade *myinstance* with the new settings:\n```bash\nhelm upgrade \\\n--values myinstance.yaml \\\nmyinstance nplus/nplus-instance\n```\n> You can specify multiple values files, so it is fine to have one for the environment settings, one for the instance settings, and a third one for the application settings. This way, you can easily create multiple instances with shared settings to have maximum re-usage among instances.\nYou can follow the application installer using:\n```bash\n"}
+{"chapter": "kubectl logs -l job-name=myinstance-application -f", "level": 1, "text": "...\nDefaulted container \"run\" out of: run, wait-for-myinstance-nappl (init), copy-conf (init)\n2024-03-11 16:08:33,918 [main] INFO  com.ceyoniq.nscale.appconfig.NscaleServerWriter - updating CustomConfiguration Procurement to 9.0.1302\n2024-03-11 16:08:33,993 [main] INFO  com.ceyoniq.nscale.appconfig.NscaleServerWriter - finished app configuration..\nApp '/pool/pm-app-9.0.1302.zip' successfully installed\ninstall App /pool/sd-base-9.0.1302.zip into SBS\nTry installation of app zip: /pool/sd-base-9.0.1302.zip\n2024-03-11 16:08:36,406 [main] INFO  com.ceyoniq.nscale.businessapps.sd.base.Installer - App ('sd-app') not installed yet. Installing version 9.0.1302\n2024-03-11 16:08:43,031 [main] INFO  com.ceyoniq.nscale.appconfig.NscaleMapper.Icons - Installing icons..\n2024-03-11 16:08:43,033 [main] INFO  com.ceyoniq.nscale.appconfig.NscaleMapper.Folders - Installing Folders..\n2024-03-11 16:08:43,037 [main] INFO  com.ceyoniq.nscale.appconfig.NscaleMapper.FolderTemplates - Installing FolderTemplates..\n...\ndone config scripts.\nrunning application scripts\nRunning /application/*.sh\ndone application scripts.\n```\nOnce it is done, close your browser (to make sure you open a fresh session) and try to log in again:\n![&nbsp](assets/web.png)\n> Admin does not have any SBS user roles by default; that is why you do not see any Apps after login.\n"}
+{"chapter": "Further Reading", "level": 1, "text": "- You will find more complex examples in the [samples directory](/samples).\n- Please have a look at the README.md of the charts to explore more configuration options:\n```bash\nhelm show readme nplus/nplus-environment\nhelm show readme nplus/nplus-instance\n```\n- There are also charts for every component used by the instance umbrella chart.\n- You can also start configuring your instance by retrieving and altering the values.yaml of the chart.\n```bash\nhelm show values --devel nplus/nplus-instance > myinstance.yaml\n```\nThen edit this file. When you are done, apply it:\n```bash\nhelm upgrade --devel \\\n-f myinstance.yaml \\\nmyinstance nplus/nplus-instance\n```\n> Please be aware that the umbrella `values.yaml` does **not** contain all possible configuration options of the child charts.\n"}

ai/jsonl/resources.jsonl

@@ -0,0 +1 @@
+{"chapter": "Handing Resources to Components", "level": 2, "text": "By default, no resources are set on the container. Thus, Kubernetes handles the container with best effort.\nResources can be set at\n| Key | Description | Default |\n|-----|-------------|---------|\n| resources.requests.cpu | sets the request, which is the minimum guaranteed | - |\n| resources.requests.memory | sets the request, which is the minimum guaranteed | - |\n| resources.limits.cpu | sets the limit, which is the maximum allowed | - |\n| resources.limits.memory | sets the request, which is the maximum allowed | - |\n- if nothing is defined, Kubernetes handles it BestEffort\n- if requests are defined, but no limits, Kubernetes handles it Burstable\n- if both are defined, Kubernetes handles it Guaranteed\nPlease take caution when setting parameters and also have a look at this interesting article regarding resources and JVM resource handling:\nhttps://xebia.com/blog/kubernetes-and-the-jvm/\n"}

ai/jsonl/security.jsonl

@@ -0,0 +1,6 @@
+{"chapter": "Security settings", "level": 2, "text": "You can set the security options per *component*, per *instance* or per *environment*.\nThe priority is:\n1. component\n2. instance\n3. environment\nIt is recommended to set the security per environment to make sure you do not forget a component.\n"}
+{"chapter": "Illumio", "level": 3, "text": "Example `environment` setting for Illumio:\n```\nglobal:\nenvironment:\nsecurity:\nillumio:\nenabled: true\nloc: \"mylocation\"\nsupplier: \"mysupplier\"\nplatform: \"myplatform\"\nreadinessGates:\n- conditionType: \"com.illumio.policy-ready\"\n```\n"}
+{"chapter": "CNI, such as Calico or Cilium", "level": 3, "text": "Example `environment` setting for CNI:\n```\nglobal:\nenvironment:\nsecurity:\ncni:\ndefaultIngressPolicy: deny\ndefaultEgressPolicy: deny\ncreateNetworkPolicy: true\nexcludeUnusedPorts: false\n```\n**excludeUnusedPorts** can add a port config to your ingress rules. However, not every CNI is capable of all Attributes (like `EndPort` is currently not supported by cilium).\nSo you can switch this off, if your CNI does not support it.\n"}
+{"chapter": "zeroTrust Policy", "level": 3, "text": "Some Tools like Cilium transparently encrypt the Node to Node traffic in a Cluster. If you, however, want to aditionally deny all http traffic within a node, you can\nenable `zeroTrust` by setting:\n```\nglobal:\nsecurity:\nzeroTrust: true\n```\nPlease make sure you also set all backendProtocols to https. For a complete example, please see the sample values file `zerotrust.yaml` in the samples directory.\n"}
+{"chapter": "Encrypted backend", "level": 3, "text": "An optional approach to zeroTrust (see above) is to set the backenProtocol to http. This leaves the http ports available (zeroTrust would not),\nbut switches the component backend traffic to https (for ingress, probes, ...).\nIt is not as strict as zeroTrust and can be set per component like this:\n```\ningress:\nbackendProtocol: https\n```\nPlease see the example file `encrypt.yaml` in the samles directory for more information.\n"}
+{"chapter": "Security Context", "level": 3, "text": "You can add a `containerSecurityContext` to the component by adding it in the values file:\n```\nsecurity:\ncontainerSecurityContext:\ncapabilities:\ndrop: [\"ALL\"]\n```\nAdditionally, add a `podSecurityContext` if desired:\n```\nsecurity:\npodSecurityContext:\nrunAsNonRoot: true\nrunAsUser: 1000\nrunAsGroup: 1000\n```\n> **Note**: This setting can not be set on instance or environment level.\n"}

assets/logo_nplus.svg

@@ -0,0 +1,13 @@
+<svg width="409.54" height="137.724" viewBox="0 0 409.54 137.724" xmlns="http://www.w3.org/2000/svg" xmlns:usvg="https://github.com/RazrFalcon/usvg" usvg:version="0.8.0">
+    <defs/>
+    <path fill="#706f6f" d="M 16.563 98.469 L 27.607 35.867 C 41.857 35.867 46.91 35.789 62.647 35.789 C 72.471 35.789 79.041 37.431 82.388 40.7 C 85.751 43.97 86.705 49.711 85.25 57.923 L 78.117 98.469 L 67.026 98.469 L 73.831 59.864 C 74.957 53.419 74.582 49.164 72.642 47.131 C 70.687 45.081 66.401 44.112 59.784 44.065 L 37.117 43.956 L 33.926 62.524 L 27.575 98.47 L 16.563 98.47 Z"/>
+    <path fill="#706f6f" d="M 206.62 35.814 C 210.264 35.82 213.168 37.089 215.335 39.62 C 217.499 42.152 218.265 45.175 217.63 48.687 L 210.96 85.575 C 210.324 89.09 208.466 92.109 205.388 94.631 C 202.308 97.155 198.946 98.415 195.302 98.409 L 159.299 98.357 L 154.899 122.213 L 142.899 122.196 L 158.617 35.745 L 206.62 35.814 Z M 196.433 88.832 C 197.946 87.593 198.866 86.072 199.192 84.272 L 205.397 49.954 C 205.707 48.241 205.333 46.74 204.277 45.453 C 203.22 44.165 201.759 43.521 199.892 43.518 L 169.223 43.473 L 160.694 90.644 L 191.363 90.689 C 193.23 90.691 194.919 90.073 196.433 88.832 Z"/>
+    <path fill="#706f6f" d="M 222.642 98.469 L 237.925 11.762 L 248.937 11.762 L 233.653 98.469 Z"/>
+    <path fill="#706f6f" d="M 273.316 98.469 C 281.91 98.469 308.407 98.469 308.407 98.469 L 319.45 35.762 L 308.422 35.762 L 298.875 90.374 C 298.875 90.374 282.817 90.374 276.201 90.374 C 261.231 90.374 260.172 85.6 262.136 74.422 L 268.95 35.763 L 257.847 35.763 L 250.701 76.369 C 248.405 89.466 250.036 98.469 273.316 98.469"/>
+    <path fill="#706f6f" d="M 355.75 90.028 C 364.607 89.982 370.188 89.274 372.525 87.922 C 374.97 86.476 376.415 84.478 377.138 80.388 C 377.829 76.436 377.399 73.792 375.846 72.453 C 374.293 71.131 369.942 70.316 362.854 70.009 C 360.209 69.885 356.642 69.762 352.152 69.655 C 342.297 69.44 336.546 68.871 334.839 67.979 C 332.271 66.719 330.595 64.981 329.78 62.797 C 328.98 60.583 328.95 57.431 329.672 53.31 C 330.856 46.575 333.731 42.009 338.313 39.641 C 342.879 37.258 352.197 36.059 366.313 36.059 C 375.323 36.059 383.595 36.151 392.606 36.151 L 391.191 44.208 L 361.208 44.208 L 361.223 44.116 L 361.054 44.116 C 352.95 44.116 347.661 44.716 345.232 45.961 C 342.772 47.176 341.265 49.405 340.558 53.311 C 340.142 55.694 340.066 57.386 340.296 58.339 C 340.558 59.307 341.172 60.046 342.157 60.537 C 344.186 61.491 348.922 62.044 356.41 62.198 C 358.316 62.244 359.747 62.29 360.777 62.322 C 366.897 62.522 371.663 62.767 375.107 63.121 C 378.536 63.429 380.965 63.875 382.334 64.459 C 385.378 65.704 387.377 67.473 388.361 69.763 C 389.314 72.07 389.422 75.422 388.638 79.819 C 387.854 84.278 386.593 87.661 384.825 89.983 C 383.056 92.305 380.289 94.319 376.476 96.102 C 374.739 96.948 372.063 97.563 368.388 97.916 C 364.76 98.286 359.731 98.47 353.351 98.47 C 350.537 98.47 347.938 98.409 345.54 98.286 L 321.399 98.286 L 322.891 89.829 L 355.75 90.028 Z"/>
+    <path fill="#b3c7e8" d="M 123.756 61.427 L 112.083 61.427 L 110.025 73.1 L 121.698 73.1 Z"/>
+    <path fill="#b3c7e8" d="M 138.619 61.427 L 126.946 61.427 L 124.887 73.1 L 136.56 73.1 Z"/>
+    <path fill="#b3c7e8" d="M 121.2 76.235 L 109.527 76.235 L 107.469 87.908 L 119.142 87.908 Z"/>
+    <path fill="#b3c7e8" d="M 109.004 61.427 L 97.331 61.427 L 95.273 73.1 L 106.946 73.1 Z"/>
+    <path fill="#b3c7e8" d="M 126.584 46.482 L 114.911 46.482 L 112.853 58.155 L 124.526 58.155 Z"/>
+</svg>

assets/sample.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+echo "This does nothing but showing how to call scripts during the deployment process"

charts/README.md

@@ -0,0 +1,100 @@
+# nplus Charts
+
+These are the sources to the nplus Charts. There are 4 levels:
+
+1. Cluster
+2. Environment
+3. Instance
+4. Component
+
+## Cluster
+
+The ***cluster*** chart is responsible for installing all prerequisites for nplus into the Kubernetes Cluster. This is specifically the CRDs later used by the environment.
+
+## Environment
+
+The ***environment*** chart installes the nplus operator, toolbox etc. into a Kubernetes namespace, making this namespace capable of housing nplus Instances
+
+## Instance
+
+The ***instance*** and ***instance-argo** charts install an nplus Instance into an nplus Environment. Every Instance consist of any possible combination of componens:
+
+## Components
+
+### administrator
+
+This is the official nscale Administrator (Web / RAP). It connects to an Application Layer to store its state in the global client settings. It can however connect to any nscale component to perform the **online** configuration.
+
+### Prepper
+
+Downloads, deploys and runs any git asset or script prior to deployment of the components
+
+### application
+
+This handles the installation of solutions / scenarios / apps into a running instance.
+
+### cmis
+
+This component exposes a CMIS compatible interface, with REST and SOAP flavours. 
+
+### database
+
+The database charts installs a postgres instance into the nplus instance. It should not be used for production without further service.
+
+### ilm
+
+The ***ilm*** chart installs the *nscale ERP ILM Connector* which is a SAP certified ILM service.
+
+### proxy
+
+The ***proxy*** chart installs the *nscale ERP Proxy Connector* which is a SAP Content Service request forwarder to migrate alien Archiv Solutions to nscale
+
+### mon
+
+The ***mon*** chart adds a *nscale Monitoring Console* to the nplus instance.
+
+### nappl
+
+The ***nappl*** chart hosts an nscale Server Application Layer, which is a central component in the nscale ecosystem. Most nplus Instances should have at least one ***nappl*** instance. However, there are also scenarios like *central services* (see samples), where one would potentially not use a ***nappl*** within the nplus instance.
+
+### nstl
+
+A *nscale Server Storage Layer* is added by this ***nstl*** chart. The Storage Layer is basically a Blob Store Component, that virtualizes storage subsystems and adds a layer of legal compliance for many governmental requirements.
+
+In terms of storage subsystems, the ***nstl*** chart can be used to connect multiple storage subsystems like S3, Azure Blob Storage and also Hardware Stores like NetApp, EMC Centera etc.
+
+### pam
+
+This is a Chart for the *nscale Process Automation Modeler*, an administrative component that allows the definition of workflows or processes in BPMN on a web ui.
+
+### pipeliner
+
+The ***pipeliner*** chart installs the *nscale Pipeliner*. It also features an optional **WebDAV** component to provide upload capabilities.
+
+### rms
+
+The ***rms*** chart can be used as an *Adminstrator Server* for the nscale Administrator Client. The chart comes with the original nscale RMS component as well as a TCP Proxy, that allows to connect to the original component running in a container via TCP.
+
+The chart exposes its service through a virtual IP adress provided by a Kubernetes loadbalancer service.
+
+### rs
+
+The *nscale Rendition Server* is installed by this ***rs*** chart. It is used by the *nscale Application Layer* to render content into multiple formats.
+
+### sharepoint
+
+This is a chart for *nscale Sharepoint Connector*
+
+### web
+
+*nscale Web* is the official Web Client for *nscale*. It connects to a *nscale Application Layer* as the *EIM* backend. 
+
+### webdav
+
+*nscale WebDAV Connector* is a WebDAV Client for *nscale*. It connects to a *nscale Application Layer* as the *EIM* backend. It services a standard WebDAV protocol interface to be used by any WebDAV client.
+
+
+
+# Misc
+
+The ***global*** chart is a library chart with common functions used by all other charts. It cannot be installed.

charts/administrator/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: nplus-component-administrator
+description: nscale Administrator, providing the Web Version of the Administrator to be used in the Instance
+icon: data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPHN2ZyB2ZXJzaW9uPSIxLjEiIGlkPSJFYmVuZV8xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB4PSIwcHgiIHk9IjBweCIKCSB2aWV3Qm94PSIwIDAgNTEuMDI0IDUxLjAyNCIgZW5hYmxlLWJhY2tncm91bmQ9Im5ldyAwIDAgNTEuMDI0IDUxLjAyNCIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+CjxnPgoJPHBvbHlnb24gZmlsbD0iI0E0QkZFNCIgcG9pbnRzPSIzMi4zMjIsMTkuNzQ0IDIwLjY0OSwxOS43NDQgMTguNTkxLDMxLjQxNyAzMC4yNjQsMzEuNDE3IAkiLz4KCTxwb2x5Z29uIGZpbGw9IiNBNEJGRTQiIHBvaW50cz0iNDcuMTg1LDE5Ljc0NCAzNS41MTIsMTkuNzQ0IDMzLjQ1NCwzMS40MTcgNDUuMTI2LDMxLjQxNyAJIi8+Cgk8cG9seWdvbiBmaWxsPSIjQTRCRkU0IiBwb2ludHM9IjI5Ljc2NiwzNC41NTEgMTguMDk0LDM0LjU1MSAxNi4wMzUsNDYuMjI0IDI3LjcwOCw0Ni4yMjQgCSIvPgoJPHBvbHlnb24gZmlsbD0iI0E0QkZFNCIgcG9pbnRzPSIxNy41NywxOS43NDQgNS44OTcsMTkuNzQ0IDMuODM5LDMxLjQxNyAxNS41MTIsMzEuNDE3IAkiLz4KCTxwb2x5Z29uIGZpbGw9IiNBNEJGRTQiIHBvaW50cz0iMzUuMTUsNC43OTkgMjMuNDc3LDQuNzk5IDIxLjQxOSwxNi40NzIgMzMuMDkyLDE2LjQ3MiAJIi8+Cjwvc3ZnPgo=
+type: application
+dependencies:
+  - name: nplus-globals
+    alias: globals
+    version: "*-0"
+    repository: "file://../globals"
+version: 1.0.0

charts/administrator/README.md

@@ -0,0 +1,174 @@
+
+
+# nplus-component-administrator
+
+nscale Administrator, providing the Web Version of the Administrator to be used in the Instance
+
+## nplus-component-administrator Chart Configuration
+
+You can customize / configure nplus-component-administrator by setting configuration values on the command line or in values files,
+that you can pass to helm. Please see the samples directory for details.
+
+In case there is no value set, the key will not be used in the manifest, resulting in values taken from the config files of the component.
+
+### Template Functions
+
+You can use template functions in the values files. If you do so, make sure you quote correctly (single quotes, if you have double quotes in the template,
+or escaped quotes).
+
+### Global Values
+
+All values can be set per component, per instance or globally per environment.
+
+Example: `global.ingress.domain` sets the domain on instance level. You can still set a different domain on a component, such as administrator.
+In that case, simply set `ingress.domain` for the administrator chart and that setting will have priority:
+
+- Prio 1 - Component Level: `ingress.domain`
+- Prio 2 - Instance Level: `global.ingress.domain`
+- Prio 3 - Environment Level: `global.environment.ingress.domain`
+
+### Using Values in Templates
+
+As it would be a lot of typing to write `.Values.ingress.domain | default .Values.global.ingress.domain | default .Values.global.environment.ingress.domain`in your
+template code, this is automatically done by nplus. You can simply type `.this.ingress.domain` and you will get a condensed and defaulted version
+of your Values.
+
+So an example in your `values.yaml` would be:
+
+```
+administrator:
+  waitFor:
+    - '-service {{ .component.prefix }}nappljobs.{{ .Release.Namespace }}.svc.cluster.local:\{{ .this.nappl.port }} -timeout 600'
+```
+
+This example shows `.this.nappl.port` which might come from a component, instance or global setting. You do not need to care.
+The `.Release.Namespace` is set by helm. You have access to all Release and Chart Metadata, just like in your chart code.
+
+The `.component.prefix` is calculated by nplus and gives you some handy shortcuts to internal variables:
+
+- `.component.chartName` 
+  The name of the chart as in `.Chart.Name`, but with override by `.Values.nameOverride`
+- `.component.shortChartName` 
+  A shorter Version of the name - `nappl` instead of `nplus-component-nappl`
+- `.component.prefix` 
+  The instance Prefix used to name the resources including `-`. This prefix is dropped, if the
+  `.Release.Name` equals `.Release.Namespace` for those of you that only
+  run one nplus Instance per namespace
+- `.component.name` 
+  The name of the component, including `.Values.nameOverride` and some logic
+- `.component.fullName` 
+  The fullName inlcuding `.Values.fullnameOverride` and some logic
+- `.component.chart` 
+  Mainly the `Chart.Name` and `Chart.Version`
+- `.component.storagePath` 
+  The path where the component config is stored in the conf PVC
+- `.component.handler` 
+  The handler (either helm, argoCD or manual)
+
+- `.instance.name` 
+  The name of the instance, but with override by `.Values.instanceOverride`
+- `.instance.group` 
+  The group, this instance belongs to. Override by `.Values.groupOverride`
+- `.instance.version` 
+  The *nscale* version (mostly taken from Application Layer), this instance is deploying.
+
+- `.environment.name` 
+  The name of the environment, but with override by `.Values.environmentNameOverride`
+
+### Keys
+
+You can set any of the following values for this component:
+
+| Key | Description | Default |
+|-----|-------------|---------|
+env | Sets additional environment variables for the configuration. |   |
+envMap | Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container. |   |
+envSecret | Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container. |   |
+fullnameOverride | This overrides the output of the internal fullname function |   |
+**image**​.name | the name of the image to use |  `"administrator"` |
+**image**​.pullSecrets | you can provide your own pullSecrets, in case you use a private repo. |  `["nscale-cr", "nplus-cr"]` |
+**image**​.repo | if you use a private repo, feel free to set it here |  `"ceyoniq.azurecr.io/release/nscale"` |
+**image**​.tag | the tag of the image to use |  `"latest"` |
+**ingress**​.annotations | Adds extra Annotations to the ingress |   |
+**ingress**&#8203;.backendProtocol | Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically. |  `http` <br> `https` in zero trust mode |
+**ingress**&#8203;.class | The ingressclass to use for this ingress. Most likely, this is provided globally by the  instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one |  `public` |
+**ingress**&#8203;.contextPath | The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts. |  `"/rapadm"` |
+**ingress**&#8203;.cookie | on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web |   |
+**ingress**&#8203;.deny | deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client. |   |
+**ingress**&#8203;.domain | Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here |   |
+**ingress**&#8203;.enabled | You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not. |  `true` |
+**ingress**&#8203;.namespace | Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list |  "ingress,  kube-system,  ingress-nginx" |
+**ingress**&#8203;.proxyReadTimeout | Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set. |   |
+**ingress**&#8203;.secret | Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance |  `{{ .this.ingress.domain }}-tls` |
+**ingress**&#8203;.whitelist | optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers |   |
+**javaOpts**&#8203;.javaMaxMem | set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed |   |
+**javaOpts**&#8203;.javaMaxRamPercentage | set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any. |   |
+**javaOpts**&#8203;.javaMinMem | set the minimum memory, java will consume |   |
+**javaOpts**&#8203;.javaMisc | Any misc Java Options that need to be passed to the container |  `"-Dorg.eclipse.rap.rwt.settingStoreFactory=settings-per-user"` |
+**meta**&#8203;.language | Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container. |  `"java"` |
+**meta**&#8203;.ports&#8203;.http | The http port this component uses (if any). In zero trust mode, this will be disabled. <br>this is a constant value of the component and should not be changed. | **info only**, do not change<br> `8080` |
+**meta**&#8203;.ports&#8203;.https | The tls / https port, this component uses (if any) <br>this is a constant value of the component and should not be changed. | **info only**, do not change<br> `8443` |
+**meta**&#8203;.provider | sets provider (partner, reseller) information to be able to invoice per use in a cloud environment |   |
+**meta**&#8203;.serviceContainer | The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any |  `"administrator"` |
+**meta**&#8203;.stage | A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example) |   |
+**meta**&#8203;.tenant | sets tenant information to be able to invoice per use in a cloud environment |   |
+**meta**&#8203;.type | the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service. |  `"administrator"` |
+**meta**&#8203;.wave | Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation |   |
+minReplicaCountType | if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer |   |
+**mounts**&#8203;.caCerts&#8203;.configMap | Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting |   |
+**mounts**&#8203;.caCerts&#8203;.secret | Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting |   |
+**mounts**&#8203;.componentCerts&#8203;.configMap | Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting |   |
+**mounts**&#8203;.componentCerts&#8203;.secret | Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting |   |
+**mounts**&#8203;.data&#8203;.class | Sets the class of the data disk |   |
+**mounts**&#8203;.data&#8203;.size | Sets the size of the data disk |   |
+**mounts**&#8203;.data&#8203;.volumeName | If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one |   |
+**mounts**&#8203;.disk&#8203;.class | Sets the class of the disk |   |
+**mounts**&#8203;.disk&#8203;.enabled | enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk. |  `false` |
+**mounts**&#8203;.disk&#8203;.migration | Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten! |  `false` |
+**mounts**&#8203;.disk&#8203;.size | Sets the size of the disk |   |
+**mounts**&#8203;.disk&#8203;.volumeName | If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one |   |
+**mounts**&#8203;.file&#8203;.class | Sets the class of the shared disk |   |
+**mounts**&#8203;.file&#8203;.size | Sets the size of the shared disk |   |
+**mounts**&#8203;.file&#8203;.volumeName | If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one |   |
+**mounts**&#8203;.generic | Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container. |   |
+**mounts**&#8203;.logs&#8203;.size | Sets the size of the log disk (all paths) |   |
+**mounts**&#8203;.temp&#8203;.path | Sets the path to the temporary files <br>do not change this value | **info only**, do not change<br> `"/tmp"` |
+**mounts**&#8203;.temp&#8203;.size | Sets the size of the temporary disk (all paths) |  `"1Gi"` |
+nameOverride | This overrides the output of the internal name function |   |
+**nappl**&#8203;.account | The technical account to login with |   |
+**nappl**&#8203;.domain | The domain of the technical account |   |
+**nappl**&#8203;.host | nappl host name |   |
+**nappl**&#8203;.instance | instance of the Application Layer, likely `instance1` |   |
+**nappl**&#8203;.password | The password of the technical accunt (if not set by secret) |   |
+**nappl**&#8203;.port | nappl port (http 8080 or https 8443) |   |
+**nappl**&#8203;.secret | An optional secret that holds the credentials (the keys must be `account` and `password`) |   |
+**nappl**&#8203;.ssl | sets the Advanced Connect to tls |   |
+nodeSelector | select specific nodes for this component |   |
+**resources**&#8203;.limits&#8203;.cpu | The maximum allowed CPU for the container |   |
+**resources**&#8203;.limits&#8203;.memory | The maximum allowed RAM for the container |   |
+**resources**&#8203;.requests&#8203;.cpu | Set the share of guaranteed CPU to the container. |   |
+**resources**&#8203;.requests&#8203;.memory | Set the share of guaranteed RAM to the container |   |
+**security**&#8203;.containerSecurityContext&#8203;.allowPrivilegeEscalation | Some functionality may need the possibility to allow privilege escalation. This should be very restrictive <br>you should not change this | **info only**, do not change<br> `false` |
+**security**&#8203;.containerSecurityContext&#8203;.readOnlyRootFilesystem | sets the container root file system to read only. This should be the case in production environment <br>you should not change this | **info only**, do not change<br> `true` |
+**security**&#8203;.podSecurityContext&#8203;.fsGroup | The file system group as which new files are created <br>there is normally no need to change this | **info only**, do not change<br> `1001` |
+**security**&#8203;.podSecurityContext&#8203;.fsGroupChangePolicy | Under which condition should the fsGroup be changed <br>there is normally no need to change this | **info only**, do not change<br> `"OnRootMismatch"` |
+**security**&#8203;.podSecurityContext&#8203;.runAsUser | The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security <br>there is normally no need to change this | **info only**, do not change<br> `1001` |
+**security**&#8203;.zeroTrust | turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes |  `false` |
+**service**&#8203;.annotations | adds extra Annotations to the service |   |
+**service**&#8203;.enabled | enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress. |  `true` |
+**service**&#8203;.selector | The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type |  `"component"` |
+**telemetry**&#8203;.openTelemetry | turns Open Telemetry on |   |
+**telemetry**&#8203;.serviceName | Sets the service name for the telemetry service to more convenient identify the displayed component Example: "{{ .this.meta.type }}-{{ .instance.name }}" |   |
+**template**&#8203;.annotations | set additional annotations for pods |   |
+**template**&#8203;.labels | set additional labels for pods |   |
+terminationGracePeriodSeconds | Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults |   |
+timezone | set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc. |  `Europe/Berlin` |
+tolerations | Set tolerations for this component |   |
+**utils**&#8203;.debug | Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide |  `false` |
+**utils**&#8203;.disableWait | in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet. |  `false` |
+**utils**&#8203;.disableWave | If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet. |  `false` |
+**utils**&#8203;.includeNamespace | By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later |  `true` |
+**utils**&#8203;.maintenance | in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up. |  `false` |
+**utils**&#8203;.renderComments | You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD |  `true` |
+waitFor | Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed. |   |
+

charts/administrator/templates/component.tpl

@@ -0,0 +1,2 @@
+{{- include "nplus.init" $ -}}
+{{- include "nplus.component" . -}}

charts/administrator/templates/ingress.tpl

@@ -0,0 +1,16 @@
+{{- include "nplus.init" $ -}}
+{{- if ( include "nplus.ingressEnabled" . ) }}
+{{- include "nplus.ingress" (list . .component.fullName) | nindent 0 }}
+      - path: {{ .Values.ingress.contextPath }}
+        pathType: Prefix
+        backend:
+          service:
+            name: {{ .component.fullName }}
+            port: 
+              name: {{ include "nplus.backendProtocol" . }}
+{{- else }}
+# kind: ingress
+# Not Generating any Ingress for {{ .component.fullName }} as
+# Ingress = {{ .this.ingress }}
+# Service = {{ .this.service }}
+{{- end }}

charts/administrator/templates/networkpolicy.tpl

@@ -0,0 +1,34 @@
+{{- include "nplus.init" $ -}}
+{{- if ((.this.security).cni).createNetworkPolicy }}
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: {{ .component.fullName }}
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoWave" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+    {{- include "nplus.securityAnnotations" . | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+    {{- include "nplus.selectorLabels" . | nindent 6 }}
+  policyTypes:
+  - Ingress
+  - Egress
+  ingress:
+
+  {{- if ( include "nplus.ingressEnabled" . ) }}
+  {{- include "nplus.networkpolicy.allowFromIngress" . | nindent 2 }}
+  {{- end }}
+
+  egress:
+  - to:
+    - podSelector:
+        matchLabels:
+          nplus/group: {{ .instance.group }}
+{{- end }}

charts/administrator/templates/pvc.tpl

@@ -0,0 +1,2 @@
+{{- include "nplus.init" $ -}}
+{{- include "nplus.pvc" . }}

charts/administrator/templates/service.tpl

@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Service
+metadata:
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  name: {{ .component.fullName }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoWave" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+    {{- include "nplus.securityAnnotations" . | nindent 4 }}
+    {{- include "nplus.serviceAnnotations" . | nindent 4 }}
+spec:
+
+  # this is a "headless service", no cluster IP is defined
+  # as none of the internal components need to access this service,
+  # access is purely through an ingress if desired.
+  type: ClusterIP
+  clusterIP: None
+  ports:
+    {{- include "nplus.defaultServicePorts" . | nindent 4 }}
+  selector:
+  {{- if eq .this.service.selector "component" }}
+    {{- include "nplus.selectorLabels" . | nindent 4 }}
+  {{- else if eq .this.service.selector "type" }}
+    {{- include "nplus.selectorLabelsNc" . | nindent 4 }}
+  {{- else }}
+    {{- fail (printf "Unknown Service Selector Type: %s - must be component or type" .this.service.selector) }}
+  {{- end }}
+

charts/administrator/templates/statefulset.tpl

@@ -0,0 +1,116 @@
+{{- include "nplus.init" $ -}}
+# Component: {{ .component.chartName }}
+# will connect to:
+{{- if (.this.nappl).host }}
+#   nappl: {{ if ($.this.nappl).ssl -}}https{{- else -}}http{{- end -}}://{{ ($.this.nappl).host }}:{{ (.this.nappl).port }}/{{ (.this.nappl).instance }}
+{{- else }}
+#   defined by config file in conf PV.
+{{- end }}
+#
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ .component.fullName }}
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoWave" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+    {{- include "nplus.securityAnnotations" . | nindent 4 }}
+
+spec:
+  serviceName: {{ .component.fullName }}
+  selector:
+    matchLabels:
+      {{- include "nplus.selectorLabels" . | nindent 6 }}
+  replicas: {{ .Values.replicaCount }}
+  podManagementPolicy: OrderedReady
+  updateStrategy:
+    type: {{ .Values.updateStrategy | default "OnDelete" }}  
+  minReadySeconds: 5
+
+  template:
+    metadata:
+      labels:
+        {{- include "nplus.templateLabels" . | nindent 8 }}
+      annotations:
+        {{- include "nplus.templateAnnotations" . | nindent 8 }}
+        {{- include "nplus.securityAnnotations" . | nindent 8 }}
+    spec:
+      {{- include "nplus.imagePullSecrets" . | nindent 6 }}
+      {{- include "nplus.securityIllumioReadinessGates" . | nindent 6 }}
+      {{- include "nplus.podSecurityContext" . | nindent 6 }}
+      {{- include "nplus.terminationGracePeriodSeconds" . | nindent 6 }}
+            
+      initContainers:
+      {{- include "nplus.waitFor" . | nindent 6 }}
+
+      containers:
+      - name: administrator
+        image: {{ include "nplus.image"  (dict "global" .Values.global "image" .Values.image) }}
+        imagePullPolicy: {{ include "nplus.imagePullPolicy" .Values.image }}
+        {{- include "nplus.containerSecurityContext" . | nindent 8 }}
+        env:
+
+          {{- if ($.this.nappl).host }}
+          - name: APPLICATION_LAYER_HOST
+            value: {{ ($.this.nappl).host | quote }}
+          {{- end }}
+          {{- if ($.this.nappl).port }}
+          - name: APPLICATION_LAYER_PORT
+            value: {{ ($.this.nappl).port | quote }}
+          {{- end }}
+          {{- if ($.this.nappl).ssl }}
+          - name: APPLICATION_LAYER_SSL
+            value: {{ ($.this.nappl).ssl | quote }}
+          {{- end }}
+          {{- if ($.this.nappl).instance }}
+          - name: APPLICATION_LAYER_INSTANCE
+            value: {{ ($.this.nappl).instance | quote }}
+          {{- end }}
+
+        {{- include "nplus.environment" . | nindent 8 }}
+        
+        {{- if .this.utils.maintenance }}
+          {{- include "nplus.idle" . | nindent 8 }}
+        {{- else }}
+
+        startupProbe:
+          httpGet:
+            path: /rapadm/
+            port: {{ include "nplus.backendPort" . }}
+            scheme: {{ include "nplus.backendProtocol" . | upper }}
+          initialDelaySeconds: 10
+          failureThreshold: 12
+          periodSeconds: 10
+          timeoutSeconds: 5
+        livenessProbe:
+          httpGet:
+            path: /rapadm/
+            port: {{ include "nplus.backendPort" . }}
+            scheme: {{ include "nplus.backendProtocol" . | upper }}
+          periodSeconds: 30
+          timeoutSeconds: 1
+        readinessProbe:
+          httpGet:
+            path: /rapadm/
+            port: {{ include "nplus.backendPort" . }}
+            scheme: {{ include "nplus.backendProtocol" . | upper }}
+          periodSeconds: 10
+          timeoutSeconds: 1
+        {{- end }}
+
+        ports:
+        {{- include "nplus.defaultContainerPorts" . | nindent 8 }}
+
+        {{- include "nplus.resources" . | nindent 8 }}
+
+        volumeMounts:
+        {{- include "nplus.defaultMounts" . | nindent 8 }}
+
+      volumes:
+      {{- include "nplus.defaultVolumes" . | nindent 6 }}
+

charts/administrator/values.schema.json

@@ -0,0 +1,834 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "additionalProperties": false,
+  "properties": {
+    "env": {
+      "default": "",
+      "description": "Sets additional environment variables for the configuration.",
+      "title": "env"
+    },
+    "envMap": {
+      "default": "",
+      "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
+      "title": "envMap"
+    },
+    "envSecret": {
+      "default": "",
+      "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
+      "title": "envSecret"
+    },
+    "fullnameOverride": {
+      "default": "",
+      "description": "This overrides the output of the internal fullname function",
+      "title": "fullnameOverride"
+    },
+    "global": {
+      "description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
+      "title": "global",
+      "type": "object"
+    },
+    "globals": {
+      "description": "nplus Global Functions Library Chart",
+      "properties": {
+        "global": {
+          "description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
+          "title": "global",
+          "type": "object"
+        }
+      },
+      "title": "nplus-globals",
+      "type": "object"
+    },
+    "image": {
+      "additionalProperties": false,
+      "description": "provide the image to be used for this component",
+      "properties": {
+        "name": {
+          "default": "administrator",
+          "description": "the name of the image to use",
+          "title": "name"
+        },
+        "pullPolicy": {
+          "default": "IfNotPresent",
+          "title": "pullPolicy",
+          "type": "string"
+        },
+        "pullSecrets": {
+          "description": "you can provide your own pullSecrets, in case you use a private repo.",
+          "items": {
+            "anyOf": [
+              {
+                "type": "string"
+              },
+              {
+                "type": "string"
+              }
+            ]
+          },
+          "title": "pullSecrets"
+        },
+        "repo": {
+          "default": "ceyoniq.azurecr.io/release/nscale",
+          "description": "if you use a private repo, feel free to set it here",
+          "title": "repo"
+        },
+        "tag": {
+          "default": "ubi.9.3.1201",
+          "description": "the tag of the image to use",
+          "title": "tag"
+        }
+      },
+      "title": "image"
+    },
+    "ingress": {
+      "additionalProperties": false,
+      "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
+      "properties": {
+        "annotations": {
+          "default": "",
+          "description": "Adds extra Annotations to the ingress",
+          "title": "annotations"
+        },
+        "backendProtocol": {
+          "default": "`http` <br> `https` in zero trust mode",
+          "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
+          "title": "backendProtocol"
+        },
+        "class": {
+          "default": "`public`",
+          "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the  instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
+          "title": "class"
+        },
+        "contextPath": {
+          "default": "/rapadm",
+          "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
+          "title": "contextPath"
+        },
+        "cookie": {
+          "default": "",
+          "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
+          "title": "cookie"
+        },
+        "deny": {
+          "default": "",
+          "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
+          "title": "deny"
+        },
+        "domain": {
+          "default": "",
+          "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
+          "title": "domain"
+        },
+        "enabled": {
+          "default": "true",
+          "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
+          "title": "enabled"
+        },
+        "inputPath": {
+          "default": "",
+          "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
+          "title": "inputPath"
+        },
+        "namespace": {
+          "default": "\"ingress, kube-system, ingress-nginx\"",
+          "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
+          "title": "namespace"
+        },
+        "proxyReadTimeout": {
+          "default": "",
+          "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
+          "title": "proxyReadTimeout"
+        },
+        "rewriteTarget": {
+          "default": "",
+          "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
+          "title": "rewriteTarget"
+        },
+        "secret": {
+          "default": "`{{ .this.ingress.domain }}-tls`",
+          "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
+          "title": "secret"
+        },
+        "whitelist": {
+          "default": "",
+          "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
+          "title": "whitelist"
+        }
+      },
+      "title": "ingress"
+    },
+    "javaOpts": {
+      "additionalProperties": false,
+      "description": "Options for the Java VM",
+      "properties": {
+        "javaMaxMem": {
+          "default": "",
+          "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed",
+          "title": "javaMaxMem"
+        },
+        "javaMaxRamPercentage": {
+          "default": "",
+          "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.",
+          "title": "javaMaxRamPercentage"
+        },
+        "javaMinMem": {
+          "default": "",
+          "description": "set the minimum memory, java will consume",
+          "title": "javaMinMem"
+        },
+        "javaMisc": {
+          "default": "-Dorg.eclipse.rap.rwt.settingStoreFactory=settings-per-user",
+          "description": "Any misc Java Options that need to be passed to the container",
+          "title": "javaMisc"
+        }
+      },
+      "title": "javaOpts"
+    },
+    "meta": {
+      "additionalProperties": false,
+      "description": "defines internal constants for nplus. do not change these values",
+      "properties": {
+        "componentVersion": {
+          "default": "",
+          "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
+          "title": "componentVersion"
+        },
+        "language": {
+          "default": "java",
+          "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
+          "title": "language"
+        },
+        "ports": {
+          "additionalProperties": false,
+          "description": "lists the ports this component exposes. This is important for zero trust mode and others.",
+          "properties": {
+            "http": {
+              "default": "8080",
+              "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
+              "title": "http"
+            },
+            "https": {
+              "default": "8443",
+              "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
+              "title": "https"
+            },
+            "rmi": {
+              "default": "",
+              "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
+              "title": "rmi"
+            },
+            "tcp": {
+              "default": "",
+              "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
+              "title": "tcp"
+            },
+            "tcps": {
+              "default": "",
+              "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
+              "title": "tcps"
+            }
+          },
+          "title": "ports"
+        },
+        "provider": {
+          "default": "",
+          "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
+          "title": "provider"
+        },
+        "serviceContainer": {
+          "default": "administrator",
+          "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
+          "title": "serviceContainer"
+        },
+        "stage": {
+          "default": "",
+          "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
+          "title": "stage"
+        },
+        "tenant": {
+          "default": "",
+          "description": "sets tenant information to be able to invoice per use in a cloud environment",
+          "title": "tenant"
+        },
+        "type": {
+          "default": "administrator",
+          "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
+          "title": "type"
+        },
+        "wave": {
+          "default": "",
+          "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
+          "title": "wave"
+        }
+      },
+      "title": "meta"
+    },
+    "minReplicaCountType": {
+      "default": "",
+      "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
+      "title": "minReplicaCountType"
+    },
+    "mounts": {
+      "additionalProperties": false,
+      "properties": {
+        "caCerts": {
+          "additionalProperties": false,
+          "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
+          "properties": {
+            "configMap": {
+              "default": "",
+              "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
+              "title": "configMap"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets the path to the certs folder. @internal -- do not change this value",
+              "title": "paths"
+            },
+            "secret": {
+              "default": "",
+              "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
+              "title": "secret"
+            }
+          },
+          "title": "caCerts"
+        },
+        "componentCerts": {
+          "additionalProperties": false,
+          "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
+          "properties": {
+            "configMap": {
+              "default": "",
+              "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
+              "title": "configMap"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets the path to the component certs. @internal -- do not change this value",
+              "title": "paths"
+            },
+            "secret": {
+              "default": "",
+              "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
+              "title": "secret"
+            }
+          },
+          "title": "componentCerts"
+        },
+        "conf": {
+          "additionalProperties": false,
+          "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
+          "properties": {
+            "path": {
+              "default": "",
+              "description": "Sets the path to the conf files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the conf files @internal -- do not change this value",
+              "title": "paths"
+            }
+          },
+          "title": "conf"
+        },
+        "data": {
+          "additionalProperties": false,
+          "properties": {
+            "class": {
+              "default": "",
+              "description": "Sets the class of the data disk",
+              "title": "class"
+            },
+            "path": {
+              "default": "",
+              "description": "Sets the path to the data files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the data files @internal -- do not change this value",
+              "title": "paths"
+            },
+            "size": {
+              "default": "",
+              "description": "Sets the size of the data disk",
+              "title": "size"
+            },
+            "volumeName": {
+              "default": "",
+              "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
+              "title": "volumeName"
+            }
+          },
+          "title": "data",
+          "type": "object"
+        },
+        "disk": {
+          "additionalProperties": false,
+          "properties": {
+            "class": {
+              "default": "",
+              "description": "Sets the class of the disk",
+              "title": "class"
+            },
+            "enabled": {
+              "default": "false",
+              "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
+              "title": "enabled"
+            },
+            "migration": {
+              "default": "false",
+              "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
+              "title": "migration"
+            },
+            "path": {
+              "default": "",
+              "description": "Sets the path to the disk files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the data files @internal -- do not change this value",
+              "title": "paths"
+            },
+            "size": {
+              "default": "",
+              "description": "Sets the size of the disk",
+              "title": "size"
+            },
+            "volumeName": {
+              "default": "",
+              "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
+              "title": "volumeName"
+            }
+          },
+          "title": "disk",
+          "type": "object"
+        },
+        "file": {
+          "additionalProperties": false,
+          "properties": {
+            "class": {
+              "default": "",
+              "description": "Sets the class of the shared disk",
+              "title": "class"
+            },
+            "path": {
+              "default": "",
+              "description": "Sets the path to the shared files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the shared files @internal -- do not change this value",
+              "title": "paths"
+            },
+            "size": {
+              "default": "",
+              "description": "Sets the size of the shared disk",
+              "title": "size"
+            },
+            "volumeName": {
+              "default": "",
+              "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
+              "title": "volumeName"
+            }
+          },
+          "title": "file",
+          "type": "object"
+        },
+        "fonts": {
+          "additionalProperties": false,
+          "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
+          "properties": {
+            "path": {
+              "default": "",
+              "description": "Sets the path to the fonts folder. @internal -- do not change this value",
+              "title": "path"
+            }
+          },
+          "title": "fonts"
+        },
+        "generic": {
+          "default": "",
+          "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
+          "title": "generic"
+        },
+        "license": {
+          "additionalProperties": false,
+          "description": "some nscale Components require a license file and this defines it's location",
+          "properties": {
+            "path": {
+              "default": "",
+              "description": "Sets the path to the license files @internal -- do not change this value",
+              "title": "path"
+            }
+          },
+          "title": "license"
+        },
+        "logs": {
+          "additionalProperties": false,
+          "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
+          "properties": {
+            "path": {
+              "default": "",
+              "description": "Sets the path to the log files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the log files @internal -- do not change this value",
+              "title": "paths"
+            },
+            "size": {
+              "default": "",
+              "description": "Sets the size of the log disk (all paths)",
+              "title": "size"
+            }
+          },
+          "title": "logs"
+        },
+        "pool": {
+          "additionalProperties": false,
+          "properties": {
+            "path": {
+              "default": "",
+              "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
+              "title": "path"
+            }
+          },
+          "title": "pool",
+          "type": "object"
+        },
+        "ptemp": {
+          "additionalProperties": false,
+          "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
+          "properties": {
+            "path": {
+              "default": "",
+              "description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
+              "title": "paths"
+            }
+          },
+          "title": "ptemp"
+        },
+        "temp": {
+          "additionalProperties": false,
+          "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
+          "properties": {
+            "path": {
+              "default": "/tmp",
+              "description": "Sets the path to the temporary files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the temporary files @internal -- do not change this value",
+              "title": "paths"
+            },
+            "size": {
+              "default": "1Gi",
+              "description": "Sets the size of the temporary disk (all paths)",
+              "title": "size"
+            }
+          },
+          "title": "temp"
+        }
+      },
+      "title": "mounts",
+      "type": "object"
+    },
+    "nameOverride": {
+      "default": "",
+      "description": "This overrides the output of the internal name function",
+      "title": "nameOverride"
+    },
+    "nappl": {
+      "additionalProperties": false,
+      "description": "The nscale Application Layer, this component should talk to",
+      "properties": {
+        "account": {
+          "default": "",
+          "description": "The technical account to login with",
+          "title": "account"
+        },
+        "domain": {
+          "default": "",
+          "description": "The domain of the technical account",
+          "title": "domain"
+        },
+        "host": {
+          "default": "",
+          "description": "nappl host name",
+          "title": "host"
+        },
+        "instance": {
+          "default": "",
+          "description": "instance of the Application Layer, likely `instance1`",
+          "title": "instance"
+        },
+        "password": {
+          "default": "",
+          "description": "The password of the technical accunt (if not set by secret)",
+          "title": "password"
+        },
+        "port": {
+          "default": "",
+          "description": "nappl port (http 8080 or https 8443)",
+          "title": "port"
+        },
+        "secret": {
+          "default": "",
+          "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)",
+          "title": "secret"
+        },
+        "ssl": {
+          "default": "",
+          "description": "sets the Advanced Connect to tls",
+          "title": "ssl"
+        }
+      },
+      "title": "nappl"
+    },
+    "nodeSelector": {
+      "default": "",
+      "description": "select specific nodes for this component",
+      "title": "nodeSelector"
+    },
+    "replicaCount": {
+      "default": "1",
+      "description": "There should only be a single Administrator instance, so the replicaCount is fixed to 1 @ignore -- Do not change this.",
+      "title": "replicaCount"
+    },
+    "resources": {
+      "additionalProperties": false,
+      "description": "Assigns hardware resources to container",
+      "properties": {
+        "limits": {
+          "additionalProperties": false,
+          "description": "Limits the maximum resources",
+          "properties": {
+            "cpu": {
+              "default": "",
+              "description": "The maximum allowed CPU for the container",
+              "title": "cpu"
+            },
+            "memory": {
+              "default": "",
+              "description": "The maximum allowed RAM for the container",
+              "title": "memory"
+            }
+          },
+          "title": "limits"
+        },
+        "requests": {
+          "additionalProperties": false,
+          "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
+          "properties": {
+            "cpu": {
+              "default": "",
+              "description": "Set the share of guaranteed CPU to the container.",
+              "title": "cpu"
+            },
+            "memory": {
+              "default": "",
+              "description": "Set the share of guaranteed RAM to the container",
+              "title": "memory"
+            }
+          },
+          "title": "requests"
+        }
+      },
+      "title": "resources"
+    },
+    "security": {
+      "additionalProperties": false,
+      "description": "Security Section defining default runtime environment for your container",
+      "properties": {
+        "containerSecurityContext": {
+          "additionalProperties": false,
+          "properties": {
+            "allowPrivilegeEscalation": {
+              "default": "false",
+              "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
+              "title": "allowPrivilegeEscalation"
+            },
+            "capabilities": {
+              "additionalProperties": false,
+              "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
+              "properties": {
+                "drop": {
+                  "items": {
+                    "anyOf": [
+                      {
+                        "type": "string"
+                      }
+                    ]
+                  },
+                  "title": "drop",
+                  "type": "array"
+                }
+              },
+              "title": "capabilities"
+            },
+            "readOnlyRootFilesystem": {
+              "default": "true",
+              "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
+              "title": "readOnlyRootFilesystem"
+            }
+          },
+          "title": "containerSecurityContext",
+          "type": "object"
+        },
+        "podSecurityContext": {
+          "additionalProperties": false,
+          "properties": {
+            "fsGroup": {
+              "default": "1001",
+              "description": "The file system group as which new files are created @internal -- there is normally no need to change this",
+              "title": "fsGroup"
+            },
+            "fsGroupChangePolicy": {
+              "default": "OnRootMismatch",
+              "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
+              "title": "fsGroupChangePolicy"
+            },
+            "runAsUser": {
+              "default": "1001",
+              "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
+              "title": "runAsUser"
+            }
+          },
+          "title": "podSecurityContext",
+          "type": "object"
+        },
+        "zeroTrust": {
+          "default": "`false`",
+          "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
+          "title": "zeroTrust"
+        }
+      },
+      "title": "security"
+    },
+    "service": {
+      "additionalProperties": false,
+      "properties": {
+        "annotations": {
+          "default": "",
+          "description": "adds extra Annotations to the service",
+          "title": "annotations"
+        },
+        "enabled": {
+          "default": "true",
+          "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
+          "title": "enabled"
+        },
+        "selector": {
+          "default": "component",
+          "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
+          "title": "selector"
+        }
+      },
+      "title": "service",
+      "type": "object"
+    },
+    "telemetry": {
+      "additionalProperties": false,
+      "description": "Settings for telemetry tools",
+      "properties": {
+        "openTelemetry": {
+          "default": "",
+          "description": "turns Open Telemetry on",
+          "title": "openTelemetry"
+        },
+        "serviceName": {
+          "default": "",
+          "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
+          "title": "serviceName"
+        }
+      },
+      "title": "telemetry"
+    },
+    "template": {
+      "additionalProperties": false,
+      "description": "provide extra settings for pod templates",
+      "properties": {
+        "annotations": {
+          "default": "",
+          "description": "set additional annotations for pods",
+          "title": "annotations"
+        },
+        "labels": {
+          "default": "",
+          "description": "set additional labels for pods",
+          "title": "labels"
+        }
+      },
+      "title": "template"
+    },
+    "terminationGracePeriodSeconds": {
+      "default": "",
+      "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
+      "title": "terminationGracePeriodSeconds"
+    },
+    "timezone": {
+      "default": "`Europe/Berlin`",
+      "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
+      "title": "timezone"
+    },
+    "tolerations": {
+      "default": "",
+      "description": "Set tolerations for this component",
+      "title": "tolerations"
+    },
+    "utils": {
+      "additionalProperties": false,
+      "properties": {
+        "debug": {
+          "default": "`false`",
+          "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide",
+          "title": "debug"
+        },
+        "disableWait": {
+          "default": "`false`",
+          "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
+          "title": "disableWait"
+        },
+        "disableWave": {
+          "default": "`false`",
+          "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
+          "title": "disableWave"
+        },
+        "includeNamespace": {
+          "default": "`true`",
+          "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
+          "title": "includeNamespace"
+        },
+        "maintenance": {
+          "default": "`false`",
+          "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
+          "title": "maintenance"
+        },
+        "renderComments": {
+          "default": "`true`",
+          "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
+          "title": "renderComments"
+        }
+      },
+      "title": "utils",
+      "type": "object"
+    },
+    "waitFor": {
+      "default": "",
+      "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed.",
+      "title": "waitFor"
+    }
+  },
+  "type": "object"
+}

charts/administrator/values.yaml

@@ -0,0 +1,417 @@
+# yaml-language-server: $schema=values.schema.json
+# -- Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)
+ingress:
+  # -- You can toggle the ingress on wether you'd like this component
+  # to be reachable through an ingress or not.
+  enabled: true
+  # -- Overrides the default backend protocol. The default is http,
+  # unless in zeroTrust Mode, then it is switched to https automatically.
+  # @default -- `http` <br> `https` in zero trust mode
+  backendProtocol:
+  # -- defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason
+  # Example: `/nscalealinst1(/\|$)(.*)`
+  # @internal -- This is an alpha feature - do not use it.
+  inputPath:
+  # -- defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason
+  # Example: `/nscalealinst1/$2`
+  # @internal -- This is an alpha feature - do not use it.
+  rewriteTarget:
+  # -- deny is used to exclude specific paths from public access, such as
+  # administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is
+  # the burlap protocol. The configuration service is the endpoint used by
+  # the Admin client.
+  deny:
+  # -- on component level, set cookie affinity for the ingress
+  # example: `XtConLoadBalancerSession` for nscale Web
+  cookie:
+  # -- Sets the name of the tls secret to be used for this ingress, that contains
+  # the private and public key. These secrets can optionally be provided by the instance
+  # @default -- `{{ .this.ingress.domain }}-tls`
+  secret:
+  # -- Sets the domain to be used. This domain should be provided by the instance globally
+  # for all components, but you are free to override it here
+  domain:
+  # -- The ingressclass to use for this ingress. Most likely, this is provided globally by the 
+  # instance, but you are free to override it here if this component should use a different class
+  # e.g. if you have separated ingress controllers, like a public and an internal one
+  # @default -- `public`
+  class:
+  # -- optionally sets a whitelist of ip ranges (CIDR format, comma separated)
+  # from which ingress is allowed. This is an annotation for nginx, so won't work with other
+  # ingress controllers
+  whitelist:
+  # -- Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy
+  # to allow traffic from this namespace to our pods. This may be a comma separated list
+  # @default -- "ingress, kube-system, ingress-nginx"
+  namespace:
+  # -- The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the
+  # most though this is only a constant used in the scripts.
+  contextPath: "/rapadm"
+  # -- Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.
+  proxyReadTimeout:
+  # -- Adds extra Annotations to the ingress
+  annotations:
+# -- Security Section defining default runtime environment for your container
+security:
+  podSecurityContext:
+    # -- The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context
+    # for security
+    # @internal -- there is normally no need to change this
+    runAsUser: 1001
+    # -- The file system group as which new files are created
+    # @internal -- there is normally no need to change this
+    fsGroup: 1001
+    # -- Under which condition should the fsGroup be changed
+    # @internal -- there is normally no need to change this
+    fsGroupChangePolicy: OnRootMismatch
+  containerSecurityContext:
+    # -- sets the container root file system to read only. This should be the case in production environment
+    # @internal -- you should not change this
+    readOnlyRootFilesystem: true
+    # -- Some functionality may need the possibility to allow privilege escalation. This should be very restrictive
+    # @internal -- you should not change this
+    allowPrivilegeEscalation: false
+    # -- Capabilities this container should have. Only allow the necessity, and drop as many as possible
+    # @internal -- you should not change this
+    capabilities:
+      drop:
+        - ALL
+  # -- turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes
+  # @default -- `false`
+  zeroTrust:
+mounts:
+  # -- The temp volume is used to hold any superflues and temporary data.
+  # it is deleted when the pod terminates. However, it is extremely important
+  # as all pods filesystems are read only
+  temp:
+    # -- Sets the path to the temporary files
+    # @internal -- do not change this value
+    path: "/tmp"
+    # -- Sets a list of paths to the temporary files
+    # @internal -- do not change this value
+    paths:
+    # -- Sets the size of the temporary disk (all paths)
+    size: "1Gi"
+  # -- The conf volume is a RWX volume mounted by the environment, that holds
+  # all configurations of all instances and components in this environment
+  conf:
+    # -- Sets the path to the conf files
+    # @internal -- do not change this value
+    path:
+    # -- Sets a list of paths to the conf files
+    # @internal -- do not change this value
+    paths:
+  # -- The log volume is used to take any left-over logging in the container.
+  # The container should log to stdout, but if any component still tries to log to disk
+  # this disk needs to be writeable
+  logs:
+    # -- Sets the path to the log files
+    # @internal -- do not change this value
+    path:
+    # -- Sets a list of paths to the log files
+    # @internal -- do not change this value
+    paths:
+    # -- Sets the size of the log disk (all paths)
+    size:
+  # -- some nscale Components require a license file and this
+  # defines it's location
+  license:
+    # -- Sets the path to the license files
+    # @internal -- do not change this value
+    path:
+  # -- If you want to use additional
+  # fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the
+  # fonts directory from the environment pool
+  fonts:
+    # -- Sets the path to the fonts folder.
+    # @internal -- do not change this value
+    path:
+  # -- You can add a file with trusted Root Certificates (e.g. Azure), to be able to
+  # connect to alien services via https. If you have a self-signed root certificate,
+  # you can also add it here.
+  caCerts:
+    # -- Sets the path to the certs folder.
+    # @internal -- do not change this value
+    paths:
+    # -- Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting
+    secret:
+    # -- Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting
+    configMap:
+  # -- the java based nscale components have their own certificates, that you might want to upload.
+  # You can normally do so via the environment configuration, but should you want to use a secret,
+  # you can set it here
+  componentCerts:
+    # -- Sets the path to the component certs.
+    # @internal -- do not change this value
+    paths:
+    # -- Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting
+    secret:
+    # -- Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting
+    configMap:
+  data:
+    # -- If you do not want to have a Volume created by the provisioner,
+    # you can set the name of your volume here to attach to this pre-existing one
+    volumeName:
+    # -- Sets the size of the data disk
+    size:
+    # -- Sets the class of the data disk
+    class:
+    # -- Sets the path to the data files
+    # @internal -- do not change this value
+    path:
+    # -- Sets a list of paths to the data files
+    # @internal -- do not change this value
+    paths:
+  file:
+    # -- If you do not want to have a Volume created by the provisioner,
+    # you can set the name of your volume here to attach to this pre-existing one
+    volumeName:
+    # -- Sets the size of the shared disk
+    size:
+    # -- Sets the class of the shared disk
+    class:
+    # -- Sets the path to the shared files
+    # @internal -- do not change this value
+    path:
+    # -- Sets a list of paths to the shared files
+    # @internal -- do not change this value
+    paths:
+  pool:
+    # -- Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted.
+    # this is used to store scripts, apps and assets that are required to deploy an application / solution
+    # @internal -- do not change this value
+    path:
+  # -- The temp volume is used to hold any superflues and temporary data.
+  # it is deleted when the pod terminates. However, it is extremely important
+  # as all pods filesystems are read only
+  ptemp:
+    # -- Sets the path for temporary files that are persisted
+    # @internal -- do not change this value
+    path:
+    # -- Sets a list of paths for temporary files that are persisted
+    # @internal -- do not change this value
+    paths:
+  # -- Allows to define generic mounts of pre-provisioned PVs into any container.
+  # This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.
+  generic:
+  disk:
+    # -- Sets the size of the disk
+    size:
+    # -- Sets the class of the disk
+    class:
+    # -- Sets the path to the disk files
+    # @internal -- do not change this value
+    path:
+    # -- Sets a list of paths to the data files
+    # @internal -- do not change this value
+    paths:
+    # -- If you do not want to have a Volume created by the provisioner,
+    # you can set the name of your volume here to attach to this pre-existing one
+    volumeName:
+    # -- enables the use of the second data disk. If enabled, all paths defined will end up on this disk.
+    # In case of the (default) disabled, the paths will be added to the primaty data disk.
+    enabled: false
+    # -- Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk.
+    # This is done only once and only if there is legacy data at all. No files are overwritten!
+    migration: false
+# -- Options for the Java VM
+javaOpts:
+  # -- set the percentage of RAM, Java will use of the total.
+  # The total amount is the amount installed in the K8s Cluster Node,
+  # OR the Memory Limit set (see resources), if any.
+  javaMaxRamPercentage:
+  # -- set the minimum memory, java will consume
+  javaMinMem:
+  # -- set the maximum memory, java will consume.
+  # Attention: This is NOT the real maximum and it does not include any non Java memory.
+  # Please read google, as this is highly discussed
+  javaMaxMem:
+  # -- Any misc Java Options that need to be passed to the container
+  javaMisc: "-Dorg.eclipse.rap.rwt.settingStoreFactory=settings-per-user"
+# -- provide the image to be used for this component
+image:
+  # -- you can provide your own pullSecrets, in case you use
+  # a private repo.
+  pullSecrets:
+    - nscale-cr
+    - nplus-cr
+  # -- the name of the image to use
+  name: administrator
+  # -- the tag of the image to use
+  tag: latest
+  # -- if you use a private repo, feel free to set it here
+  repo: ceyoniq.azurecr.io/release/nscale
+  pullPolicy: IfNotPresent
+# -- set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl)
+# etc.
+# @default -- `Europe/Berlin`
+timezone:
+# -- defines internal constants for nplus.
+# do not change these values
+meta:
+  # -- the type of the component. You should not change this value, except if
+  # you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner*
+  # This type is used to create cluster communication for nappl and nstl and potentially
+  # group multiple replicaSets into one service.
+  type: administrator
+  # -- lists the ports this component exposes. This is important for zero trust mode and others.
+  ports:
+    # -- The http port this component uses (if any). In zero trust mode, this will be disabled.
+    # @internal -- this is a constant value of the component and should not be changed.
+    http: 8080
+    # -- The tls / https port, this component uses (if any)
+    # @internal -- this is a constant value of the component and should not be changed.
+    https: 8443
+    # -- A potential tcp port, this component uses (if any)
+    # @internal -- this is a constant value of the component and should not be changed.
+    tcp:
+    # -- A potential rmi port, this component uses (if any)
+    # @internal -- this is a constant value of the component and should not be changed.
+    rmi:
+    # -- A potential tls / tcps port, this component uses (if any)
+    # @internal -- this is a constant value of the component and should not be changed.
+    tcps:
+  # -- sets tenant information to be able to invoice per use in a cloud environment
+  tenant:
+  # -- sets provider (partner, reseller) information to be able to invoice per use in a cloud environment
+  provider:
+  # -- Sets the wave in which this component should be deployed within an ArgoCD deployment
+  # if unset, it uses the default wave thus all components are installed in one wave, then relying
+  # on correct wait settings just like in a helm installation
+  wave:
+  # -- Sets the language of the main service (in the *service* container). This is used for instance
+  # if you turn OpenTelemetry on, to know which Agent to inject into the container.
+  language: java
+  # -- The container name of the main service for this component. This is used to define where to
+  # inject the telemetry agents, if any
+  serviceContainer: administrator
+  # -- A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment
+  # runs in. This can be used in template functions to add the stage to for instance the service name of
+  # telemetry services like open telemetry. (see telemetry example)
+  stage:
+  # -- This is the version of the component, used for display
+  # @internal -- set by devOps pipeline, so do not modify
+  componentVersion:
+# -- Set tolerations for this component
+tolerations:
+# -- select specific nodes for this component
+nodeSelector:
+# -- There should only be a single Administrator instance, so the replicaCount is
+# fixed to 1
+# @ignore -- Do not change this.
+replicaCount: 1
+# # <id>:
+# #   path: <the path in the container, where you want to mount this>
+# #   volumeName: <the name of the PV to be mounted>
+# #   subPath: <an (optional) subpath to be used inside the PV>
+
+# -- Sets the name of a secret, which holds additional environment variables for
+# the configuration. It is added as envFrom secretRef to the container.
+envSecret:
+# -- Sets the name of a configMap, which holds additional environment variables for
+# the configuration. It is added as envFrom configMap to the container.
+envMap:
+# -- Sets additional environment variables for
+# the configuration.
+env:
+# -- The nscale Application Layer, this component should talk to
+nappl:
+  # -- nappl host name
+  host:
+  # -- nappl port (http 8080 or https 8443)
+  port:
+  # -- sets the Advanced Connect to tls
+  ssl:
+  # -- instance of the Application Layer, likely `instance1`
+  instance:
+  # -- The technical account to login with
+  account:
+  # -- The domain of the technical account
+  domain:
+  # -- The password of the technical accunt (if not set by secret)
+  password:
+  # -- An optional secret that holds the credentials (the keys must be `account` and `password`)
+  secret:
+# -- Assigns hardware resources to container
+resources:
+  # -- Requests are used to assign a minimum to a container. This is the guaranteed amount
+  requests:
+    # -- Set the share of guaranteed CPU to the container.
+    cpu:
+    # -- Set the share of guaranteed RAM to the container
+    memory:
+  # -- Limits the maximum resources
+  limits:
+    # -- The maximum allowed CPU for the container
+    cpu:
+    # -- The maximum allowed RAM for the container
+    memory:
+# -- This overrides the output of the internal name function
+nameOverride:
+# -- This overrides the output of the internal fullname function
+fullnameOverride:
+utils:
+  # -- Turn debugging *on* will give you stack trace etc. 
+  # Please check out the Chart Developer Guide
+  # @default -- `false`
+  debug:
+  # -- You can turn Comment rendering *on* to get descriptive information inside the manifests. It
+  # will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD
+  # @default -- `true`
+  renderComments:
+  # -- By default, the namespace is rendered into the manifest. However, if you want to use
+  # `helm template` and store manifests for later applying them to multiple namespaces, you might
+  # want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later
+  # @default -- `true`
+  includeNamespace:
+  # -- in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the
+  # pods will start in idle, not starting the service at all. This will allow you to gain access to the container
+  # to perform recovery and maintenance tasks while having the real container up.
+  # @default -- `false`
+  maintenance:
+  # -- If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components
+  # of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components
+  # while previous waves are not finished yet.
+  # @default -- `false`
+  disableWave:
+  # -- in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are
+  # only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might
+  # start components even if they are not intended to run yet.
+  # @default -- `false`
+  disableWait:
+service:
+  # -- enables the service to be consumed by group components and a potential ingress
+  # Disabling the service also disables the ingress.
+  enabled: true
+  # -- The selector can be `component` or `type`
+  # *component* selects only pods that are in the replicaset.
+  # *type* selects any pod that has the given type
+  selector: "component"
+  # -- adds extra Annotations to the service
+  annotations:
+# -- Defines a list of conditions that need to be met before this components starts.
+# The condition must be a network port that opens, when the master component is ready.
+# Mostly, this will be a service, since a component is only added to a service if the 
+# probes succeed.
+waitFor:
+# -- if you set minReplicaCountType, a podDesruptionBudget will be created with this value as
+# minAvailable, using the component type as selector. This is useful for components, that are spread
+# across multiple replicaSets, like sharepoint or storage layer
+minReplicaCountType:
+# -- provide extra settings for pod templates
+template:
+  # -- set additional annotations for pods
+  annotations:
+  # -- set additional labels for pods
+  labels:
+# -- Settings for telemetry tools
+telemetry:
+  # -- turns Open Telemetry on
+  openTelemetry:
+  # -- Sets the service name for the telemetry service to more convenient
+  # identify the displayed component
+  # Example: "{{ .this.meta.type }}-{{ .instance.name }}"
+  serviceName:
+# -- Sets the terminationGracePeriodSeconds for the component
+# If not set, it uses the Kubernetes defaults
+terminationGracePeriodSeconds:

charts/application/Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v2
+name: nplus-application
+description: nplus Application, used to install Apps and Customizations into the nscale Application Layer.
+icon: data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPHN2ZyB2ZXJzaW9uPSIxLjEiIGlkPSJFYmVuZV8xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB4PSIwcHgiIHk9IjBweCIKCSB2aWV3Qm94PSIwIDAgNTEuMDI0IDUxLjAyNCIgZW5hYmxlLWJhY2tncm91bmQ9Im5ldyAwIDAgNTEuMDI0IDUxLjAyNCIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+CjxnPgoJPHBvbHlnb24gZmlsbD0iI0E0QkZFNCIgcG9pbnRzPSIzMi4zMjIsMTkuNzQ0IDIwLjY0OSwxOS43NDQgMTguNTkxLDMxLjQxNyAzMC4yNjQsMzEuNDE3IAkiLz4KCTxwb2x5Z29uIGZpbGw9IiNBNEJGRTQiIHBvaW50cz0iNDcuMTg1LDE5Ljc0NCAzNS41MTIsMTkuNzQ0IDMzLjQ1NCwzMS40MTcgNDUuMTI2LDMxLjQxNyAJIi8+Cgk8cG9seWdvbiBmaWxsPSIjQTRCRkU0IiBwb2ludHM9IjI5Ljc2NiwzNC41NTEgMTguMDk0LDM0LjU1MSAxNi4wMzUsNDYuMjI0IDI3LjcwOCw0Ni4yMjQgCSIvPgoJPHBvbHlnb24gZmlsbD0iI0E0QkZFNCIgcG9pbnRzPSIxNy41NywxOS43NDQgNS44OTcsMTkuNzQ0IDMuODM5LDMxLjQxNyAxNS41MTIsMzEuNDE3IAkiLz4KCTxwb2x5Z29uIGZpbGw9IiNBNEJGRTQiIHBvaW50cz0iMzUuMTUsNC43OTkgMjMuNDc3LDQuNzk5IDIxLjQxOSwxNi40NzIgMzMuMDkyLDE2LjQ3MiAJIi8+Cjwvc3ZnPgo=
+type: application
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+dependencies:
+  - name: nplus-globals
+    alias: globals
+    version: "*-0"
+    repository: "file://../globals"
+version: 1.0.0

charts/application/README.md

@@ -0,0 +1,340 @@
+
+
+# nplus-application
+
+nplus Application, used to install Apps and Customizations into the nscale Application Layer.
+
+## AppInstaller
+
+In order to install Apps, you will need a matching AppInstaller. This can be downloaded from the Ceyoniq Service Portal.
+Once you have it, copy it the pool folder (or any other place where the application chart has access to):
+
+```
+kubectl cp app-installer-9.0.1202.jar nplus-toolbox-0:/conf/pool
+```
+
+## Ceyoniq Smart Business Apps (SBS)
+
+The SBS Apps are automatically downloaded from the official Ceyoniq nstore by a job in the *nplus environment*, if you switched it on during the environment installation:
+
+```
+nstoreDownloader.enabled: true
+```
+
+If enabled, the Downloader job will run regularly in the background, and download the latest SBS Apps in the pool folder.
+You can always enabled it in the environment chart later on if desired:
+
+```
+helm upgrade \
+    --set toolbox.enabled=true \
+    --set nstoreDownloader.enabled=true \
+    dev nplus/nplus-environment
+```
+
+## SBS Example
+
+You can install SBS by adding the necessary apps to the deployment:
+
+```yaml
+components:
+  application: true
+application:
+  appInstaller: "/pool/app-installer-9.0.1202.jar"
+  docAreas:
+    - id: "SBS"
+      name: "DocArea with SBS"
+      description: "This is a sample DocArea with the SBS Apps installed"
+      apps:
+      - "/pool/nstore/bl-app-9.0.1202.zip"
+      - "/pool/nstore/gdpr-app-9.0.1302.zip"
+      - "/pool/nstore/sbs-base-9.0.1302.zip"
+      - "/pool/nstore/sbs-app-9.0.1302.zip"
+      - "/pool/nstore/tmpl-app-9.0.1302.zip"
+      - "/pool/nstore/cm-base-9.0.1302.zip"
+      - "/pool/nstore/cm-app-9.0.1302.zip"
+      - "/pool/nstore/hr-base-9.0.1302.zip"
+      - "/pool/nstore/hr-app-9.0.1302.zip"
+      - "/pool/nstore/pm-base-9.0.1302.zip"
+      - "/pool/nstore/pm-app-9.0.1302.zip"
+      - "/pool/nstore/sd-base-9.0.1302.zip"
+      - "/pool/nstore/sd-app-9.0.1302.zip"
+      - "/pool/nstore/kon-app-9.0.1302.zip"
+      - "/pool/nstore/kal-app-9.0.1302.zip"
+      - "/pool/nstore/dok-app-9.0.1302.zip"
+      - "/pool/nstore/ts-base-9.0.1302.zip"
+      - "/pool/nstore/ts-app-9.0.1302.zip"
+      - "/pool/nstore/ocr-base-9.0.1302.zip"
+```
+
+This will install the SBS Apps into the DocArea "SBS". The DocArea is created, if it does not exist.
+
+## Install custom Generic Base Apps (GBA)
+
+If you wish to deploy your custom GBAs, simply copy them to the pool (e.g. in the apps folder):
+
+```
+kubectl cp my-gba-1.0.1000.zip nplus-toolbox-0:/conf/pool/apps
+```
+
+Then, use the GBA file name and version in the DocArea:
+
+```
+application:
+  docAreas:
+    - id: "MyGBA"
+      name: "DocArea with my GBA"
+      description: "This is a sample DocArea with a custom GBA installed"
+      apps:
+      - "/pool/apps/my-gba-1.0.1000.zip"
+```
+
+## Downloading assets from the web, like git
+
+If your assets are in git, you can simply download them prior to installing. That way, you do not have to upload them manually:
+
+```
+application:
+  download:
+    - "https://git.nplus.cloud/public/nplus/raw/branch/master/apps/my-gba-1.0.1000.zip"
+  docAreas:
+    - id: "MyGBA"
+      name: "DocArea with my GBA"
+      description: "This is a sample DocArea with a custom GBA installed"
+      apps:
+      - "/pool/downloads/my-gba-1.0.1000.zip"
+```
+
+> You can also use the *prepper* for downloading assets, which is useful to for example download snippets into the web client before it starts.
+
+## Deploying additional parts
+
+You might want to deploy additional parts like web snippets to your instance. This can by done by custom scripts.
+
+Custom scripts can be run either in *global* or in *document area* context:
+
+```
+application:
+  preRun:
+  - "/pool/scripts/global-init.sh"
+  docAreas:
+    - id: "MyGBA"
+      run:
+      - "/pool/scripts/da-deployment.sh"
+  run:
+  - "/pool/scripts/global-deployment.sh"
+```
+In *DA* context, the script will get the NAPPL information passed to it.
+In *global* context, the script does not get any application specific context.
+
+Example (for a global script):
+
+```
+#/bin/sh
+cp /pool/snippets/test.jar /instance/web/snippets
+```
+
+This script copies the file *test.jar* to the web snippets folder, so the web containers have access to it.
+
+Place this script in the pool folder of your environment, like this:
+
+```
+kubectl cp global-deployment.sh nplus-toolbox-0:/conf/pool/scripts
+```
+
+Then you can run it during the initialization Job like in the example above.
+Of course you also need to copy your snippet to the pool first:
+
+```
+kubectl cp test.jar nplus-toolbox-0:/conf/pool/snippets
+```
+
+Scripts can run Pre- and Post DocArea and App installs:
+
+- The *global preRun* scripts are run **before** any document area initialization.
+- The *DA preRun* scripts are run **before** all apps are installed.
+- The *DA Run* scripts are run **after** all apps are installed.
+- The *global Run* scripts are run **after** any document area initialization.
+
+## Debugging
+
+The Application Chart uses a job that runs a pod once the Application Layer is available. This pod then creates document areas (if not present) and installs apps into them.
+
+While the job is running, you can check its log using
+
+```
+kubectl logs -l nplus/instance=<instance>,nplus/component=application
+```
+
+Please substitute `<instance>` with your instance name.
+
+The job/pod is automatically removed shortly after it finishes, so the `kubectl logs` command might not find the resource any more if you try this after minutes. Of course you will still find these logs in splunk, prometheus, kibana or whatever log stack you use.
+
+Alternatively, you can check the log at `/conf/<instance>/application/10init.log` from inside the environment toolbox.
+
+```
+kubectl exec --stdin --tty nplus-toolbox-0 -- cat /conf/<instance>/application/10init.log
+```
+
+## Wait-One-Minute
+
+If you have an update scenario (and not using argoCD with its waves) and your application is inside your instance, you might get into a race condition problem:
+
+Your Application Layer is still up when the job is created. The jobs waits for the Application Layer, which - since it is still there - is only a split second and then the job executes. Kubernetes might then update the Application Layer which terminates, leaving the job crashing. As the application job only tries to install once, it will be left incomplete.
+
+We use an init container `wait-one-minute`, which will wait a minute before the job executes, leaving Kubernetes and the Application Layer enough time to terminate for the update.
+
+This is the default when **not** using argoCD and waves.
+
+## nplus-application Chart Configuration
+
+You can customize / configure nplus-application by setting configuration values on the command line or in values files,
+that you can pass to helm. Please see the samples directory for details.
+
+In case there is no value set, the key will not be used in the manifest, resulting in values taken from the config files of the component.
+
+### Template Functions
+
+You can use template functions in the values files. If you do so, make sure you quote correctly (single quotes, if you have double quotes in the template,
+or escaped quotes).
+
+### Global Values
+
+All values can be set per component, per instance or globally per environment.
+
+Example: `global.ingress.domain` sets the domain on instance level. You can still set a different domain on a component, such as administrator.
+In that case, simply set `ingress.domain` for the administrator chart and that setting will have priority:
+
+- Prio 1 - Component Level: `ingress.domain`
+- Prio 2 - Instance Level: `global.ingress.domain`
+- Prio 3 - Environment Level: `global.environment.ingress.domain`
+
+### Using Values in Templates
+
+As it would be a lot of typing to write `.Values.ingress.domain | default .Values.global.ingress.domain | default .Values.global.environment.ingress.domain`in your
+template code, this is automatically done by nplus. You can simply type `.this.ingress.domain` and you will get a condensed and defaulted version
+of your Values.
+
+So an example in your `values.yaml` would be:
+
+```
+administrator:
+  waitFor:
+    - '-service {{ .component.prefix }}nappljobs.{{ .Release.Namespace }}.svc.cluster.local:\{{ .this.nappl.port }} -timeout 600'
+```
+
+This example shows `.this.nappl.port` which might come from a component, instance or global setting. You do not need to care.
+The `.Release.Namespace` is set by helm. You have access to all Release and Chart Metadata, just like in your chart code.
+
+The `.component.prefix` is calculated by nplus and gives you some handy shortcuts to internal variables:
+
+- `.component.chartName` 
+  The name of the chart as in `.Chart.Name`, but with override by `.Values.nameOverride`
+- `.component.shortChartName` 
+  A shorter Version of the name - `nappl` instead of `nplus-component-nappl`
+- `.component.prefix` 
+  The instance Prefix used to name the resources including `-`. This prefix is dropped, if the
+  `.Release.Name` equals `.Release.Namespace` for those of you that only
+  run one nplus Instance per namespace
+- `.component.name` 
+  The name of the component, including `.Values.nameOverride` and some logic
+- `.component.fullName` 
+  The fullName inlcuding `.Values.fullnameOverride` and some logic
+- `.component.chart` 
+  Mainly the `Chart.Name` and `Chart.Version`
+- `.component.storagePath` 
+  The path where the component config is stored in the conf PVC
+- `.component.handler` 
+  The handler (either helm, argoCD or manual)
+
+- `.instance.name` 
+  The name of the instance, but with override by `.Values.instanceOverride`
+- `.instance.group` 
+  The group, this instance belongs to. Override by `.Values.groupOverride`
+- `.instance.version` 
+  The *nscale* version (mostly taken from Application Layer), this instance is deploying.
+
+- `.environment.name` 
+  The name of the environment, but with override by `.Values.environmentNameOverride`
+
+### Keys
+
+You can set any of the following values for this component:
+
+| Key | Description | Default |
+|-----|-------------|---------|
+docAreas | Provide a list of docareas to create. Please also see the example files |   |
+download | A list of URLs (Links) to Assets to download before anything else if the download is a .tar.gz, it is automatically untared to /pool/downloads |   |
+env | Sets additional environment variables for the configuration. |   |
+envMap | Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container. |   |
+envSecret | Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container. |   |
+fullnameOverride | This overrides the output of the internal fullname function |   |
+**image**&#8203;.name | the name of the image to use |  `"application-layer"` |
+**image**&#8203;.pullSecrets | you can provide your own pullSecrets, in case you use a private repo. |  `["nscale-cr", "nplus-cr"]` |
+**image**&#8203;.repo | if you use a private repo, feel free to set it here |  `"ceyoniq.azurecr.io/release/nscale"` |
+**image**&#8203;.tag | the tag of the image to use |  `"latest"` |
+**meta**&#8203;.language | Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container. |   |
+**meta**&#8203;.provider | sets provider (partner, reseller) information to be able to invoice per use in a cloud environment |   |
+**meta**&#8203;.serviceContainer | The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any |   |
+**meta**&#8203;.stage | A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example) |   |
+**meta**&#8203;.tenant | sets tenant information to be able to invoice per use in a cloud environment |   |
+**meta**&#8203;.type | the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service. |  `"application"` |
+**meta**&#8203;.wave | Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation |   |
+minReplicaCountType | if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer |   |
+**mounts**&#8203;.caCerts&#8203;.configMap | Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting |   |
+**mounts**&#8203;.caCerts&#8203;.secret | Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting |   |
+**mounts**&#8203;.componentCerts&#8203;.configMap | Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting |   |
+**mounts**&#8203;.componentCerts&#8203;.secret | Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting |   |
+**mounts**&#8203;.conf&#8203;.path | Sets the path to the conf files <br>do not change this value | **info only**, do not change<br> `"/application"` |
+**mounts**&#8203;.data&#8203;.class | Sets the class of the data disk |   |
+**mounts**&#8203;.data&#8203;.size | Sets the size of the data disk |   |
+**mounts**&#8203;.data&#8203;.volumeName | If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one |   |
+**mounts**&#8203;.disk&#8203;.class | Sets the class of the disk |   |
+**mounts**&#8203;.disk&#8203;.enabled | enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk. |  `false` |
+**mounts**&#8203;.disk&#8203;.migration | Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten! |  `false` |
+**mounts**&#8203;.disk&#8203;.size | Sets the size of the disk |   |
+**mounts**&#8203;.disk&#8203;.volumeName | If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one |   |
+**mounts**&#8203;.file&#8203;.class | Sets the class of the shared disk |   |
+**mounts**&#8203;.file&#8203;.size | Sets the size of the shared disk |   |
+**mounts**&#8203;.file&#8203;.volumeName | If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one |   |
+**mounts**&#8203;.generic | Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container. |   |
+**mounts**&#8203;.logs&#8203;.size | Sets the size of the log disk (all paths) |   |
+**mounts**&#8203;.pool&#8203;.path | Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution <br>do not change this value | **info only**, do not change<br> `"/pool"` |
+**mounts**&#8203;.temp&#8203;.path | Sets the path to the temporary files <br>do not change this value | **info only**, do not change<br> `"/tmp"` |
+**mounts**&#8203;.temp&#8203;.size | Sets the size of the temporary disk (all paths) |   |
+nameOverride | This overrides the output of the internal name function |   |
+**nappl**&#8203;.account | The technical account to login with |   |
+**nappl**&#8203;.domain | The domain of the technical account |   |
+**nappl**&#8203;.host | nappl host name |   |
+**nappl**&#8203;.instance | instance of the Application Layer, likely `instance1` |   |
+**nappl**&#8203;.password | The password of the technical accunt (if not set by secret) |   |
+**nappl**&#8203;.port | nappl port (http 8080 or https 8443) |   |
+**nappl**&#8203;.secret | An optional secret that holds the credentials (the keys must be `account` and `password`) |   |
+**nappl**&#8203;.ssl | sets the Advanced Connect to tls |   |
+nodeSelector | select specific nodes for this component |   |
+**nstl**&#8203;.host | The dns of the *nscale Server Storage Layer*. This is used to add it to the nappl configuration |   |
+prerun | A list of scripts to run before the deployment of Apps |   |
+**resources**&#8203;.limits&#8203;.cpu | The maximum allowed CPU for the container |   |
+**resources**&#8203;.limits&#8203;.memory | The maximum allowed RAM for the container |   |
+**resources**&#8203;.requests&#8203;.cpu | Set the share of guaranteed CPU to the container. |   |
+**resources**&#8203;.requests&#8203;.memory | Set the share of guaranteed RAM to the container |   |
+**rs**&#8203;.host | The dns of the *nscale rendition Server*. This is used to add it to the nappl configuration |   |
+run | A list of scripts to run after the deployment of Apps |   |
+**security**&#8203;.containerSecurityContext&#8203;.allowPrivilegeEscalation | Some functionality may need the possibility to allow privilege escalation. This should be very restrictive <br>you should not change this | **info only**, do not change<br> `false` |
+**security**&#8203;.containerSecurityContext&#8203;.readOnlyRootFilesystem | sets the container root file system to read only. This should be the case in production environment <br>you should not change this | **info only**, do not change<br> `true` |
+**security**&#8203;.podSecurityContext&#8203;.fsGroup | The file system group as which new files are created <br>there is normally no need to change this | **info only**, do not change<br> `1001` |
+**security**&#8203;.podSecurityContext&#8203;.fsGroupChangePolicy | Under which condition should the fsGroup be changed <br>there is normally no need to change this | **info only**, do not change<br> `"OnRootMismatch"` |
+**security**&#8203;.podSecurityContext&#8203;.runAsUser | The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security <br>there is normally no need to change this | **info only**, do not change<br> `1001` |
+**security**&#8203;.zeroTrust | turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes |  `false` |
+**telemetry**&#8203;.openTelemetry | turns Open Telemetry on |   |
+**telemetry**&#8203;.serviceName | Sets the service name for the telemetry service to more convenient identify the displayed component Example: "{{ .this.meta.type }}-{{ .instance.name }}" |   |
+terminationGracePeriodSeconds | Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults |   |
+timezone | set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc. |  `Europe/Berlin` |
+tolerations | Set tolerations for this component |   |
+**utils**&#8203;.debug | Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide |  `false` |
+**utils**&#8203;.disableWait | in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet. |  `false` |
+**utils**&#8203;.disableWave | If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet. |  `false` |
+**utils**&#8203;.includeNamespace | By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later |  `true` |
+**utils**&#8203;.maintenance | in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up. |  `false` |
+**utils**&#8203;.renderComments | You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD |  `true` |
+waitFor | Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed. |   |
+

charts/application/templates/NOTES.txt

@@ -0,0 +1,14 @@
+{{- if .Values.docAreas }}
+    {{- range $docArea := .Values.docAreas }}
+Created Document Area {{ $docArea.id }} on Server {{ $.this.nappl.host }}
+        {{- if $docArea.apps }}
+            {{- range $app := $docArea.apps }}
+- Installed App {{ $app }} into {{ $docArea.id }}
+            {{- end }}
+        {{- else }}
+- No Apps in Document Area {{ $docArea.id }} specified
+        {{- end }}
+    {{- end }}
+{{- else }}
+No Document Areas specified
+{{- end }}

charts/application/templates/application.tpl

@@ -0,0 +1,19 @@
+apiVersion: nplus.cloud/v1beta1
+kind: Application
+metadata:
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  name: {{ .component.fullName }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.annotations" . | nindent 4 }}
+    argocd.argoproj.io/sync-wave: "1"
+spec:
+  docAreas:
+    {{- toYaml .Values.docAreas | nindent 4 }}
+  run:
+    {{- toYaml .Values.run | nindent 4 }}
+  selector:
+    {{- include "nplus.selectorLabels" . | nindent 4 }}

charts/application/templates/config.tpl

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .component.fullName }}-config
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoWave" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+    {{- include "nplus.securityAnnotations" . | nindent 4 }}
+data:
+{{- range $path, $bytes := .Files.Glob "config/*" }}
+{{- base $path | nindent 2 }}: |
+{{- tpl ($.Files.Get $path) $ | nindent 4 }}
+{{- end }}

charts/application/templates/job.tpl

@@ -0,0 +1,89 @@
+{{- include "nplus.init" $ -}}
+# Component: {{ .component.chartName }}
+# will connect to:
+{{- if (.this.nappl).host }}
+#   nappl: {{ if ($.this.nappl).ssl -}}https{{- else -}}http{{- end -}}://{{ ($.this.nappl).host }}:{{ (.this.nappl).port }}/{{ (.this.nappl).instance }}
+{{- else }}
+#   defined by config file in conf PV.
+{{- end }}
+#
+{{- if (.this.utils).maintenance -}}
+# Job must not be running, as we are in maintenance mode and there might not even be a nappl service
+{{- else }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ .component.fullName }}
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    argocd.argoproj.io/hook: PostSync
+    argocd.argoproj.io/hook-delete-policy: HookSucceeded
+    {{- include "nplus.annotations" . | nindent 4 }}
+    {{- include "nplus.securityAnnotations" . | nindent 4 }}
+spec:
+  # Deletion ist done by Operator when successful, so no ttl necessary.
+  # ttlSecondsAfterFinished: 60
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/version: {{ .Chart.AppVersion }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .instance.group | default .instance.name | default .Release.Name }}
+        app.kubernetes.io/component: {{ .component.chartName }}
+        {{- include "nplus.templateLabels" . | nindent 8 }}
+    spec:
+      # hostname: {{ .component.fullName }}
+      {{- include "nplus.imagePullSecrets" . | nindent 6 }}
+      {{- include "nplus.podSecurityContext" . | nindent 6 }}
+      {{- include "nplus.terminationGracePeriodSeconds" . | nindent 6 }}
+      
+      initContainers:
+
+      {{- if (or .this.utils.disableWave (not (and .component.isArgo .this.meta.wave))) }}
+      {{- include "nplus.waitOneMinute" . | nindent 6 }}
+      {{- else }}
+      # -- wait-one-minute - not waiting as {{ .this.utils.disableWave }} {{ .component.isArgo }} {{ .this.meta.wave }}
+      {{- end }}
+      {{- include "nplus.waitFor" . | nindent 6 }}
+      
+      containers:
+      - name: run
+        image: {{ include "nplus.image"  (dict "global" .Values.global "image" .Values.image) }}
+        imagePullPolicy: {{ include "nplus.imagePullPolicy" .Values.image }}
+        {{- include "nplus.containerSecurityContext" . | nindent 8 }}
+        env:
+        # -- NAPPL Connection Credentials
+          {{- include "nplus.envCredentials" (list
+            "APP_AL_USER"       ($.this.nappl).account
+            "APP_AL_PASSWORD"   ($.this.nappl).password
+                                ($.this.nappl).secret
+          ) | nindent 10 }}
+
+        {{- include "nplus.environment" . | nindent 8 }}
+
+        command: ["/bin/sh", "-c", "/config/run"]
+
+        {{- include "nplus.resources" . | nindent 8 }}
+
+        volumeMounts:
+        {{- include "nplus.defaultMounts" . | nindent 8 }}
+        - name: config
+          mountPath: /config
+        - name: conf
+          subPath: {{ .this.instance.name }}
+          mountPath: /instance
+
+      volumes:
+      {{- include "nplus.defaultVolumes" . | nindent 6 }}
+      - name: config
+        configMap:
+          name: {{ .component.fullName }}-config
+          defaultMode: 0777
+
+      restartPolicy: Never
+  backoffLimit: 0
+{{- end }}

charts/application/templates/networkpolicy.tpl

@@ -0,0 +1,28 @@
+{{- include "nplus.init" $ -}}
+{{- if ((.this.security).cni).createNetworkPolicy }}
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: {{ .component.fullName }}
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoWave" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+    {{- include "nplus.securityAnnotations" . | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+    {{- include "nplus.selectorLabels" . | nindent 6 }}
+  policyTypes:
+  - Egress
+  egress:
+  - to:
+    - podSelector:
+        matchLabels:
+          nplus/group: {{ .instance.group }}
+          nplus/type: core
+{{- end }}

charts/application/values.schema.json

@@ -0,0 +1,725 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "additionalProperties": false,
+  "properties": {
+    "docAreas": {
+      "default": "",
+      "description": "Provide a list of docareas to create. Please also see the example files",
+      "title": "docAreas"
+    },
+    "download": {
+      "default": "",
+      "description": "A list of URLs (Links) to Assets to download before anything else if the download is a .tar.gz, it is automatically untared to /pool/downloads",
+      "title": "download"
+    },
+    "env": {
+      "default": "",
+      "description": "Sets additional environment variables for the configuration.",
+      "title": "env"
+    },
+    "envMap": {
+      "default": "",
+      "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
+      "title": "envMap"
+    },
+    "envSecret": {
+      "default": "",
+      "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
+      "title": "envSecret"
+    },
+    "fullnameOverride": {
+      "default": "",
+      "description": "This overrides the output of the internal fullname function",
+      "title": "fullnameOverride"
+    },
+    "global": {
+      "description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
+      "title": "global",
+      "type": "object"
+    },
+    "globals": {
+      "description": "nplus Global Functions Library Chart",
+      "properties": {
+        "global": {
+          "description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
+          "title": "global",
+          "type": "object"
+        }
+      },
+      "title": "nplus-globals",
+      "type": "object"
+    },
+    "image": {
+      "additionalProperties": false,
+      "description": "provide the image to be used for this component",
+      "properties": {
+        "name": {
+          "default": "application-layer",
+          "description": "the name of the image to use",
+          "title": "name"
+        },
+        "pullSecrets": {
+          "description": "you can provide your own pullSecrets, in case you use a private repo.",
+          "items": {
+            "anyOf": [
+              {
+                "type": "string"
+              },
+              {
+                "type": "string"
+              }
+            ]
+          },
+          "title": "pullSecrets"
+        },
+        "repo": {
+          "default": "ceyoniq.azurecr.io/release/nscale",
+          "description": "if you use a private repo, feel free to set it here",
+          "title": "repo"
+        },
+        "tag": {
+          "default": "ubi.9.3.1300.2024121814",
+          "description": "the tag of the image to use",
+          "title": "tag"
+        }
+      },
+      "title": "image"
+    },
+    "meta": {
+      "additionalProperties": false,
+      "properties": {
+        "componentVersion": {
+          "default": "",
+          "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
+          "title": "componentVersion"
+        },
+        "language": {
+          "default": "",
+          "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
+          "title": "language"
+        },
+        "ports": {
+          "additionalProperties": false,
+          "description": "lists the ports this component exposes. This is important for zero trust mode and others.",
+          "properties": {
+            "http": {
+              "default": "",
+              "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
+              "title": "http"
+            },
+            "https": {
+              "default": "",
+              "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
+              "title": "https"
+            },
+            "rmi": {
+              "default": "",
+              "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
+              "title": "rmi"
+            },
+            "tcp": {
+              "default": "",
+              "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
+              "title": "tcp"
+            },
+            "tcps": {
+              "default": "",
+              "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
+              "title": "tcps"
+            }
+          },
+          "title": "ports"
+        },
+        "provider": {
+          "default": "",
+          "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
+          "title": "provider"
+        },
+        "serviceContainer": {
+          "default": "",
+          "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
+          "title": "serviceContainer"
+        },
+        "stage": {
+          "default": "",
+          "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
+          "title": "stage"
+        },
+        "tenant": {
+          "default": "",
+          "description": "sets tenant information to be able to invoice per use in a cloud environment",
+          "title": "tenant"
+        },
+        "type": {
+          "default": "application",
+          "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
+          "title": "type"
+        },
+        "wave": {
+          "default": "",
+          "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
+          "title": "wave"
+        }
+      },
+      "title": "meta",
+      "type": "object"
+    },
+    "minReplicaCountType": {
+      "default": "",
+      "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
+      "title": "minReplicaCountType"
+    },
+    "mounts": {
+      "additionalProperties": false,
+      "properties": {
+        "caCerts": {
+          "additionalProperties": false,
+          "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
+          "properties": {
+            "configMap": {
+              "default": "",
+              "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
+              "title": "configMap"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets the path to the certs folder. @internal -- do not change this value",
+              "title": "paths"
+            },
+            "secret": {
+              "default": "",
+              "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
+              "title": "secret"
+            }
+          },
+          "title": "caCerts"
+        },
+        "componentCerts": {
+          "additionalProperties": false,
+          "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
+          "properties": {
+            "configMap": {
+              "default": "",
+              "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
+              "title": "configMap"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets the path to the component certs. @internal -- do not change this value",
+              "title": "paths"
+            },
+            "secret": {
+              "default": "",
+              "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
+              "title": "secret"
+            }
+          },
+          "title": "componentCerts"
+        },
+        "conf": {
+          "additionalProperties": false,
+          "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
+          "properties": {
+            "path": {
+              "default": "/application",
+              "description": "Sets the path to the conf files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the conf files @internal -- do not change this value",
+              "title": "paths"
+            }
+          },
+          "title": "conf"
+        },
+        "data": {
+          "additionalProperties": false,
+          "properties": {
+            "class": {
+              "default": "",
+              "description": "Sets the class of the data disk",
+              "title": "class"
+            },
+            "path": {
+              "default": "",
+              "description": "Sets the path to the data files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the data files @internal -- do not change this value",
+              "title": "paths"
+            },
+            "size": {
+              "default": "",
+              "description": "Sets the size of the data disk",
+              "title": "size"
+            },
+            "volumeName": {
+              "default": "",
+              "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
+              "title": "volumeName"
+            }
+          },
+          "title": "data",
+          "type": "object"
+        },
+        "disk": {
+          "additionalProperties": false,
+          "properties": {
+            "class": {
+              "default": "",
+              "description": "Sets the class of the disk",
+              "title": "class"
+            },
+            "enabled": {
+              "default": "false",
+              "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
+              "title": "enabled"
+            },
+            "migration": {
+              "default": "false",
+              "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
+              "title": "migration"
+            },
+            "path": {
+              "default": "",
+              "description": "Sets the path to the disk files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the data files @internal -- do not change this value",
+              "title": "paths"
+            },
+            "size": {
+              "default": "",
+              "description": "Sets the size of the disk",
+              "title": "size"
+            },
+            "volumeName": {
+              "default": "",
+              "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
+              "title": "volumeName"
+            }
+          },
+          "title": "disk",
+          "type": "object"
+        },
+        "file": {
+          "additionalProperties": false,
+          "properties": {
+            "class": {
+              "default": "",
+              "description": "Sets the class of the shared disk",
+              "title": "class"
+            },
+            "path": {
+              "default": "",
+              "description": "Sets the path to the shared files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the shared files @internal -- do not change this value",
+              "title": "paths"
+            },
+            "size": {
+              "default": "",
+              "description": "Sets the size of the shared disk",
+              "title": "size"
+            },
+            "volumeName": {
+              "default": "",
+              "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
+              "title": "volumeName"
+            }
+          },
+          "title": "file",
+          "type": "object"
+        },
+        "fonts": {
+          "additionalProperties": false,
+          "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
+          "properties": {
+            "path": {
+              "default": "",
+              "description": "Sets the path to the fonts folder. @internal -- do not change this value",
+              "title": "path"
+            }
+          },
+          "title": "fonts"
+        },
+        "generic": {
+          "default": "",
+          "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
+          "title": "generic"
+        },
+        "license": {
+          "additionalProperties": false,
+          "description": "some nscale Components require a license file and this defines it's location",
+          "properties": {
+            "path": {
+              "default": "",
+              "description": "Sets the path to the license files @internal -- do not change this value",
+              "title": "path"
+            }
+          },
+          "title": "license"
+        },
+        "logs": {
+          "additionalProperties": false,
+          "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
+          "properties": {
+            "path": {
+              "default": "",
+              "description": "Sets the path to the log files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the log files @internal -- do not change this value",
+              "title": "paths"
+            },
+            "size": {
+              "default": "",
+              "description": "Sets the size of the log disk (all paths)",
+              "title": "size"
+            }
+          },
+          "title": "logs"
+        },
+        "pool": {
+          "additionalProperties": false,
+          "properties": {
+            "path": {
+              "default": "/pool",
+              "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
+              "title": "path"
+            }
+          },
+          "title": "pool",
+          "type": "object"
+        },
+        "ptemp": {
+          "additionalProperties": false,
+          "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
+          "properties": {
+            "path": {
+              "default": "",
+              "description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
+              "title": "paths"
+            }
+          },
+          "title": "ptemp"
+        },
+        "temp": {
+          "additionalProperties": false,
+          "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
+          "properties": {
+            "path": {
+              "default": "/tmp",
+              "description": "Sets the path to the temporary files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the temporary files @internal -- do not change this value",
+              "title": "paths"
+            },
+            "size": {
+              "default": "",
+              "description": "Sets the size of the temporary disk (all paths)",
+              "title": "size"
+            }
+          },
+          "title": "temp"
+        }
+      },
+      "title": "mounts",
+      "type": "object"
+    },
+    "nameOverride": {
+      "default": "",
+      "description": "This overrides the output of the internal name function",
+      "title": "nameOverride"
+    },
+    "nappl": {
+      "additionalProperties": false,
+      "description": "The nscale Application Layer, this component should talk to",
+      "properties": {
+        "account": {
+          "default": "",
+          "description": "The technical account to login with",
+          "title": "account"
+        },
+        "domain": {
+          "default": "",
+          "description": "The domain of the technical account",
+          "title": "domain"
+        },
+        "host": {
+          "default": "",
+          "description": "nappl host name",
+          "title": "host"
+        },
+        "instance": {
+          "default": "",
+          "description": "instance of the Application Layer, likely `instance1`",
+          "title": "instance"
+        },
+        "password": {
+          "default": "",
+          "description": "The password of the technical accunt (if not set by secret)",
+          "title": "password"
+        },
+        "port": {
+          "default": "",
+          "description": "nappl port (http 8080 or https 8443)",
+          "title": "port"
+        },
+        "secret": {
+          "default": "",
+          "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)",
+          "title": "secret"
+        },
+        "ssl": {
+          "default": "",
+          "description": "sets the Advanced Connect to tls",
+          "title": "ssl"
+        }
+      },
+      "title": "nappl"
+    },
+    "nodeSelector": {
+      "default": "",
+      "description": "select specific nodes for this component",
+      "title": "nodeSelector"
+    },
+    "nstl": {
+      "additionalProperties": false,
+      "properties": {
+        "host": {
+          "default": "",
+          "description": "The dns of the *nscale Server Storage Layer*. This is used to add it to the nappl configuration",
+          "title": "host"
+        }
+      },
+      "title": "nstl",
+      "type": "object"
+    },
+    "prerun": {
+      "default": "",
+      "description": "A list of scripts to run before the deployment of Apps",
+      "title": "prerun"
+    },
+    "resources": {
+      "additionalProperties": false,
+      "description": "Assigns hardware resources to container",
+      "properties": {
+        "limits": {
+          "additionalProperties": false,
+          "description": "Limits the maximum resources",
+          "properties": {
+            "cpu": {
+              "default": "",
+              "description": "The maximum allowed CPU for the container",
+              "title": "cpu"
+            },
+            "memory": {
+              "default": "",
+              "description": "The maximum allowed RAM for the container",
+              "title": "memory"
+            }
+          },
+          "title": "limits"
+        },
+        "requests": {
+          "additionalProperties": false,
+          "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
+          "properties": {
+            "cpu": {
+              "default": "",
+              "description": "Set the share of guaranteed CPU to the container.",
+              "title": "cpu"
+            },
+            "memory": {
+              "default": "",
+              "description": "Set the share of guaranteed RAM to the container",
+              "title": "memory"
+            }
+          },
+          "title": "requests"
+        }
+      },
+      "title": "resources"
+    },
+    "rs": {
+      "additionalProperties": false,
+      "properties": {
+        "host": {
+          "default": "",
+          "description": "The dns of the *nscale rendition Server*. This is used to add it to the nappl configuration",
+          "title": "host"
+        }
+      },
+      "title": "rs",
+      "type": "object"
+    },
+    "run": {
+      "default": "",
+      "description": "A list of scripts to run after the deployment of Apps",
+      "title": "run"
+    },
+    "security": {
+      "additionalProperties": false,
+      "description": "Security Section defining default runtime environment for your container",
+      "properties": {
+        "containerSecurityContext": {
+          "additionalProperties": false,
+          "properties": {
+            "allowPrivilegeEscalation": {
+              "default": "false",
+              "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
+              "title": "allowPrivilegeEscalation"
+            },
+            "capabilities": {
+              "additionalProperties": false,
+              "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
+              "properties": {
+                "drop": {
+                  "items": {
+                    "anyOf": [
+                      {
+                        "type": "string"
+                      }
+                    ]
+                  },
+                  "title": "drop",
+                  "type": "array"
+                }
+              },
+              "title": "capabilities"
+            },
+            "readOnlyRootFilesystem": {
+              "default": "true",
+              "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
+              "title": "readOnlyRootFilesystem"
+            }
+          },
+          "title": "containerSecurityContext",
+          "type": "object"
+        },
+        "podSecurityContext": {
+          "additionalProperties": false,
+          "properties": {
+            "fsGroup": {
+              "default": "1001",
+              "description": "The file system group as which new files are created @internal -- there is normally no need to change this",
+              "title": "fsGroup"
+            },
+            "fsGroupChangePolicy": {
+              "default": "OnRootMismatch",
+              "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
+              "title": "fsGroupChangePolicy"
+            },
+            "runAsUser": {
+              "default": "1001",
+              "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
+              "title": "runAsUser"
+            }
+          },
+          "title": "podSecurityContext",
+          "type": "object"
+        },
+        "zeroTrust": {
+          "default": "`false`",
+          "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
+          "title": "zeroTrust"
+        }
+      },
+      "title": "security"
+    },
+    "telemetry": {
+      "additionalProperties": false,
+      "description": "Settings for telemetry tools",
+      "properties": {
+        "openTelemetry": {
+          "default": "",
+          "description": "turns Open Telemetry on",
+          "title": "openTelemetry"
+        },
+        "serviceName": {
+          "default": "",
+          "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
+          "title": "serviceName"
+        }
+      },
+      "title": "telemetry"
+    },
+    "terminationGracePeriodSeconds": {
+      "default": "",
+      "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
+      "title": "terminationGracePeriodSeconds"
+    },
+    "timezone": {
+      "default": "`Europe/Berlin`",
+      "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
+      "title": "timezone"
+    },
+    "tolerations": {
+      "default": "",
+      "description": "Set tolerations for this component",
+      "title": "tolerations"
+    },
+    "utils": {
+      "additionalProperties": false,
+      "properties": {
+        "debug": {
+          "default": "`false`",
+          "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide",
+          "title": "debug"
+        },
+        "disableWait": {
+          "default": "`false`",
+          "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
+          "title": "disableWait"
+        },
+        "disableWave": {
+          "default": "`false`",
+          "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
+          "title": "disableWave"
+        },
+        "includeNamespace": {
+          "default": "`true`",
+          "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
+          "title": "includeNamespace"
+        },
+        "maintenance": {
+          "default": "`false`",
+          "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
+          "title": "maintenance"
+        },
+        "renderComments": {
+          "default": "`true`",
+          "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
+          "title": "renderComments"
+        }
+      },
+      "title": "utils",
+      "type": "object"
+    },
+    "waitFor": {
+      "default": "",
+      "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed.",
+      "title": "waitFor"
+    }
+  },
+  "type": "object"
+}

charts/application/values.yaml

@@ -0,0 +1,338 @@
+# yaml-language-server: $schema=values.schema.json
+meta:
+  # -- the type of the component. You should not change this value, except if
+  # you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner*
+  # This type is used to create cluster communication for nappl and nstl and potentially
+  # group multiple replicaSets into one service.
+  type: application
+  # -- lists the ports this component exposes. This is important for zero trust mode and others.
+  ports:
+    # -- The http port this component uses (if any). In zero trust mode, this will be disabled.
+    # @internal -- this is a constant value of the component and should not be changed.
+    http:
+    # -- The tls / https port, this component uses (if any)
+    # @internal -- this is a constant value of the component and should not be changed.
+    https:
+    # -- A potential tcp port, this component uses (if any)
+    # @internal -- this is a constant value of the component and should not be changed.
+    tcp:
+    # -- A potential tls / tcps port, this component uses (if any)
+    # @internal -- this is a constant value of the component and should not be changed.
+    tcps:
+    # -- A potential rmi port, this component uses (if any)
+    # @internal -- this is a constant value of the component and should not be changed.
+    rmi:
+  # -- sets tenant information to be able to invoice per use in a cloud environment
+  tenant:
+  # -- sets provider (partner, reseller) information to be able to invoice per use in a cloud environment
+  provider:
+  # -- Sets the wave in which this component should be deployed within an ArgoCD deployment
+  # if unset, it uses the default wave thus all components are installed in one wave, then relying
+  # on correct wait settings just like in a helm installation
+  wave:
+  # -- Sets the language of the main service (in the *service* container). This is used for instance
+  # if you turn OpenTelemetry on, to know which Agent to inject into the container.
+  language:
+  # -- The container name of the main service for this component. This is used to define where to
+  # inject the telemetry agents, if any
+  serviceContainer:
+  # -- A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment
+  # runs in. This can be used in template functions to add the stage to for instance the service name of
+  # telemetry services like open telemetry. (see telemetry example)
+  stage:
+  # -- This is the version of the component, used for display
+  # @internal -- set by devOps pipeline, so do not modify
+  componentVersion:
+mounts:
+  # -- The conf volume is a RWX volume mounted by the environment, that holds
+  # all configurations of all instances and components in this environment
+  conf:
+    # -- Sets the path to the conf files
+    # @internal -- do not change this value
+    path: "/application"
+    # -- Sets a list of paths to the conf files
+    # @internal -- do not change this value
+    paths:
+  pool:
+    # -- Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted.
+    # this is used to store scripts, apps and assets that are required to deploy an application / solution
+    # @internal -- do not change this value
+    path: "/pool"
+  # -- The temp volume is used to hold any superflues and temporary data.
+  # it is deleted when the pod terminates. However, it is extremely important
+  # as all pods filesystems are read only
+  temp:
+    # -- Sets the path to the temporary files
+    # @internal -- do not change this value
+    path: "/tmp"
+    # -- Sets a list of paths to the temporary files
+    # @internal -- do not change this value
+    paths:
+    # -- Sets the size of the temporary disk (all paths)
+    size:
+  # -- The log volume is used to take any left-over logging in the container.
+  # The container should log to stdout, but if any component still tries to log to disk
+  # this disk needs to be writeable
+  logs:
+    # -- Sets the path to the log files
+    # @internal -- do not change this value
+    path:
+    # -- Sets a list of paths to the log files
+    # @internal -- do not change this value
+    paths:
+    # -- Sets the size of the log disk (all paths)
+    size:
+  # -- some nscale Components require a license file and this
+  # defines it's location
+  license:
+    # -- Sets the path to the license files
+    # @internal -- do not change this value
+    path:
+  # -- If you want to use additional
+  # fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the
+  # fonts directory from the environment pool
+  fonts:
+    # -- Sets the path to the fonts folder.
+    # @internal -- do not change this value
+    path:
+  # -- You can add a file with trusted Root Certificates (e.g. Azure), to be able to
+  # connect to alien services via https. If you have a self-signed root certificate,
+  # you can also add it here.
+  caCerts:
+    # -- Sets the path to the certs folder.
+    # @internal -- do not change this value
+    paths:
+    # -- Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting
+    secret:
+    # -- Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting
+    configMap:
+  # -- the java based nscale components have their own certificates, that you might want to upload.
+  # You can normally do so via the environment configuration, but should you want to use a secret,
+  # you can set it here
+  componentCerts:
+    # -- Sets the path to the component certs.
+    # @internal -- do not change this value
+    paths:
+    # -- Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting
+    secret:
+    # -- Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting
+    configMap:
+  data:
+    # -- Sets the size of the data disk
+    size:
+    # -- Sets the class of the data disk
+    class:
+    # -- Sets the path to the data files
+    # @internal -- do not change this value
+    path:
+    # -- Sets a list of paths to the data files
+    # @internal -- do not change this value
+    paths:
+    # -- If you do not want to have a Volume created by the provisioner,
+    # you can set the name of your volume here to attach to this pre-existing one
+    volumeName:
+  file:
+    # -- Sets the size of the shared disk
+    size:
+    # -- Sets the class of the shared disk
+    class:
+    # -- Sets the path to the shared files
+    # @internal -- do not change this value
+    path:
+    # -- Sets a list of paths to the shared files
+    # @internal -- do not change this value
+    paths:
+    # -- If you do not want to have a Volume created by the provisioner,
+    # you can set the name of your volume here to attach to this pre-existing one
+    volumeName:
+  # -- The temp volume is used to hold any superflues and temporary data.
+  # it is deleted when the pod terminates. However, it is extremely important
+  # as all pods filesystems are read only
+  ptemp:
+    # -- Sets the path for temporary files that are persisted
+    # @internal -- do not change this value
+    path:
+    # -- Sets a list of paths for temporary files that are persisted
+    # @internal -- do not change this value
+    paths:
+  # -- Allows to define generic mounts of pre-provisioned PVs into any container.
+  # This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.
+  generic:
+  disk:
+    # -- Sets the size of the disk
+    size:
+    # -- Sets the class of the disk
+    class:
+    # -- Sets the path to the disk files
+    # @internal -- do not change this value
+    path:
+    # -- Sets a list of paths to the data files
+    # @internal -- do not change this value
+    paths:
+    # -- If you do not want to have a Volume created by the provisioner,
+    # you can set the name of your volume here to attach to this pre-existing one
+    volumeName:
+    # -- enables the use of the second data disk. If enabled, all paths defined will end up on this disk.
+    # In case of the (default) disabled, the paths will be added to the primaty data disk.
+    enabled: false
+    # -- Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk.
+    # This is done only once and only if there is legacy data at all. No files are overwritten!
+    migration: false
+# -- The nscale Application Layer, this component should talk to
+nappl:
+  # -- nappl host name
+  host:
+  # -- nappl port (http 8080 or https 8443)
+  port:
+  # -- sets the Advanced Connect to tls
+  ssl:
+  # -- instance of the Application Layer, likely `instance1`
+  instance:
+  # -- The technical account to login with
+  account:
+  # -- The domain of the technical account
+  domain:
+  # -- The password of the technical accunt (if not set by secret)
+  password:
+  # -- An optional secret that holds the credentials (the keys must be `account` and `password`)
+  secret:
+nstl:
+  # -- The dns of the *nscale Server Storage Layer*. This is used to add it to the nappl configuration
+  host:
+rs:
+  # -- The dns of the *nscale rendition Server*. This is used to add it to the nappl configuration
+  host:
+# -- provide the image to be used for this component
+image:
+  # -- you can provide your own pullSecrets, in case you use
+  # a private repo.
+  pullSecrets:
+    - nscale-cr
+    - nplus-cr
+  # -- the name of the image to use
+  name: application-layer
+  # -- the tag of the image to use
+  tag: latest
+  # -- if you use a private repo, feel free to set it here
+  repo: ceyoniq.azurecr.io/release/nscale
+# -- Security Section defining default runtime environment for your container
+security:
+  podSecurityContext:
+    # -- The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context
+    # for security
+    # @internal -- there is normally no need to change this
+    runAsUser: 1001
+    # -- The file system group as which new files are created
+    # @internal -- there is normally no need to change this
+    fsGroup: 1001
+    # -- Under which condition should the fsGroup be changed
+    # @internal -- there is normally no need to change this
+    fsGroupChangePolicy: OnRootMismatch
+  containerSecurityContext:
+    # -- sets the container root file system to read only. This should be the case in production environment
+    # @internal -- you should not change this
+    readOnlyRootFilesystem: true
+    # -- Some functionality may need the possibility to allow privilege escalation. This should be very restrictive
+    # @internal -- you should not change this
+    allowPrivilegeEscalation: false
+    # -- Capabilities this container should have. Only allow the necessity, and drop as many as possible
+    # @internal -- you should not change this
+    capabilities:
+      drop:
+        - ALL
+  # -- turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes
+  # @default -- `false`
+  zeroTrust:
+# -- Assigns hardware resources to container
+resources:
+  # -- Requests are used to assign a minimum to a container. This is the guaranteed amount
+  requests:
+    # -- Set the share of guaranteed CPU to the container.
+    cpu:
+    # -- Set the share of guaranteed RAM to the container
+    memory:
+  # -- Limits the maximum resources
+  limits:
+    # -- The maximum allowed CPU for the container
+    cpu:
+    # -- The maximum allowed RAM for the container
+    memory:
+# -- set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl)
+# etc.
+# @default -- `Europe/Berlin`
+timezone:
+# -- Set tolerations for this component
+tolerations:
+# -- select specific nodes for this component
+nodeSelector:
+# -- Sets the name of a secret, which holds additional environment variables for
+# the configuration. It is added as envFrom secretRef to the container.
+envSecret:
+# -- Sets the name of a configMap, which holds additional environment variables for
+# the configuration. It is added as envFrom configMap to the container.
+envMap:
+# -- Sets additional environment variables for
+# the configuration.
+env:
+# -- This overrides the output of the internal name function
+nameOverride:
+# -- This overrides the output of the internal fullname function
+fullnameOverride:
+# -- A list of scripts to run after the deployment of Apps
+run:
+# -- A list of scripts to run before the deployment of Apps
+prerun:
+# -- A list of URLs (Links) to Assets to download before anything else
+# if the download is a .tar.gz, it is automatically untared to /pool/downloads
+download:
+# -- Provide a list of docareas to create. Please also see the example files
+docAreas:
+utils:
+  # -- Turn debugging *on* will give you stack trace etc. 
+  # Please check out the Chart Developer Guide
+  # @default -- `false`
+  debug:
+  # -- You can turn Comment rendering *on* to get descriptive information inside the manifests. It
+  # will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD
+  # @default -- `true`
+  renderComments:
+  # -- By default, the namespace is rendered into the manifest. However, if you want to use
+  # `helm template` and store manifests for later applying them to multiple namespaces, you might
+  # want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later
+  # @default -- `true`
+  includeNamespace:
+  # -- in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the
+  # pods will start in idle, not starting the service at all. This will allow you to gain access to the container
+  # to perform recovery and maintenance tasks while having the real container up.
+  # @default -- `false`
+  maintenance:
+  # -- If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components
+  # of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components
+  # while previous waves are not finished yet.
+  # @default -- `false`
+  disableWave:
+  # -- in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are
+  # only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might
+  # start components even if they are not intended to run yet.
+  # @default -- `false`
+  disableWait:
+# -- Defines a list of conditions that need to be met before this components starts.
+# The condition must be a network port that opens, when the master component is ready.
+# Mostly, this will be a service, since a component is only added to a service if the 
+# probes succeed.
+waitFor:
+# -- if you set minReplicaCountType, a podDesruptionBudget will be created with this value as
+# minAvailable, using the component type as selector. This is useful for components, that are spread
+# across multiple replicaSets, like sharepoint or storage layer
+minReplicaCountType:
+# -- Settings for telemetry tools
+telemetry:
+  # -- turns Open Telemetry on
+  openTelemetry:
+  # -- Sets the service name for the telemetry service to more convenient
+  # identify the displayed component
+  # Example: "{{ .this.meta.type }}-{{ .instance.name }}"
+  serviceName:
+# -- Sets the terminationGracePeriodSeconds for the component
+# If not set, it uses the Kubernetes defaults
+terminationGracePeriodSeconds:

charts/cluster/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: nplus-cluster
+description: Installs Cluster-Wide Resources such as CRDs
+icon: data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPHN2ZyB2ZXJzaW9uPSIxLjEiIGlkPSJFYmVuZV8xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB4PSIwcHgiIHk9IjBweCIKCSB2aWV3Qm94PSIwIDAgNTEuMDI0IDUxLjAyNCIgZW5hYmxlLWJhY2tncm91bmQ9Im5ldyAwIDAgNTEuMDI0IDUxLjAyNCIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+CjxnPgoJPHBvbHlnb24gZmlsbD0iI0E0QkZFNCIgcG9pbnRzPSIzMi4zMjIsMTkuNzQ0IDIwLjY0OSwxOS43NDQgMTguNTkxLDMxLjQxNyAzMC4yNjQsMzEuNDE3IAkiLz4KCTxwb2x5Z29uIGZpbGw9IiNBNEJGRTQiIHBvaW50cz0iNDcuMTg1LDE5Ljc0NCAzNS41MTIsMTkuNzQ0IDMzLjQ1NCwzMS40MTcgNDUuMTI2LDMxLjQxNyAJIi8+Cgk8cG9seWdvbiBmaWxsPSIjQTRCRkU0IiBwb2ludHM9IjI5Ljc2NiwzNC41NTEgMTguMDk0LDM0LjU1MSAxNi4wMzUsNDYuMjI0IDI3LjcwOCw0Ni4yMjQgCSIvPgoJPHBvbHlnb24gZmlsbD0iI0E0QkZFNCIgcG9pbnRzPSIxNy41NywxOS43NDQgNS44OTcsMTkuNzQ0IDMuODM5LDMxLjQxNyAxNS41MTIsMzEuNDE3IAkiLz4KCTxwb2x5Z29uIGZpbGw9IiNBNEJGRTQiIHBvaW50cz0iMzUuMTUsNC43OTkgMjMuNDc3LDQuNzk5IDIxLjQxOSwxNi40NzIgMzMuMDkyLDE2LjQ3MiAJIi8+Cjwvc3ZnPgo=
+type: application
+version: 1.0.0

charts/cluster/README.md

@@ -0,0 +1,6 @@
+
+
+# nplus-cluster
+
+Installs Cluster-Wide Resources such as CRDs
+

charts/cluster/templates/controller-rbac.tpl

@@ -0,0 +1,81 @@
+{{/*
+
+#
+# Dieses ist erstmal ausgeschaltet, vielleicht brauchen wir das mal in einer späteren Version
+#
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: nplus-role-argo
+  annotations:
+    {{- include "nplus.argoSharedResource" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+
+rules:
+  - apiGroups: ["argoproj.io"]
+    resources: ["applications"]
+    verbs: ["create", "get", "update", "patch", "delete", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: nplus-role-binding-argo
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoSharedResource" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: nplus-role-argo
+subjects:
+- kind: ServiceAccount
+  name: nplus-svc-account
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: nplus-argo-role
+  namespace: argocd
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoSharedResource" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps", "application","applicationset"]
+    verbs: ["create", "get", "update", "patch", "delete", "list", "watch"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: nplus-argo-role-binding
+  namespace: argocd
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoSharedResource" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: nplus-argo-role
+subjects:
+- kind: ServiceAccount
+  name: nplus-svc-account
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+
+*/}}

charts/cluster/templates/crd-application.tpl

@@ -0,0 +1,54 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: applications.nplus.cloud
+spec:
+  group: nplus.cloud
+  scope: Namespaced
+  names:
+    kind: Application
+    singular: application
+    plural: applications
+    categories:
+    - nplus
+    - nscale
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+      - name: Environment
+        type: string
+        jsonPath: .metadata.labels.nplus/environment
+        priority: 1
+      - name: Instance
+        type: string
+        jsonPath: .metadata.labels.nplus/instance
+      - name: Application
+        type: string
+        jsonPath: .metadata.labels.nplus/component
+      - name: Version
+        type: string
+        jsonPath: .metadata.annotations.nplus/componentVersion
+      - name: Status
+        type: string
+        jsonPath: .status.message
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            type: object
+            properties:
+              message:
+                description: Health human readable
+                type: string
+              id:
+                description: Health status id
+                type: integer
+              updateTimestamp:
+                description: Timestamp of last Health Change
+                type: string

charts/cluster/templates/crd-component.tpl

@@ -0,0 +1,57 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: components.nplus.cloud
+spec:
+  group: nplus.cloud
+  scope: Namespaced
+  names:
+    kind: Component
+    singular: component
+    plural: components
+    categories:
+    - nplus
+    - nscale
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+      - name: Environment
+        type: string
+        jsonPath: .metadata.labels.nplus/environment
+        priority: 1
+      - name: Instance
+        type: string
+        jsonPath: .metadata.labels.nplus/instance
+      - name: Component
+        type: string
+        jsonPath: .metadata.labels.nplus/component
+      - name: Type
+        type: string
+        jsonPath: .metadata.labels.nplus/type
+      - name: Version
+        type: string
+        jsonPath: .metadata.annotations.nplus/componentVersion
+      - name: Status
+        type: string
+        jsonPath: .status.message
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            type: object
+            properties:
+              message:
+                description: Health human readable
+                type: string
+              id:
+                description: Health status id
+                type: integer
+              updateTimestamp:
+                description: Timestamp of last Health Change
+                type: string

charts/cluster/templates/crd-instance.tpl

@@ -0,0 +1,92 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: instances.nplus.cloud
+spec:
+  group: nplus.cloud
+  scope: Namespaced
+  names:
+    kind: Instance
+    singular: instance
+    plural: instances
+    categories:
+    - nplus
+    - nscale
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+      - name: Handler
+        type: string
+        jsonPath: .spec.handler
+      - name: Version
+        type: string
+        jsonPath: .spec.nscaleVersion
+      - name: Tenant
+        type: string
+        jsonPath: .spec.tenant
+      - name: Provider
+        type: string
+        jsonPath: .spec.provider
+        priority: 1
+      - name: Status
+        type: string
+        jsonPath: .status.message
+      - name: Components
+        type: string
+        jsonPath: .spec.components
+        priority: 2
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            type: object
+            # x-kubernetes-preserve-unknown-fields: true
+            properties:
+              nscaleVersion:
+                type: string
+              components:
+                type: string
+              handler:
+                type: string
+              tenant:
+                type: string
+              provider:
+                type: string
+              url:
+                type: string
+              expected:
+                type: array
+                items:
+                  type: object
+                  properties:
+                    component:
+                      type: string
+                    replicaCount:
+                      type: integer
+                  required:
+                  - component
+                  - replicaCount
+          status:
+            type: object
+            properties:
+              usage:
+                type: object
+                properties:
+                  volume:
+                    type: integer
+                  accounts:
+                    type: integer
+                  documents:
+                    type: integer
+              message:
+                description: Health human readable
+                type: string
+              id:
+                description: Health status id
+                type: integer
+              updateTimestamp:
+                description: Timestamp of last Health Change
+                type: string

charts/cluster/values.schema.json

@@ -0,0 +1,12 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "additionalProperties": false,
+  "properties": {
+    "global": {
+      "description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
+      "title": "global",
+      "type": "object"
+    }
+  },
+  "type": "object"
+}

charts/cluster/values.yaml

@@ -0,0 +1,2 @@
+# yaml-language-server: $schema=values.schema.json
+{}

charts/cmis/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: nplus-component-cmis
+description: nscale CMIS Connector, provides a CMIS Interface to the Instance
+icon: data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPHN2ZyB2ZXJzaW9uPSIxLjEiIGlkPSJFYmVuZV8xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB4PSIwcHgiIHk9IjBweCIKCSB2aWV3Qm94PSIwIDAgNTEuMDI0IDUxLjAyNCIgZW5hYmxlLWJhY2tncm91bmQ9Im5ldyAwIDAgNTEuMDI0IDUxLjAyNCIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+CjxnPgoJPHBvbHlnb24gZmlsbD0iI0E0QkZFNCIgcG9pbnRzPSIzMi4zMjIsMTkuNzQ0IDIwLjY0OSwxOS43NDQgMTguNTkxLDMxLjQxNyAzMC4yNjQsMzEuNDE3IAkiLz4KCTxwb2x5Z29uIGZpbGw9IiNBNEJGRTQiIHBvaW50cz0iNDcuMTg1LDE5Ljc0NCAzNS41MTIsMTkuNzQ0IDMzLjQ1NCwzMS40MTcgNDUuMTI2LDMxLjQxNyAJIi8+Cgk8cG9seWdvbiBmaWxsPSIjQTRCRkU0IiBwb2ludHM9IjI5Ljc2NiwzNC41NTEgMTguMDk0LDM0LjU1MSAxNi4wMzUsNDYuMjI0IDI3LjcwOCw0Ni4yMjQgCSIvPgoJPHBvbHlnb24gZmlsbD0iI0E0QkZFNCIgcG9pbnRzPSIxNy41NywxOS43NDQgNS44OTcsMTkuNzQ0IDMuODM5LDMxLjQxNyAxNS41MTIsMzEuNDE3IAkiLz4KCTxwb2x5Z29uIGZpbGw9IiNBNEJGRTQiIHBvaW50cz0iMzUuMTUsNC43OTkgMjMuNDc3LDQuNzk5IDIxLjQxOSwxNi40NzIgMzMuMDkyLDE2LjQ3MiAJIi8+Cjwvc3ZnPgo=
+type: application
+dependencies:
+  - name: nplus-globals
+    alias: globals
+    version: "*-0"
+    repository: "file://../globals"
+version: 1.0.0

charts/cmis/README.md

@@ -0,0 +1,179 @@
+
+
+# nplus-component-cmis
+
+nscale CMIS Connector, provides a CMIS Interface to the Instance
+
+## nplus-component-cmis Chart Configuration
+
+You can customize / configure nplus-component-cmis by setting configuration values on the command line or in values files,
+that you can pass to helm. Please see the samples directory for details.
+
+In case there is no value set, the key will not be used in the manifest, resulting in values taken from the config files of the component.
+
+### Template Functions
+
+You can use template functions in the values files. If you do so, make sure you quote correctly (single quotes, if you have double quotes in the template,
+or escaped quotes).
+
+### Global Values
+
+All values can be set per component, per instance or globally per environment.
+
+Example: `global.ingress.domain` sets the domain on instance level. You can still set a different domain on a component, such as administrator.
+In that case, simply set `ingress.domain` for the administrator chart and that setting will have priority:
+
+- Prio 1 - Component Level: `ingress.domain`
+- Prio 2 - Instance Level: `global.ingress.domain`
+- Prio 3 - Environment Level: `global.environment.ingress.domain`
+
+### Using Values in Templates
+
+As it would be a lot of typing to write `.Values.ingress.domain | default .Values.global.ingress.domain | default .Values.global.environment.ingress.domain`in your
+template code, this is automatically done by nplus. You can simply type `.this.ingress.domain` and you will get a condensed and defaulted version
+of your Values.
+
+So an example in your `values.yaml` would be:
+
+```
+administrator:
+  waitFor:
+    - '-service {{ .component.prefix }}nappljobs.{{ .Release.Namespace }}.svc.cluster.local:\{{ .this.nappl.port }} -timeout 600'
+```
+
+This example shows `.this.nappl.port` which might come from a component, instance or global setting. You do not need to care.
+The `.Release.Namespace` is set by helm. You have access to all Release and Chart Metadata, just like in your chart code.
+
+The `.component.prefix` is calculated by nplus and gives you some handy shortcuts to internal variables:
+
+- `.component.chartName` 
+  The name of the chart as in `.Chart.Name`, but with override by `.Values.nameOverride`
+- `.component.shortChartName` 
+  A shorter Version of the name - `nappl` instead of `nplus-component-nappl`
+- `.component.prefix` 
+  The instance Prefix used to name the resources including `-`. This prefix is dropped, if the
+  `.Release.Name` equals `.Release.Namespace` for those of you that only
+  run one nplus Instance per namespace
+- `.component.name` 
+  The name of the component, including `.Values.nameOverride` and some logic
+- `.component.fullName` 
+  The fullName inlcuding `.Values.fullnameOverride` and some logic
+- `.component.chart` 
+  Mainly the `Chart.Name` and `Chart.Version`
+- `.component.storagePath` 
+  The path where the component config is stored in the conf PVC
+- `.component.handler` 
+  The handler (either helm, argoCD or manual)
+
+- `.instance.name` 
+  The name of the instance, but with override by `.Values.instanceOverride`
+- `.instance.group` 
+  The group, this instance belongs to. Override by `.Values.groupOverride`
+- `.instance.version` 
+  The *nscale* version (mostly taken from Application Layer), this instance is deploying.
+
+- `.environment.name` 
+  The name of the environment, but with override by `.Values.environmentNameOverride`
+
+### Keys
+
+You can set any of the following values for this component:
+
+| Key | Description | Default |
+|-----|-------------|---------|
+env | Sets additional environment variables for the configuration. |   |
+envMap | Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container. |   |
+envSecret | Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container. |   |
+fullnameOverride | This overrides the output of the internal fullname function |   |
+**image**​.name | the name of the image to use |  `"cmis-connector"` |
+**image**​.pullSecrets | you can provide your own pullSecrets, in case you use a private repo. |  `["nscale-cr", "nplus-cr"]` |
+**image**​.repo | if you use a private repo, feel free to set it here |  `"ceyoniq.azurecr.io/release/nscale"` |
+**image**​.tag | the tag of the image to use |  `"latest"` |
+**ingress**​.annotations | Adds extra Annotations to the ingress |   |
+**ingress**&#8203;.backendProtocol | Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically. |  `http` <br> `https` in zero trust mode |
+**ingress**&#8203;.class | The ingressclass to use for this ingress. Most likely, this is provided globally by the  instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one |  `public` |
+**ingress**&#8203;.contextPath | The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts. |  `"/cmis"` |
+**ingress**&#8203;.cookie | on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web |   |
+**ingress**&#8203;.deny | deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client. |   |
+**ingress**&#8203;.domain | Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here |   |
+**ingress**&#8203;.enabled | You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not. |  `true` |
+**ingress**&#8203;.namespace | Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list |  "ingress,  kube-system,  ingress-nginx" |
+**ingress**&#8203;.proxyReadTimeout | Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set. |   |
+**ingress**&#8203;.secret | Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance |  `{{ .this.ingress.domain }}-tls` |
+**ingress**&#8203;.whitelist | optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers |   |
+**javaOpts**&#8203;.javaMaxMem | set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed |   |
+**javaOpts**&#8203;.javaMaxRamPercentage | set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any. |   |
+**javaOpts**&#8203;.javaMinMem | set the minimum memory, java will consume |   |
+**javaOpts**&#8203;.javaMisc | Any misc Java Options that need to be passed to the container |   |
+**meta**&#8203;.language | Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container. |  `"java"` |
+**meta**&#8203;.ports&#8203;.http | The http port this component uses (if any). In zero trust mode, this will be disabled. <br>this is a constant value of the component and should not be changed. | **info only**, do not change<br> `8096` |
+**meta**&#8203;.ports&#8203;.https | The tls / https port, this component uses (if any) <br>this is a constant value of the component and should not be changed. | **info only**, do not change<br> `8196` |
+**meta**&#8203;.provider | sets provider (partner, reseller) information to be able to invoice per use in a cloud environment |   |
+**meta**&#8203;.serviceContainer | The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any |  `"cmis-connector"` |
+**meta**&#8203;.stage | A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example) |   |
+**meta**&#8203;.tenant | sets tenant information to be able to invoice per use in a cloud environment |   |
+**meta**&#8203;.type | the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service. |  `"cmis"` |
+**meta**&#8203;.wave | Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation |   |
+minReplicaCount | if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas. |   |
+minReplicaCountType | if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer |   |
+**mounts**&#8203;.caCerts&#8203;.configMap | Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting |   |
+**mounts**&#8203;.caCerts&#8203;.secret | Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting |   |
+**mounts**&#8203;.componentCerts&#8203;.configMap | Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting |   |
+**mounts**&#8203;.componentCerts&#8203;.secret | Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting |   |
+**mounts**&#8203;.conf&#8203;.path | Sets the path to the conf files <br>do not change this value | **info only**, do not change<br> `"/opt/ceyoniq/nscale-cmis-connector/conf"` |
+**mounts**&#8203;.data&#8203;.class | Sets the class of the data disk |   |
+**mounts**&#8203;.data&#8203;.size | Sets the size of the data disk |   |
+**mounts**&#8203;.data&#8203;.volumeName | If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one |   |
+**mounts**&#8203;.disk&#8203;.class | Sets the class of the disk |   |
+**mounts**&#8203;.disk&#8203;.enabled | enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk. |  `false` |
+**mounts**&#8203;.disk&#8203;.migration | Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten! |  `false` |
+**mounts**&#8203;.disk&#8203;.size | Sets the size of the disk |   |
+**mounts**&#8203;.disk&#8203;.volumeName | If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one |   |
+**mounts**&#8203;.file&#8203;.class | Sets the class of the shared disk |   |
+**mounts**&#8203;.file&#8203;.size | Sets the size of the shared disk |   |
+**mounts**&#8203;.file&#8203;.volumeName | If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one |   |
+**mounts**&#8203;.generic | Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container. |   |
+**mounts**&#8203;.logs&#8203;.path | Sets the path to the log files <br>do not change this value | **info only**, do not change<br> `"/opt/ceyoniq/nscale-cmis-connector/logs"` |
+**mounts**&#8203;.logs&#8203;.size | Sets the size of the log disk (all paths) |  `"1Gi"` |
+**mounts**&#8203;.temp&#8203;.path | Sets the path to the temporary files <br>do not change this value | **info only**, do not change<br> `"/opt/ceyoniq/nscale-cmis-connector/temp"` |
+**mounts**&#8203;.temp&#8203;.size | Sets the size of the temporary disk (all paths) |  `"1Gi"` |
+nameOverride | This overrides the output of the internal name function |   |
+**nappl**&#8203;.account | The technical account to login with |   |
+**nappl**&#8203;.domain | The domain of the technical account |   |
+**nappl**&#8203;.host | nappl host name |   |
+**nappl**&#8203;.instance | instance of the Application Layer, likely `instance1` |   |
+**nappl**&#8203;.password | The password of the technical accunt (if not set by secret) |   |
+**nappl**&#8203;.port | nappl port (http 8080 or https 8443) |   |
+**nappl**&#8203;.secret | An optional secret that holds the credentials (the keys must be `account` and `password`) |   |
+**nappl**&#8203;.ssl | sets the Advanced Connect to tls |   |
+nodeSelector | select specific nodes for this component |   |
+replicaCount | Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1. |  `1` |
+**resources**&#8203;.limits&#8203;.cpu | The maximum allowed CPU for the container |   |
+**resources**&#8203;.limits&#8203;.memory | The maximum allowed RAM for the container |   |
+**resources**&#8203;.requests&#8203;.cpu | Set the share of guaranteed CPU to the container. |   |
+**resources**&#8203;.requests&#8203;.memory | Set the share of guaranteed RAM to the container |   |
+**security**&#8203;.containerSecurityContext&#8203;.allowPrivilegeEscalation | Some functionality may need the possibility to allow privilege escalation. This should be very restrictive <br>you should not change this | **info only**, do not change<br> `false` |
+**security**&#8203;.containerSecurityContext&#8203;.readOnlyRootFilesystem | sets the container root file system to read only. This should be the case in production environment <br>you should not change this | **info only**, do not change<br> `true` |
+**security**&#8203;.podSecurityContext&#8203;.fsGroup | The file system group as which new files are created <br>there is normally no need to change this | **info only**, do not change<br> `1001` |
+**security**&#8203;.podSecurityContext&#8203;.fsGroupChangePolicy | Under which condition should the fsGroup be changed <br>there is normally no need to change this | **info only**, do not change<br> `"OnRootMismatch"` |
+**security**&#8203;.podSecurityContext&#8203;.runAsUser | The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security <br>there is normally no need to change this | **info only**, do not change<br> `1001` |
+**security**&#8203;.zeroTrust | turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes |  `false` |
+**service**&#8203;.annotations | adds extra Annotations to the service |   |
+**service**&#8203;.enabled | enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress. |  `true` |
+**service**&#8203;.selector | The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type |  `"component"` |
+**telemetry**&#8203;.openTelemetry | turns Open Telemetry on |   |
+**telemetry**&#8203;.serviceName | Sets the service name for the telemetry service to more convenient identify the displayed component Example: "{{ .this.meta.type }}-{{ .instance.name }}" |   |
+**template**&#8203;.annotations | set additional annotations for pods |   |
+**template**&#8203;.labels | set additional labels for pods |   |
+terminationGracePeriodSeconds | Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults |   |
+timezone | set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc. |  `Europe/Berlin` |
+tolerations | Set tolerations for this component |   |
+updateStrategy | the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures. |   |
+**utils**&#8203;.debug | Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide |  `false` |
+**utils**&#8203;.disableWait | in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet. |  `false` |
+**utils**&#8203;.disableWave | If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet. |  `false` |
+**utils**&#8203;.includeNamespace | By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later |  `true` |
+**utils**&#8203;.maintenance | in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up. |  `false` |
+**utils**&#8203;.renderComments | You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD |  `true` |
+waitFor | Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed. |   |
+

charts/cmis/templates/component.tpl

@@ -0,0 +1,2 @@
+{{- include "nplus.init" $ -}}
+{{- include "nplus.component" . -}}

charts/cmis/templates/deployment.tpl

@@ -0,0 +1,100 @@
+{{- include "nplus.init" $ -}}
+# Component: {{ .component.chartName }}
+# will connect to:
+{{- if (.this.nappl).host }}
+#   nappl: {{ if ($.this.nappl).ssl -}}https{{- else -}}http{{- end -}}://{{ ($.this.nappl).host }}:{{ (.this.nappl).port }}/{{ (.this.nappl).instance }}
+{{- else }}
+#   defined by config file in conf PV.
+{{- end }}
+#
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .component.fullName }}
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoWave" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+    {{- include "nplus.securityAnnotations" . | nindent 4 }}
+
+spec:
+  selector:
+    matchLabels:
+      {{- include "nplus.selectorLabels" . | nindent 6 }}
+  replicas: {{ .Values.replicaCount }}
+  strategy:
+    type: RollingUpdate
+
+  template:
+    metadata:
+      labels:
+        {{- include "nplus.templateLabels" . | nindent 8 }}
+      annotations:
+        {{- include "nplus.templateAnnotations" . | nindent 8 }}
+        {{- include "nplus.securityAnnotations" . | nindent 8 }}
+    spec:
+      {{- include "nplus.templateAffinity" . | nindent 6 }}
+      {{- include "nplus.imagePullSecrets" . | nindent 6 }}
+      {{- include "nplus.securityIllumioReadinessGates" . | nindent 6 }}
+      {{- include "nplus.podSecurityContext" . | nindent 6 }}
+      {{- include "nplus.terminationGracePeriodSeconds" . | nindent 6 }}
+
+      initContainers:
+      {{- include "nplus.waitFor" . | nindent 6 }}
+      {{- include "nplus.copyConfig" . | nindent 6 }}
+
+      containers:
+      - name: cmis-connector
+        image: {{ include "nplus.image"  (dict "global" .Values.global "image" .Values.image) }}
+        imagePullPolicy: {{ include "nplus.imagePullPolicy" .Values.image }}
+        {{- include "nplus.containerSecurityContext" . | nindent 8 }}
+        env:
+        # -- NAPPL Connection Settings
+          {{- include "nplus.env" (dict 
+            "CMIS_AL_HOST"         ($.this.nappl).host
+            "CMIS_AL_PORT"         ($.this.nappl).port
+            "CMIS_AL_INSTANCE"     ($.this.nappl).instance
+            "CMIS_AL_SSL"          ($.this.nappl).ssl
+          ) | nindent 10 }}
+
+        {{- include "nplus.environment" . | nindent 8 }}
+
+        {{- if .this.utils.maintenance }}
+          {{- include "nplus.idle" . | nindent 8 }}
+        {{- else }}
+        startupProbe:
+          tcpSocket:
+            port: {{ include "nplus.backendPort" . }}
+          initialDelaySeconds: 10
+          failureThreshold: 12
+          periodSeconds: 10
+          timeoutSeconds: 5
+        # -- Ceyoniq does currently not define an *official* livenessProbe, so we use
+        # one that quickly checks the main socket on Layer 4.
+        livenessProbe:
+          tcpSocket:
+            port: {{ include "nplus.backendPort" . }}
+          periodSeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /cmis/
+            port: {{ include "nplus.backendPort" . }}
+            scheme: {{ include "nplus.backendProtocol" . | upper }}
+          periodSeconds: 10
+        {{- end }}
+
+        ports:
+        {{- include "nplus.defaultContainerPorts" . | nindent 8 }}
+
+        {{- include "nplus.resources" . | nindent 8 }}
+
+        volumeMounts:
+        {{- include "nplus.defaultMounts" . | nindent 8 }}
+
+      volumes:
+      {{- include "nplus.defaultVolumes" . | nindent 6 }}
+

charts/cmis/templates/ingress.tpl

@@ -0,0 +1,16 @@
+{{- include "nplus.init" $ -}}
+{{- if ( include "nplus.ingressEnabled" . ) }}
+{{- include "nplus.ingress" (list . .component.fullName) | nindent 0 }}
+      - path: {{ .Values.ingress.contextPath }}
+        pathType: Prefix
+        backend:
+          service:
+            name: {{ .component.fullName }}
+            port: 
+              name: {{ include "nplus.backendProtocol" . }}
+{{- else }}
+# kind: ingress
+# Not Generating any Ingress for {{ .component.fullName }} as
+# Ingress = {{ .this.ingress }}
+# Service = {{ .this.service }}
+{{- end }}

charts/cmis/templates/networkpolicy.tpl

@@ -0,0 +1,35 @@
+{{- include "nplus.init" $ -}}
+{{- if ((.this.security).cni).createNetworkPolicy }}
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: {{ .component.fullName }}
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoWave" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+    {{- include "nplus.securityAnnotations" . | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+    {{- include "nplus.selectorLabels" . | nindent 6 }}
+  policyTypes:
+  - Ingress
+  - Egress
+  ingress:
+  {{- if ( include "nplus.ingressEnabled" . ) }}
+  {{- include "nplus.networkpolicy.allowFromIngress" . | nindent 2 }}
+  {{- end }}
+
+
+  {{- include "nplus.networkpolicy.allowFromAdmin" . | nindent 2 }}
+
+  {{- include "nplus.networkpolicy.allowFromMon" . | nindent 2 }}
+
+  egress:
+  {{- include "nplus.networkpolicy.allowToNappl" . | nindent 2 }}
+{{- end }}

charts/cmis/templates/pdb.tpl

@@ -0,0 +1,2 @@
+{{- include "nplus.init" $ -}}
+{{- include "nplus.podDisruptionBudget" . -}}

charts/cmis/templates/pvc.tpl

@@ -0,0 +1,2 @@
+{{- include "nplus.init" $ -}}
+{{- include "nplus.pvc" . }}

charts/cmis/templates/service.tpl

@@ -0,0 +1,33 @@
+{{- include "nplus.init" $ -}}
+apiVersion: v1
+kind: Service
+metadata:
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  name: {{ .component.fullName }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoWave" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+    {{- include "nplus.securityAnnotations" . | nindent 4 }}
+    {{- include "nplus.serviceAnnotations" . | nindent 4 }}
+spec:
+
+  # this is a "headless service", no cluster IP is defined
+  # as none of the internal components need to access this service,
+  # access is purely through an ingress if desired.
+  type: ClusterIP
+  clusterIP: None
+  ports:
+    {{- include "nplus.defaultServicePorts" . | nindent 4 }}
+  selector:
+  {{- if eq .this.service.selector "component" }}
+    {{- include "nplus.selectorLabels" . | nindent 4 }}
+  {{- else if eq .this.service.selector "type" }}
+    {{- include "nplus.selectorLabelsNc" . | nindent 4 }}
+  {{- else }}
+    {{- fail (printf "Unknown Service Selector Type: %s - must be component or type" .this.service.selector) }}
+  {{- end }}
+

charts/cmis/values.schema.json

@@ -0,0 +1,844 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "additionalProperties": false,
+  "properties": {
+    "env": {
+      "default": "",
+      "description": "Sets additional environment variables for the configuration.",
+      "title": "env"
+    },
+    "envMap": {
+      "default": "",
+      "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
+      "title": "envMap"
+    },
+    "envSecret": {
+      "default": "",
+      "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
+      "title": "envSecret"
+    },
+    "fullnameOverride": {
+      "default": "",
+      "description": "This overrides the output of the internal fullname function",
+      "title": "fullnameOverride"
+    },
+    "global": {
+      "description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
+      "title": "global",
+      "type": "object"
+    },
+    "globals": {
+      "description": "nplus Global Functions Library Chart",
+      "properties": {
+        "global": {
+          "description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
+          "title": "global",
+          "type": "object"
+        }
+      },
+      "title": "nplus-globals",
+      "type": "object"
+    },
+    "image": {
+      "additionalProperties": false,
+      "description": "provide the image to be used for this component",
+      "properties": {
+        "name": {
+          "default": "cmis-connector",
+          "description": "the name of the image to use",
+          "title": "name"
+        },
+        "pullPolicy": {
+          "default": "IfNotPresent",
+          "title": "pullPolicy",
+          "type": "string"
+        },
+        "pullSecrets": {
+          "description": "you can provide your own pullSecrets, in case you use a private repo.",
+          "items": {
+            "anyOf": [
+              {
+                "type": "string"
+              },
+              {
+                "type": "string"
+              }
+            ]
+          },
+          "title": "pullSecrets"
+        },
+        "repo": {
+          "default": "ceyoniq.azurecr.io/release/nscale",
+          "description": "if you use a private repo, feel free to set it here",
+          "title": "repo"
+        },
+        "tag": {
+          "default": "ubi.9.3.1200.2024112508",
+          "description": "the tag of the image to use",
+          "title": "tag"
+        }
+      },
+      "title": "image"
+    },
+    "ingress": {
+      "additionalProperties": false,
+      "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
+      "properties": {
+        "annotations": {
+          "default": "",
+          "description": "Adds extra Annotations to the ingress",
+          "title": "annotations"
+        },
+        "backendProtocol": {
+          "default": "`http` <br> `https` in zero trust mode",
+          "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
+          "title": "backendProtocol"
+        },
+        "class": {
+          "default": "`public`",
+          "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the  instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
+          "title": "class"
+        },
+        "contextPath": {
+          "default": "/cmis",
+          "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
+          "title": "contextPath"
+        },
+        "cookie": {
+          "default": "",
+          "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
+          "title": "cookie"
+        },
+        "deny": {
+          "default": "",
+          "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
+          "title": "deny"
+        },
+        "domain": {
+          "default": "",
+          "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
+          "title": "domain"
+        },
+        "enabled": {
+          "default": "true",
+          "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
+          "title": "enabled"
+        },
+        "inputPath": {
+          "default": "",
+          "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
+          "title": "inputPath"
+        },
+        "namespace": {
+          "default": "\"ingress, kube-system, ingress-nginx\"",
+          "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
+          "title": "namespace"
+        },
+        "proxyReadTimeout": {
+          "default": "",
+          "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
+          "title": "proxyReadTimeout"
+        },
+        "rewriteTarget": {
+          "default": "",
+          "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
+          "title": "rewriteTarget"
+        },
+        "secret": {
+          "default": "`{{ .this.ingress.domain }}-tls`",
+          "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
+          "title": "secret"
+        },
+        "whitelist": {
+          "default": "",
+          "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
+          "title": "whitelist"
+        }
+      },
+      "title": "ingress"
+    },
+    "javaOpts": {
+      "additionalProperties": false,
+      "description": "Options for the Java VM",
+      "properties": {
+        "javaMaxMem": {
+          "default": "",
+          "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed",
+          "title": "javaMaxMem"
+        },
+        "javaMaxRamPercentage": {
+          "default": "",
+          "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.",
+          "title": "javaMaxRamPercentage"
+        },
+        "javaMinMem": {
+          "default": "",
+          "description": "set the minimum memory, java will consume",
+          "title": "javaMinMem"
+        },
+        "javaMisc": {
+          "default": "",
+          "description": "Any misc Java Options that need to be passed to the container",
+          "title": "javaMisc"
+        }
+      },
+      "title": "javaOpts"
+    },
+    "meta": {
+      "additionalProperties": false,
+      "description": "defines internal constants for nplus. do not change these values",
+      "properties": {
+        "componentVersion": {
+          "default": "",
+          "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
+          "title": "componentVersion"
+        },
+        "language": {
+          "default": "java",
+          "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
+          "title": "language"
+        },
+        "ports": {
+          "additionalProperties": false,
+          "description": "lists the ports this component exposes. This is important for zero trust mode and others.",
+          "properties": {
+            "http": {
+              "default": "8096",
+              "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
+              "title": "http"
+            },
+            "https": {
+              "default": "8196",
+              "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
+              "title": "https"
+            },
+            "rmi": {
+              "default": "",
+              "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
+              "title": "rmi"
+            },
+            "tcp": {
+              "default": "",
+              "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
+              "title": "tcp"
+            },
+            "tcps": {
+              "default": "",
+              "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
+              "title": "tcps"
+            }
+          },
+          "title": "ports"
+        },
+        "provider": {
+          "default": "",
+          "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
+          "title": "provider"
+        },
+        "serviceContainer": {
+          "default": "cmis-connector",
+          "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
+          "title": "serviceContainer"
+        },
+        "stage": {
+          "default": "",
+          "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
+          "title": "stage"
+        },
+        "tenant": {
+          "default": "",
+          "description": "sets tenant information to be able to invoice per use in a cloud environment",
+          "title": "tenant"
+        },
+        "type": {
+          "default": "cmis",
+          "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
+          "title": "type"
+        },
+        "wave": {
+          "default": "",
+          "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
+          "title": "wave"
+        }
+      },
+      "title": "meta"
+    },
+    "minReplicaCount": {
+      "default": "",
+      "description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.",
+      "title": "minReplicaCount"
+    },
+    "minReplicaCountType": {
+      "default": "",
+      "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
+      "title": "minReplicaCountType"
+    },
+    "mounts": {
+      "additionalProperties": false,
+      "properties": {
+        "caCerts": {
+          "additionalProperties": false,
+          "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
+          "properties": {
+            "configMap": {
+              "default": "",
+              "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
+              "title": "configMap"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets the path to the certs folder. @internal -- do not change this value",
+              "title": "paths"
+            },
+            "secret": {
+              "default": "",
+              "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
+              "title": "secret"
+            }
+          },
+          "title": "caCerts"
+        },
+        "componentCerts": {
+          "additionalProperties": false,
+          "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
+          "properties": {
+            "configMap": {
+              "default": "",
+              "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
+              "title": "configMap"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets the path to the component certs. @internal -- do not change this value",
+              "title": "paths"
+            },
+            "secret": {
+              "default": "",
+              "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
+              "title": "secret"
+            }
+          },
+          "title": "componentCerts"
+        },
+        "conf": {
+          "additionalProperties": false,
+          "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
+          "properties": {
+            "path": {
+              "default": "/opt/ceyoniq/nscale-cmis-connector/conf",
+              "description": "Sets the path to the conf files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the conf files @internal -- do not change this value",
+              "title": "paths"
+            }
+          },
+          "title": "conf"
+        },
+        "data": {
+          "additionalProperties": false,
+          "properties": {
+            "class": {
+              "default": "",
+              "description": "Sets the class of the data disk",
+              "title": "class"
+            },
+            "path": {
+              "default": "",
+              "description": "Sets the path to the data files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the data files @internal -- do not change this value",
+              "title": "paths"
+            },
+            "size": {
+              "default": "",
+              "description": "Sets the size of the data disk",
+              "title": "size"
+            },
+            "volumeName": {
+              "default": "",
+              "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
+              "title": "volumeName"
+            }
+          },
+          "title": "data",
+          "type": "object"
+        },
+        "disk": {
+          "additionalProperties": false,
+          "properties": {
+            "class": {
+              "default": "",
+              "description": "Sets the class of the disk",
+              "title": "class"
+            },
+            "enabled": {
+              "default": "false",
+              "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
+              "title": "enabled"
+            },
+            "migration": {
+              "default": "false",
+              "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
+              "title": "migration"
+            },
+            "path": {
+              "default": "",
+              "description": "Sets the path to the disk files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the data files @internal -- do not change this value",
+              "title": "paths"
+            },
+            "size": {
+              "default": "",
+              "description": "Sets the size of the disk",
+              "title": "size"
+            },
+            "volumeName": {
+              "default": "",
+              "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
+              "title": "volumeName"
+            }
+          },
+          "title": "disk",
+          "type": "object"
+        },
+        "file": {
+          "additionalProperties": false,
+          "properties": {
+            "class": {
+              "default": "",
+              "description": "Sets the class of the shared disk",
+              "title": "class"
+            },
+            "path": {
+              "default": "",
+              "description": "Sets the path to the shared files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the shared files @internal -- do not change this value",
+              "title": "paths"
+            },
+            "size": {
+              "default": "",
+              "description": "Sets the size of the shared disk",
+              "title": "size"
+            },
+            "volumeName": {
+              "default": "",
+              "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
+              "title": "volumeName"
+            }
+          },
+          "title": "file",
+          "type": "object"
+        },
+        "fonts": {
+          "additionalProperties": false,
+          "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
+          "properties": {
+            "path": {
+              "default": "",
+              "description": "Sets the path to the fonts folder. @internal -- do not change this value",
+              "title": "path"
+            }
+          },
+          "title": "fonts"
+        },
+        "generic": {
+          "default": "",
+          "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
+          "title": "generic"
+        },
+        "license": {
+          "additionalProperties": false,
+          "description": "some nscale Components require a license file and this defines it's location",
+          "properties": {
+            "path": {
+              "default": "",
+              "description": "Sets the path to the license files @internal -- do not change this value",
+              "title": "path"
+            }
+          },
+          "title": "license"
+        },
+        "logs": {
+          "additionalProperties": false,
+          "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
+          "properties": {
+            "path": {
+              "default": "/opt/ceyoniq/nscale-cmis-connector/logs",
+              "description": "Sets the path to the log files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the log files @internal -- do not change this value",
+              "title": "paths"
+            },
+            "size": {
+              "default": "1Gi",
+              "description": "Sets the size of the log disk (all paths)",
+              "title": "size"
+            }
+          },
+          "title": "logs"
+        },
+        "pool": {
+          "additionalProperties": false,
+          "properties": {
+            "path": {
+              "default": "",
+              "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
+              "title": "path"
+            }
+          },
+          "title": "pool",
+          "type": "object"
+        },
+        "ptemp": {
+          "additionalProperties": false,
+          "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
+          "properties": {
+            "path": {
+              "default": "",
+              "description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
+              "title": "paths"
+            }
+          },
+          "title": "ptemp"
+        },
+        "temp": {
+          "additionalProperties": false,
+          "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
+          "properties": {
+            "path": {
+              "default": "/opt/ceyoniq/nscale-cmis-connector/temp",
+              "description": "Sets the path to the temporary files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the temporary files @internal -- do not change this value",
+              "title": "paths"
+            },
+            "size": {
+              "default": "1Gi",
+              "description": "Sets the size of the temporary disk (all paths)",
+              "title": "size"
+            }
+          },
+          "title": "temp"
+        }
+      },
+      "title": "mounts",
+      "type": "object"
+    },
+    "nameOverride": {
+      "default": "",
+      "description": "This overrides the output of the internal name function",
+      "title": "nameOverride"
+    },
+    "nappl": {
+      "additionalProperties": false,
+      "description": "The nscale Application Layer, this component should talk to",
+      "properties": {
+        "account": {
+          "default": "",
+          "description": "The technical account to login with",
+          "title": "account"
+        },
+        "domain": {
+          "default": "",
+          "description": "The domain of the technical account",
+          "title": "domain"
+        },
+        "host": {
+          "default": "",
+          "description": "nappl host name",
+          "title": "host"
+        },
+        "instance": {
+          "default": "",
+          "description": "instance of the Application Layer, likely `instance1`",
+          "title": "instance"
+        },
+        "password": {
+          "default": "",
+          "description": "The password of the technical accunt (if not set by secret)",
+          "title": "password"
+        },
+        "port": {
+          "default": "",
+          "description": "nappl port (http 8080 or https 8443)",
+          "title": "port"
+        },
+        "secret": {
+          "default": "",
+          "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)",
+          "title": "secret"
+        },
+        "ssl": {
+          "default": "",
+          "description": "sets the Advanced Connect to tls",
+          "title": "ssl"
+        }
+      },
+      "title": "nappl"
+    },
+    "nodeSelector": {
+      "default": "",
+      "description": "select specific nodes for this component",
+      "title": "nodeSelector"
+    },
+    "replicaCount": {
+      "default": "1",
+      "description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.",
+      "title": "replicaCount"
+    },
+    "resources": {
+      "additionalProperties": false,
+      "description": "Assigns hardware resources to container",
+      "properties": {
+        "limits": {
+          "additionalProperties": false,
+          "description": "Limits the maximum resources",
+          "properties": {
+            "cpu": {
+              "default": "",
+              "description": "The maximum allowed CPU for the container",
+              "title": "cpu"
+            },
+            "memory": {
+              "default": "",
+              "description": "The maximum allowed RAM for the container",
+              "title": "memory"
+            }
+          },
+          "title": "limits"
+        },
+        "requests": {
+          "additionalProperties": false,
+          "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
+          "properties": {
+            "cpu": {
+              "default": "",
+              "description": "Set the share of guaranteed CPU to the container.",
+              "title": "cpu"
+            },
+            "memory": {
+              "default": "",
+              "description": "Set the share of guaranteed RAM to the container",
+              "title": "memory"
+            }
+          },
+          "title": "requests"
+        }
+      },
+      "title": "resources"
+    },
+    "security": {
+      "additionalProperties": false,
+      "description": "Security Section defining default runtime environment for your container",
+      "properties": {
+        "containerSecurityContext": {
+          "additionalProperties": false,
+          "properties": {
+            "allowPrivilegeEscalation": {
+              "default": "false",
+              "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
+              "title": "allowPrivilegeEscalation"
+            },
+            "capabilities": {
+              "additionalProperties": false,
+              "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
+              "properties": {
+                "drop": {
+                  "items": {
+                    "anyOf": [
+                      {
+                        "type": "string"
+                      }
+                    ]
+                  },
+                  "title": "drop",
+                  "type": "array"
+                }
+              },
+              "title": "capabilities"
+            },
+            "readOnlyRootFilesystem": {
+              "default": "true",
+              "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
+              "title": "readOnlyRootFilesystem"
+            }
+          },
+          "title": "containerSecurityContext",
+          "type": "object"
+        },
+        "podSecurityContext": {
+          "additionalProperties": false,
+          "properties": {
+            "fsGroup": {
+              "default": "1001",
+              "description": "The file system group as which new files are created @internal -- there is normally no need to change this",
+              "title": "fsGroup"
+            },
+            "fsGroupChangePolicy": {
+              "default": "OnRootMismatch",
+              "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
+              "title": "fsGroupChangePolicy"
+            },
+            "runAsUser": {
+              "default": "1001",
+              "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
+              "title": "runAsUser"
+            }
+          },
+          "title": "podSecurityContext",
+          "type": "object"
+        },
+        "zeroTrust": {
+          "default": "`false`",
+          "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
+          "title": "zeroTrust"
+        }
+      },
+      "title": "security"
+    },
+    "service": {
+      "additionalProperties": false,
+      "properties": {
+        "annotations": {
+          "default": "",
+          "description": "adds extra Annotations to the service",
+          "title": "annotations"
+        },
+        "enabled": {
+          "default": "true",
+          "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
+          "title": "enabled"
+        },
+        "selector": {
+          "default": "component",
+          "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
+          "title": "selector"
+        }
+      },
+      "title": "service",
+      "type": "object"
+    },
+    "telemetry": {
+      "additionalProperties": false,
+      "description": "Settings for telemetry tools",
+      "properties": {
+        "openTelemetry": {
+          "default": "",
+          "description": "turns Open Telemetry on",
+          "title": "openTelemetry"
+        },
+        "serviceName": {
+          "default": "",
+          "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
+          "title": "serviceName"
+        }
+      },
+      "title": "telemetry"
+    },
+    "template": {
+      "additionalProperties": false,
+      "description": "provide extra settings for pod templates",
+      "properties": {
+        "annotations": {
+          "default": "",
+          "description": "set additional annotations for pods",
+          "title": "annotations"
+        },
+        "labels": {
+          "default": "",
+          "description": "set additional labels for pods",
+          "title": "labels"
+        }
+      },
+      "title": "template"
+    },
+    "terminationGracePeriodSeconds": {
+      "default": "",
+      "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
+      "title": "terminationGracePeriodSeconds"
+    },
+    "timezone": {
+      "default": "`Europe/Berlin`",
+      "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
+      "title": "timezone"
+    },
+    "tolerations": {
+      "default": "",
+      "description": "Set tolerations for this component",
+      "title": "tolerations"
+    },
+    "updateStrategy": {
+      "default": "",
+      "description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.",
+      "title": "updateStrategy"
+    },
+    "utils": {
+      "additionalProperties": false,
+      "properties": {
+        "debug": {
+          "default": "`false`",
+          "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide",
+          "title": "debug"
+        },
+        "disableWait": {
+          "default": "`false`",
+          "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
+          "title": "disableWait"
+        },
+        "disableWave": {
+          "default": "`false`",
+          "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
+          "title": "disableWave"
+        },
+        "includeNamespace": {
+          "default": "`true`",
+          "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
+          "title": "includeNamespace"
+        },
+        "maintenance": {
+          "default": "`false`",
+          "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
+          "title": "maintenance"
+        },
+        "renderComments": {
+          "default": "`true`",
+          "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
+          "title": "renderComments"
+        }
+      },
+      "title": "utils",
+      "type": "object"
+    },
+    "waitFor": {
+      "default": "",
+      "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the  probes succeed.",
+      "title": "waitFor"
+    }
+  },
+  "type": "object"
+}

charts/cmis/values.yaml

@@ -0,0 +1,423 @@
+# yaml-language-server: $schema=values.schema.json
+# -- Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)
+ingress:
+  # -- You can toggle the ingress on wether you'd like this component
+  # to be reachable through an ingress or not.
+  enabled: true
+  # -- Overrides the default backend protocol. The default is http,
+  # unless in zeroTrust Mode, then it is switched to https automatically.
+  # @default -- `http` <br> `https` in zero trust mode
+  backendProtocol:
+  # -- defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason
+  # Example: `/nscalealinst1(/\|$)(.*)`
+  # @internal -- This is an alpha feature - do not use it.
+  inputPath:
+  # -- defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason
+  # Example: `/nscalealinst1/$2`
+  # @internal -- This is an alpha feature - do not use it.
+  rewriteTarget:
+  # -- deny is used to exclude specific paths from public access, such as
+  # administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is
+  # the burlap protocol. The configuration service is the endpoint used by
+  # the Admin client.
+  deny:
+  # -- on component level, set cookie affinity for the ingress
+  # example: `XtConLoadBalancerSession` for nscale Web
+  cookie:
+  # -- Sets the name of the tls secret to be used for this ingress, that contains
+  # the private and public key. These secrets can optionally be provided by the instance
+  # @default -- `{{ .this.ingress.domain }}-tls`
+  secret:
+  # -- Sets the domain to be used. This domain should be provided by the instance globally
+  # for all components, but you are free to override it here
+  domain:
+  # -- The ingressclass to use for this ingress. Most likely, this is provided globally by the 
+  # instance, but you are free to override it here if this component should use a different class
+  # e.g. if you have separated ingress controllers, like a public and an internal one
+  # @default -- `public`
+  class:
+  # -- optionally sets a whitelist of ip ranges (CIDR format, comma separated)
+  # from which ingress is allowed. This is an annotation for nginx, so won't work with other
+  # ingress controllers
+  whitelist:
+  # -- Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy
+  # to allow traffic from this namespace to our pods. This may be a comma separated list
+  # @default -- "ingress, kube-system, ingress-nginx"
+  namespace:
+  # -- The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the
+  # most though this is only a constant used in the scripts.
+  contextPath: "/cmis"
+  # -- Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.
+  proxyReadTimeout:
+  # -- Adds extra Annotations to the ingress
+  annotations:
+# -- Sets the number of replicas in this replicaSet.
+# Some Components (like nstl or sharepoint) only allow a count of 1.
+replicaCount: 1
+# -- the update Strategy for this component. Normally, you can update all components
+# rolling, except for nappl, where you need to follow the documented update procedures.
+updateStrategy:
+# -- Security Section defining default runtime environment for your container
+security:
+  podSecurityContext:
+    # -- The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context
+    # for security
+    # @internal -- there is normally no need to change this
+    runAsUser: 1001
+    # -- The file system group as which new files are created
+    # @internal -- there is normally no need to change this
+    fsGroup: 1001
+    # -- Under which condition should the fsGroup be changed
+    # @internal -- there is normally no need to change this
+    fsGroupChangePolicy: OnRootMismatch
+  containerSecurityContext:
+    # -- sets the container root file system to read only. This should be the case in production environment
+    # @internal -- you should not change this
+    readOnlyRootFilesystem: true
+    # -- Some functionality may need the possibility to allow privilege escalation. This should be very restrictive
+    # @internal -- you should not change this
+    allowPrivilegeEscalation: false
+    # -- Capabilities this container should have. Only allow the necessity, and drop as many as possible
+    # @internal -- you should not change this
+    capabilities:
+      drop:
+        - ALL
+  # -- turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes
+  # @default -- `false`
+  zeroTrust:
+# # <id>:
+# #   path: <the path in the container, where you want to mount this>
+# #   volumeName: <the name of the PV to be mounted>
+# #   subPath: <an (optional) subpath to be used inside the PV>
+
+mounts:
+  # -- The temp volume is used to hold any superflues and temporary data.
+  # it is deleted when the pod terminates. However, it is extremely important
+  # as all pods filesystems are read only
+  temp:
+    # -- Sets the path to the temporary files
+    # @internal -- do not change this value
+    path: "/opt/ceyoniq/nscale-cmis-connector/temp"
+    # -- Sets a list of paths to the temporary files
+    # @internal -- do not change this value
+    paths:
+    # -- Sets the size of the temporary disk (all paths)
+    size: "1Gi"
+  # -- The conf volume is a RWX volume mounted by the environment, that holds
+  # all configurations of all instances and components in this environment
+  conf:
+    # -- Sets the path to the conf files
+    # @internal -- do not change this value
+    path: "/opt/ceyoniq/nscale-cmis-connector/conf"
+    # -- Sets a list of paths to the conf files
+    # @internal -- do not change this value
+    paths:
+  # -- The log volume is used to take any left-over logging in the container.
+  # The container should log to stdout, but if any component still tries to log to disk
+  # this disk needs to be writeable
+  logs:
+    # -- Sets the path to the log files
+    # @internal -- do not change this value
+    path: "/opt/ceyoniq/nscale-cmis-connector/logs"
+    # -- Sets a list of paths to the log files
+    # @internal -- do not change this value
+    paths:
+    # -- Sets the size of the log disk (all paths)
+    size: "1Gi"
+  # -- some nscale Components require a license file and this
+  # defines it's location
+  license:
+    # -- Sets the path to the license files
+    # @internal -- do not change this value
+    path:
+  # -- If you want to use additional
+  # fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the
+  # fonts directory from the environment pool
+  fonts:
+    # -- Sets the path to the fonts folder.
+    # @internal -- do not change this value
+    path:
+  # -- You can add a file with trusted Root Certificates (e.g. Azure), to be able to
+  # connect to alien services via https. If you have a self-signed root certificate,
+  # you can also add it here.
+  caCerts:
+    # -- Sets the path to the certs folder.
+    # @internal -- do not change this value
+    paths:
+    # -- Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting
+    secret:
+    # -- Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting
+    configMap:
+  # -- the java based nscale components have their own certificates, that you might want to upload.
+  # You can normally do so via the environment configuration, but should you want to use a secret,
+  # you can set it here
+  componentCerts:
+    # -- Sets the path to the component certs.
+    # @internal -- do not change this value
+    paths:
+    # -- Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting
+    secret:
+    # -- Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting
+    configMap:
+  data:
+    # -- If you do not want to have a Volume created by the provisioner,
+    # you can set the name of your volume here to attach to this pre-existing one
+    volumeName:
+    # -- Sets the size of the data disk
+    size:
+    # -- Sets the class of the data disk
+    class:
+    # -- Sets the path to the data files
+    # @internal -- do not change this value
+    path:
+    # -- Sets a list of paths to the data files
+    # @internal -- do not change this value
+    paths:
+  file:
+    # -- If you do not want to have a Volume created by the provisioner,
+    # you can set the name of your volume here to attach to this pre-existing one
+    volumeName:
+    # -- Sets the size of the shared disk
+    size:
+    # -- Sets the class of the shared disk
+    class:
+    # -- Sets the path to the shared files
+    # @internal -- do not change this value
+    path:
+    # -- Sets a list of paths to the shared files
+    # @internal -- do not change this value
+    paths:
+  pool:
+    # -- Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted.
+    # this is used to store scripts, apps and assets that are required to deploy an application / solution
+    # @internal -- do not change this value
+    path:
+  # -- The temp volume is used to hold any superflues and temporary data.
+  # it is deleted when the pod terminates. However, it is extremely important
+  # as all pods filesystems are read only
+  ptemp:
+    # -- Sets the path for temporary files that are persisted
+    # @internal -- do not change this value
+    path:
+    # -- Sets a list of paths for temporary files that are persisted
+    # @internal -- do not change this value
+    paths:
+  # -- Allows to define generic mounts of pre-provisioned PVs into any container.
+  # This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.
+  generic:
+  disk:
+    # -- Sets the size of the disk
+    size:
+    # -- Sets the class of the disk
+    class:
+    # -- Sets the path to the disk files
+    # @internal -- do not change this value
+    path:
+    # -- Sets a list of paths to the data files
+    # @internal -- do not change this value
+    paths:
+    # -- If you do not want to have a Volume created by the provisioner,
+    # you can set the name of your volume here to attach to this pre-existing one
+    volumeName:
+    # -- enables the use of the second data disk. If enabled, all paths defined will end up on this disk.
+    # In case of the (default) disabled, the paths will be added to the primaty data disk.
+    enabled: false
+    # -- Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk.
+    # This is done only once and only if there is legacy data at all. No files are overwritten!
+    migration: false
+# -- Options for the Java VM
+javaOpts:
+  # -- set the percentage of RAM, Java will use of the total.
+  # The total amount is the amount installed in the K8s Cluster Node,
+  # OR the Memory Limit set (see resources), if any.
+  javaMaxRamPercentage:
+  # -- set the minimum memory, java will consume
+  javaMinMem:
+  # -- set the maximum memory, java will consume.
+  # Attention: This is NOT the real maximum and it does not include any non Java memory.
+  # Please read google, as this is highly discussed
+  javaMaxMem:
+  # -- Any misc Java Options that need to be passed to the container
+  javaMisc:
+# -- provide the image to be used for this component
+image:
+  # -- you can provide your own pullSecrets, in case you use
+  # a private repo.
+  pullSecrets:
+    - nscale-cr
+    - nplus-cr
+  # -- the name of the image to use
+  name: cmis-connector
+  # -- the tag of the image to use
+  tag: latest
+  # -- if you use a private repo, feel free to set it here
+  repo: ceyoniq.azurecr.io/release/nscale
+  pullPolicy: IfNotPresent
+# -- set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl)
+# etc.
+# @default -- `Europe/Berlin`
+timezone:
+# -- defines internal constants for nplus.
+# do not change these values
+meta:
+  # -- the type of the component. You should not change this value, except if
+  # you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner*
+  # This type is used to create cluster communication for nappl and nstl and potentially
+  # group multiple replicaSets into one service.
+  type: cmis
+  # -- lists the ports this component exposes. This is important for zero trust mode and others.
+  ports:
+    # -- The http port this component uses (if any). In zero trust mode, this will be disabled.
+    # @internal -- this is a constant value of the component and should not be changed.
+    http: 8096
+    # -- The tls / https port, this component uses (if any)
+    # @internal -- this is a constant value of the component and should not be changed.
+    https: 8196
+    # -- A potential tcp port, this component uses (if any)
+    # @internal -- this is a constant value of the component and should not be changed.
+    tcp:
+    # -- A potential rmi port, this component uses (if any)
+    # @internal -- this is a constant value of the component and should not be changed.
+    rmi:
+    # -- A potential tls / tcps port, this component uses (if any)
+    # @internal -- this is a constant value of the component and should not be changed.
+    tcps:
+  # -- sets tenant information to be able to invoice per use in a cloud environment
+  tenant:
+  # -- sets provider (partner, reseller) information to be able to invoice per use in a cloud environment
+  provider:
+  # -- Sets the wave in which this component should be deployed within an ArgoCD deployment
+  # if unset, it uses the default wave thus all components are installed in one wave, then relying
+  # on correct wait settings just like in a helm installation
+  wave:
+  # -- Sets the language of the main service (in the *service* container). This is used for instance
+  # if you turn OpenTelemetry on, to know which Agent to inject into the container.
+  language: java
+  # -- The container name of the main service for this component. This is used to define where to
+  # inject the telemetry agents, if any
+  serviceContainer: cmis-connector
+  # -- A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment
+  # runs in. This can be used in template functions to add the stage to for instance the service name of
+  # telemetry services like open telemetry. (see telemetry example)
+  stage:
+  # -- This is the version of the component, used for display
+  # @internal -- set by devOps pipeline, so do not modify
+  componentVersion:
+# -- Set tolerations for this component
+tolerations:
+# -- select specific nodes for this component
+nodeSelector:
+# -- Sets the name of a secret, which holds additional environment variables for
+# the configuration. It is added as envFrom secretRef to the container.
+envSecret:
+# -- Sets the name of a configMap, which holds additional environment variables for
+# the configuration. It is added as envFrom configMap to the container.
+envMap:
+# -- Sets additional environment variables for
+# the configuration.
+env:
+# -- The nscale Application Layer, this component should talk to
+nappl:
+  # -- nappl host name
+  host:
+  # -- nappl port (http 8080 or https 8443)
+  port:
+  # -- sets the Advanced Connect to tls
+  ssl:
+  # -- instance of the Application Layer, likely `instance1`
+  instance:
+  # -- The technical account to login with
+  account:
+  # -- The domain of the technical account
+  domain:
+  # -- The password of the technical accunt (if not set by secret)
+  password:
+  # -- An optional secret that holds the credentials (the keys must be `account` and `password`)
+  secret:
+# -- Assigns hardware resources to container
+resources:
+  # -- Requests are used to assign a minimum to a container. This is the guaranteed amount
+  requests:
+    # -- Set the share of guaranteed CPU to the container.
+    cpu:
+    # -- Set the share of guaranteed RAM to the container
+    memory:
+  # -- Limits the maximum resources
+  limits:
+    # -- The maximum allowed CPU for the container
+    cpu:
+    # -- The maximum allowed RAM for the container
+    memory:
+# -- This overrides the output of the internal name function
+nameOverride:
+# -- This overrides the output of the internal fullname function
+fullnameOverride:
+utils:
+  # -- Turn debugging *on* will give you stack trace etc. 
+  # Please check out the Chart Developer Guide
+  # @default -- `false`
+  debug:
+  # -- You can turn Comment rendering *on* to get descriptive information inside the manifests. It
+  # will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD
+  # @default -- `true`
+  renderComments:
+  # -- By default, the namespace is rendered into the manifest. However, if you want to use
+  # `helm template` and store manifests for later applying them to multiple namespaces, you might
+  # want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later
+  # @default -- `true`
+  includeNamespace:
+  # -- in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the
+  # pods will start in idle, not starting the service at all. This will allow you to gain access to the container
+  # to perform recovery and maintenance tasks while having the real container up.
+  # @default -- `false`
+  maintenance:
+  # -- If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components
+  # of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components
+  # while previous waves are not finished yet.
+  # @default -- `false`
+  disableWave:
+  # -- in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are
+  # only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might
+  # start components even if they are not intended to run yet.
+  # @default -- `false`
+  disableWait:
+service:
+  # -- enables the service to be consumed by group components and a potential ingress
+  # Disabling the service also disables the ingress.
+  enabled: true
+  # -- The selector can be `component` or `type`
+  # *component* selects only pods that are in the replicaset.
+  # *type* selects any pod that has the given type
+  selector: "component"
+  # -- adds extra Annotations to the service
+  annotations:
+# -- Defines a list of conditions that need to be met before this components starts.
+# The condition must be a network port that opens, when the master component is ready.
+# Mostly, this will be a service, since a component is only added to a service if the 
+# probes succeed.
+waitFor:
+# -- if you set minReplicaCount, a podDesruptionBudget will be created with this value as
+# minAvailable, using the full component as selector. This is useful for components, that are
+# using multiple replicas.
+minReplicaCount:
+# -- if you set minReplicaCountType, a podDesruptionBudget will be created with this value as
+# minAvailable, using the component type as selector. This is useful for components, that are spread
+# across multiple replicaSets, like sharepoint or storage layer
+minReplicaCountType:
+# -- provide extra settings for pod templates
+template:
+  # -- set additional annotations for pods
+  annotations:
+  # -- set additional labels for pods
+  labels:
+# -- Settings for telemetry tools
+telemetry:
+  # -- turns Open Telemetry on
+  openTelemetry:
+  # -- Sets the service name for the telemetry service to more convenient
+  # identify the displayed component
+  # Example: "{{ .this.meta.type }}-{{ .instance.name }}"
+  serviceName:
+# -- Sets the terminationGracePeriodSeconds for the component
+# If not set, it uses the Kubernetes defaults
+terminationGracePeriodSeconds:

charts/database/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: nplus-component-database
+description: Postgres Database, deploys a DEV or TESTING environment DB
+icon: data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPHN2ZyB2ZXJzaW9uPSIxLjEiIGlkPSJFYmVuZV8xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB4PSIwcHgiIHk9IjBweCIKCSB2aWV3Qm94PSIwIDAgNTEuMDI0IDUxLjAyNCIgZW5hYmxlLWJhY2tncm91bmQ9Im5ldyAwIDAgNTEuMDI0IDUxLjAyNCIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+CjxnPgoJPHBvbHlnb24gZmlsbD0iI0E0QkZFNCIgcG9pbnRzPSIzMi4zMjIsMTkuNzQ0IDIwLjY0OSwxOS43NDQgMTguNTkxLDMxLjQxNyAzMC4yNjQsMzEuNDE3IAkiLz4KCTxwb2x5Z29uIGZpbGw9IiNBNEJGRTQiIHBvaW50cz0iNDcuMTg1LDE5Ljc0NCAzNS41MTIsMTkuNzQ0IDMzLjQ1NCwzMS40MTcgNDUuMTI2LDMxLjQxNyAJIi8+Cgk8cG9seWdvbiBmaWxsPSIjQTRCRkU0IiBwb2ludHM9IjI5Ljc2NiwzNC41NTEgMTguMDk0LDM0LjU1MSAxNi4wMzUsNDYuMjI0IDI3LjcwOCw0Ni4yMjQgCSIvPgoJPHBvbHlnb24gZmlsbD0iI0E0QkZFNCIgcG9pbnRzPSIxNy41NywxOS43NDQgNS44OTcsMTkuNzQ0IDMuODM5LDMxLjQxNyAxNS41MTIsMzEuNDE3IAkiLz4KCTxwb2x5Z29uIGZpbGw9IiNBNEJGRTQiIHBvaW50cz0iMzUuMTUsNC43OTkgMjMuNDc3LDQuNzk5IDIxLjQxOSwxNi40NzIgMzMuMDkyLDE2LjQ3MiAJIi8+Cjwvc3ZnPgo=
+type: application
+dependencies:
+  - name: nplus-globals
+    alias: globals
+    version: "*-0"
+    repository: "file://../globals"
+version: 1.0.0

charts/database/README.md

@@ -0,0 +1,160 @@
+
+
+# nplus-component-database
+
+Postgres Database, deploys a DEV or TESTING environment DB
+
+## nplus-component-database Chart Configuration
+
+You can customize / configure nplus-component-database by setting configuration values on the command line or in values files,
+that you can pass to helm. Please see the samples directory for details.
+
+In case there is no value set, the key will not be used in the manifest, resulting in values taken from the config files of the component.
+
+### Template Functions
+
+You can use template functions in the values files. If you do so, make sure you quote correctly (single quotes, if you have double quotes in the template,
+or escaped quotes).
+
+### Global Values
+
+All values can be set per component, per instance or globally per environment.
+
+Example: `global.ingress.domain` sets the domain on instance level. You can still set a different domain on a component, such as administrator.
+In that case, simply set `ingress.domain` for the administrator chart and that setting will have priority:
+
+- Prio 1 - Component Level: `ingress.domain`
+- Prio 2 - Instance Level: `global.ingress.domain`
+- Prio 3 - Environment Level: `global.environment.ingress.domain`
+
+### Using Values in Templates
+
+As it would be a lot of typing to write `.Values.ingress.domain | default .Values.global.ingress.domain | default .Values.global.environment.ingress.domain`in your
+template code, this is automatically done by nplus. You can simply type `.this.ingress.domain` and you will get a condensed and defaulted version
+of your Values.
+
+So an example in your `values.yaml` would be:
+
+```
+administrator:
+  waitFor:
+    - '-service {{ .component.prefix }}nappljobs.{{ .Release.Namespace }}.svc.cluster.local:\{{ .this.nappl.port }} -timeout 600'
+```
+
+This example shows `.this.nappl.port` which might come from a component, instance or global setting. You do not need to care.
+The `.Release.Namespace` is set by helm. You have access to all Release and Chart Metadata, just like in your chart code.
+
+The `.component.prefix` is calculated by nplus and gives you some handy shortcuts to internal variables:
+
+- `.component.chartName` 
+  The name of the chart as in `.Chart.Name`, but with override by `.Values.nameOverride`
+- `.component.shortChartName` 
+  A shorter Version of the name - `nappl` instead of `nplus-component-nappl`
+- `.component.prefix` 
+  The instance Prefix used to name the resources including `-`. This prefix is dropped, if the
+  `.Release.Name` equals `.Release.Namespace` for those of you that only
+  run one nplus Instance per namespace
+- `.component.name` 
+  The name of the component, including `.Values.nameOverride` and some logic
+- `.component.fullName` 
+  The fullName inlcuding `.Values.fullnameOverride` and some logic
+- `.component.chart` 
+  Mainly the `Chart.Name` and `Chart.Version`
+- `.component.storagePath` 
+  The path where the component config is stored in the conf PVC
+- `.component.handler` 
+  The handler (either helm, argoCD or manual)
+
+- `.instance.name` 
+  The name of the instance, but with override by `.Values.instanceOverride`
+- `.instance.group` 
+  The group, this instance belongs to. Override by `.Values.groupOverride`
+- `.instance.version` 
+  The *nscale* version (mostly taken from Application Layer), this instance is deploying.
+
+- `.environment.name` 
+  The name of the environment, but with override by `.Values.environmentNameOverride`
+
+### Keys
+
+You can set any of the following values for this component:
+
+| Key | Description | Default |
+|-----|-------------|---------|
+**database**​.account | the technical account to own the nscale database, if not set by secret |  `"nscale"` |
+**database**​.name | name of the nscale database |  `"nscale"` |
+**database**​.password | password of the technical account, if not set by secret |  `"nscale"` |
+**database**​.secret | the secret with credentials (account, password) for the nscale technical account. This setting has priority over account and password |   |
+**dbAdmin**​.account | the database admin account, if not set by secret |  `"postgres"` |
+**dbAdmin**​.password | the database admin password, if not set by secret |  `"postgres"` |
+**dbAdmin**​.secret | the secret with credentials (account, password) for the database admin account. This setting has priority over adminAccount and adminPassword |   |
+env | Sets additional environment variables for the configuration. |   |
+envMap | Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container. |   |
+envSecret | Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container. |   |
+fullnameOverride | This overrides the output of the internal fullname function |   |
+**image**​.name | the name of the image to use |  `"bitnami/postgresql"` |
+**image**​.pullSecrets | you can provide your own pullSecrets, in case you use a private repo. |   |
+**image**​.repo | if you use a private repo, feel free to set it here |   |
+**image**​.tag | the tag of the image to use |  `15` |
+**meta**​.language | Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container. |   |
+**meta**&#8203;.ports&#8203;.tcp | A potential tcp port, this component uses (if any) <br>this is a constant value of the component and should not be changed. | **info only**, do not change<br> `5432` |
+**meta**&#8203;.provider | sets provider (partner, reseller) information to be able to invoice per use in a cloud environment |   |
+**meta**&#8203;.serviceContainer | The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any |   |
+**meta**&#8203;.stage | A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example) |   |
+**meta**&#8203;.tenant | sets tenant information to be able to invoice per use in a cloud environment |   |
+**meta**&#8203;.type | the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service. |  `"database"` |
+**meta**&#8203;.wave | Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation |   |
+minReplicaCountType | if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer |   |
+**mounts**&#8203;.caCerts&#8203;.configMap | Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting |   |
+**mounts**&#8203;.caCerts&#8203;.secret | Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting |   |
+**mounts**&#8203;.componentCerts&#8203;.configMap | Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting |   |
+**mounts**&#8203;.componentCerts&#8203;.secret | Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting |   |
+**mounts**&#8203;.conf&#8203;.path | Sets the path to the conf files <br>do not change this value | **info only**, do not change<br> `"/opt/bitnami/postgresql/conf"` |
+**mounts**&#8203;.data&#8203;.class | Sets the class of the data disk |   |
+**mounts**&#8203;.data&#8203;.paths | Sets a list of paths to the data files <br>do not change this value | **info only**, do not change<br> `["/bitnami/postgresql"]` |
+**mounts**&#8203;.data&#8203;.size | Sets the size of the data disk |  `"30Gi"` |
+**mounts**&#8203;.data&#8203;.volumeName | If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one |   |
+**mounts**&#8203;.disk&#8203;.class | Sets the class of the disk |   |
+**mounts**&#8203;.disk&#8203;.enabled | enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk. |  `false` |
+**mounts**&#8203;.disk&#8203;.migration | Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten! |  `false` |
+**mounts**&#8203;.disk&#8203;.size | Sets the size of the disk |   |
+**mounts**&#8203;.disk&#8203;.volumeName | If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one |   |
+**mounts**&#8203;.file&#8203;.class | Sets the class of the shared disk |   |
+**mounts**&#8203;.file&#8203;.size | Sets the size of the shared disk |   |
+**mounts**&#8203;.file&#8203;.volumeName | If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one |   |
+**mounts**&#8203;.generic | Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container. |   |
+**mounts**&#8203;.logs&#8203;.size | Sets the size of the log disk (all paths) |   |
+**mounts**&#8203;.temp&#8203;.paths | Sets a list of paths to the temporary files <br>do not change this value | **info only**, do not change<br> `["/tmp", "/opt/bitnami/postgresql/tmp"]` |
+**mounts**&#8203;.temp&#8203;.size | Sets the size of the temporary disk (all paths) |  `"1Gi"` |
+nameOverride | This overrides the output of the internal name function |   |
+nodeSelector | select specific nodes for this component |   |
+**priority**&#8203;.className | Set the priority class for the Application Layer deployment if desired |   |
+**priority**&#8203;.createClass | Creates an individual PriorityClass for this instance |   |
+**priority**&#8203;.value | Sets the priorityValue |  1000000 |
+**resources**&#8203;.limits&#8203;.cpu | The maximum allowed CPU for the container |   |
+**resources**&#8203;.limits&#8203;.memory | The maximum allowed RAM for the container |   |
+**resources**&#8203;.requests&#8203;.cpu | Set the share of guaranteed CPU to the container. |   |
+**resources**&#8203;.requests&#8203;.memory | Set the share of guaranteed RAM to the container |   |
+**security**&#8203;.containerSecurityContext&#8203;.allowPrivilegeEscalation | Some functionality may need the possibility to allow privilege escalation. This should be very restrictive <br>you should not change this | **info only**, do not change<br> `false` |
+**security**&#8203;.containerSecurityContext&#8203;.readOnlyRootFilesystem | sets the container root file system to read only. This should be the case in production environment <br>you should not change this | **info only**, do not change<br> `true` |
+**security**&#8203;.podSecurityContext&#8203;.fsGroup | The file system group as which new files are created <br>there is normally no need to change this | **info only**, do not change<br> `1001` |
+**security**&#8203;.podSecurityContext&#8203;.fsGroupChangePolicy | Under which condition should the fsGroup be changed <br>there is normally no need to change this | **info only**, do not change<br> `"OnRootMismatch"` |
+**security**&#8203;.podSecurityContext&#8203;.runAsUser | The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security <br>there is normally no need to change this | **info only**, do not change<br> `1001` |
+**security**&#8203;.zeroTrust | turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes |  `false` |
+**service**&#8203;.annotations | adds extra Annotations to the service |   |
+**service**&#8203;.enabled | enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress. |  `true` |
+**service**&#8203;.selector | The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type |  `"component"` |
+**telemetry**&#8203;.openTelemetry | turns Open Telemetry on |   |
+**telemetry**&#8203;.serviceName | Sets the service name for the telemetry service to more convenient identify the displayed component Example: "{{ .this.meta.type }}-{{ .instance.name }}" |   |
+**template**&#8203;.annotations | set additional annotations for pods |   |
+**template**&#8203;.labels | set additional labels for pods |   |
+terminationGracePeriodSeconds | Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults |   |
+timezone | set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc. |  `Europe/Berlin` |
+tolerations | Set tolerations for this component |   |
+**utils**&#8203;.debug | Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide |  `false` |
+**utils**&#8203;.disableWait | in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet. |  `false` |
+**utils**&#8203;.disableWave | If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet. |  `false` |
+**utils**&#8203;.includeNamespace | By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later |  `true` |
+**utils**&#8203;.maintenance | in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up. |  `false` |
+**utils**&#8203;.renderComments | You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD |  `true` |
+

charts/database/templates/component.tpl

@@ -0,0 +1,2 @@
+{{- include "nplus.init" $ -}}
+{{- include "nplus.component" . -}}

charts/database/templates/config.tpl

@@ -0,0 +1,16 @@
+{{- include "nplus.init" $ -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .component.fullName }}-config
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoWave" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+    {{- include "nplus.securityAnnotations" . | nindent 4 }}
+data:
+{{ (.Files.Glob "config/*").AsConfig | indent 2 }}

charts/database/templates/networkpolicy.tpl

@@ -0,0 +1,33 @@
+{{- include "nplus.init" $ -}}
+{{- if ((.this.security).cni).createNetworkPolicy }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ .component.fullName }}
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoWave" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+    {{- include "nplus.securityAnnotations" . | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "nplus.selectorLabels" . | nindent 6 }}
+  policyTypes:
+  - Ingress
+  ingress:
+  - from:
+    # Allow access from NAPPL Cores
+    - podSelector:
+        matchLabels:
+          nplus/group: {{ .instance.group }}
+          nplus/type: core
+    {{- if ((.this.security).cni).excludeUnusedPorts }}
+    ports:
+    {{- include "nplus.defaultPolicyPorts" . | nindent 4 }}
+    {{- end }}
+{{- end }}

charts/database/templates/pdb.tpl

@@ -0,0 +1,2 @@
+{{- include "nplus.init" $ -}}
+{{- include "nplus.podDisruptionBudget" . -}}

charts/database/templates/priorityClass.tpl

@@ -0,0 +1,2 @@
+{{- include "nplus.init" $ -}}
+{{- include "nplus.priorityClass" . }}

charts/database/templates/pvc.tpl

@@ -0,0 +1,2 @@
+{{- include "nplus.init" $ -}}
+{{- include "nplus.pvc" . }}

charts/database/templates/service.tpl

@@ -0,0 +1,28 @@
+{{- include "nplus.init" $ -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .component.fullName }}
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoWave" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+    {{- include "nplus.securityAnnotations" . | nindent 4 }}
+    {{- include "nplus.serviceAnnotations" . | nindent 4 }}
+spec:
+  ports:
+    {{- include "nplus.defaultServicePorts" . | nindent 4 }}
+   
+  selector:
+  {{- if eq .this.service.selector "component" }}
+    {{- include "nplus.selectorLabels" . | nindent 4 }}
+  {{- else if eq .this.service.selector "type" }}
+    {{- include "nplus.selectorLabelsNc" . | nindent 4 }}
+  {{- else }}
+    {{- fail (printf "Unknown Service Selector Type: %s - must be component or type" .this.service.selector) }}
+  {{- end }}
+

charts/database/templates/statefulset.tpl

@@ -0,0 +1,119 @@
+{{- include "nplus.init" $ -}}
+# Component: {{ .component.chartName }}
+#
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ .component.fullName }}
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoWave" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+    {{- include "nplus.securityAnnotations" . | nindent 4 }}
+spec:
+  serviceName: {{ .component.fullName }}
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "nplus.selectorLabels" . | nindent 6 }}
+  podManagementPolicy: OrderedReady
+  updateStrategy:
+      type: OnDelete
+  minReadySeconds: 10
+
+  template:
+    metadata:
+      labels:
+        {{- include "nplus.templateLabels" . | nindent 8 }}
+      annotations:
+        {{- include "nplus.templateAnnotations" . | nindent 8 }}
+        {{- include "nplus.securityAnnotations" . | nindent 8 }}
+    spec:
+      {{- include "nplus.priorityClassName" . | nindent 6 }}
+      {{- include "nplus.securityIllumioReadinessGates" . | nindent 6 }}
+      {{- include "nplus.podSecurityContext" . | nindent 6 }}
+      {{- include "nplus.templateAffinity" . | nindent 6 }}
+      {{- include "nplus.imagePullSecrets" . | nindent 6 }}
+      {{- include "nplus.terminationGracePeriodSeconds" . | nindent 6 }}
+
+      initContainers:
+      {{- include "nplus.copyConfig" . | nindent 6 }}
+
+      containers:
+      - name: postgres
+        image: {{ include "nplus.image" (dict "global" .Values.global "image" .Values.image) }}
+        imagePullPolicy: {{ include "nplus.imagePullPolicy" .Values.image }}
+        {{- include "nplus.containerSecurityContext" . | nindent 8 }}
+        {{- include "nplus.resources" . | nindent 8 }}
+          
+        env:
+
+        # -- POSTGRES Admin Credentials
+          {{- include "nplus.envCredentials" (list
+            "POSTGRES_USERNAME"   ($.this.dbAdmin).account
+            "POSTGRES_PASSWORD"   ($.this.dbAdmin).password
+                                  ($.this.dbAdmin).secret
+          ) | nindent 10 }}
+
+        # -- NAPPL Postgres Connection Credentials
+          {{- include "nplus.envCredentials" (list
+            "NSCALE_USERNAME"   ($.this.database).account
+            "NSCALE_PASSWORD"   ($.this.database).password
+                                ($.this.database).secret
+          ) | nindent 10 }}
+
+          - name: NSCALE_DATABASE
+            value: {{ (.this.database).name }}
+
+        {{- include "nplus.environment" . | nindent 8 }}
+
+        ports:
+        {{- include "nplus.defaultContainerPorts" . | nindent 8 }}
+
+        {{- if .this.utils.maintenance }}
+          {{- include "nplus.idle" . | nindent 8 }}
+        {{- else }}
+        startupProbe:
+          initialDelaySeconds: 10
+          failureThreshold: 12
+          periodSeconds: 10
+          timeoutSeconds: 5
+          exec:
+            command:
+            - sh
+            - -c
+            - exec pg_isready -U "postgres" -h 127.0.0.1 -p {{ required "Postgres Port must be set" ((.this.meta).ports).tcp }}
+        livenessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - exec pg_isready -U "postgres" -h 127.0.0.1 -p {{ required "Postgres Port must be set" ((.this.meta).ports).tcp }}
+          periodSeconds: 30
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 6
+        readinessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - |
+              pg_isready -U "postgres" -h 127.0.0.1 -p 5432 -t 1
+              [ -f /opt/bitnami/postgresql/tmp/.initialized ]
+        {{- end }}
+        volumeMounts:
+        # Postgres requires this directory to be **completely** empty,
+        # so also no lost&found directory.
+        {{- include "nplus.defaultMounts" . | nindent 8 }}
+        - name: custom-init-scripts
+          mountPath: /docker-entrypoint-initdb.d/
+      volumes:
+      - name: custom-init-scripts
+        configMap:
+          name: {{ .component.fullName }}-config
+      {{- include "nplus.defaultVolumes" . | nindent 6 }}

charts/database/values.schema.json

@@ -0,0 +1,750 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "additionalProperties": false,
+  "properties": {
+    "database": {
+      "additionalProperties": false,
+      "properties": {
+        "account": {
+          "default": "nscale",
+          "description": "the technical account to own the nscale database, if not set by secret",
+          "title": "account"
+        },
+        "name": {
+          "default": "nscale",
+          "description": "name of the nscale database",
+          "title": "name"
+        },
+        "password": {
+          "default": "nscale",
+          "description": "password of the technical account, if not set by secret",
+          "title": "password"
+        },
+        "secret": {
+          "default": "",
+          "description": "the secret with credentials (account, password) for the nscale technical account. This setting has priority over account and password",
+          "title": "secret"
+        }
+      },
+      "title": "database",
+      "type": "object"
+    },
+    "dbAdmin": {
+      "additionalProperties": false,
+      "properties": {
+        "account": {
+          "default": "postgres",
+          "description": "the database admin account, if not set by secret",
+          "title": "account"
+        },
+        "password": {
+          "default": "postgres",
+          "description": "the database admin password, if not set by secret",
+          "title": "password"
+        },
+        "secret": {
+          "default": "",
+          "description": "the secret with credentials (account, password) for the database admin account. This setting has priority over adminAccount and adminPassword",
+          "title": "secret"
+        }
+      },
+      "title": "dbAdmin",
+      "type": "object"
+    },
+    "env": {
+      "default": "",
+      "description": "Sets additional environment variables for the configuration.",
+      "title": "env"
+    },
+    "envMap": {
+      "default": "",
+      "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
+      "title": "envMap"
+    },
+    "envSecret": {
+      "default": "",
+      "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
+      "title": "envSecret"
+    },
+    "fullnameOverride": {
+      "default": "",
+      "description": "This overrides the output of the internal fullname function",
+      "title": "fullnameOverride"
+    },
+    "global": {
+      "description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
+      "title": "global",
+      "type": "object"
+    },
+    "globals": {
+      "description": "nplus Global Functions Library Chart",
+      "properties": {
+        "global": {
+          "description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
+          "title": "global",
+          "type": "object"
+        }
+      },
+      "title": "nplus-globals",
+      "type": "object"
+    },
+    "image": {
+      "additionalProperties": false,
+      "description": "provide the image to be used for this component",
+      "properties": {
+        "name": {
+          "default": "bitnami/postgresql",
+          "description": "the name of the image to use",
+          "title": "name"
+        },
+        "pullSecrets": {
+          "default": "",
+          "description": "you can provide your own pullSecrets, in case you use a private repo.",
+          "title": "pullSecrets"
+        },
+        "repo": {
+          "default": "",
+          "description": "if you use a private repo, feel free to set it here",
+          "title": "repo"
+        },
+        "tag": {
+          "default": "15",
+          "description": "the tag of the image to use",
+          "title": "tag"
+        }
+      },
+      "title": "image"
+    },
+    "meta": {
+      "additionalProperties": false,
+      "properties": {
+        "componentVersion": {
+          "default": "",
+          "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
+          "title": "componentVersion"
+        },
+        "language": {
+          "default": "",
+          "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
+          "title": "language"
+        },
+        "ports": {
+          "additionalProperties": false,
+          "description": "lists the ports this component exposes. This is important for zero trust mode and others.",
+          "properties": {
+            "http": {
+              "default": "",
+              "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
+              "title": "http"
+            },
+            "https": {
+              "default": "",
+              "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
+              "title": "https"
+            },
+            "rmi": {
+              "default": "",
+              "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
+              "title": "rmi"
+            },
+            "tcp": {
+              "default": "5432",
+              "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
+              "title": "tcp"
+            },
+            "tcps": {
+              "default": "",
+              "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
+              "title": "tcps"
+            }
+          },
+          "title": "ports"
+        },
+        "provider": {
+          "default": "",
+          "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
+          "title": "provider"
+        },
+        "serviceContainer": {
+          "default": "",
+          "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
+          "title": "serviceContainer"
+        },
+        "stage": {
+          "default": "",
+          "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
+          "title": "stage"
+        },
+        "tenant": {
+          "default": "",
+          "description": "sets tenant information to be able to invoice per use in a cloud environment",
+          "title": "tenant"
+        },
+        "type": {
+          "default": "database",
+          "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
+          "title": "type"
+        },
+        "wave": {
+          "default": "",
+          "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
+          "title": "wave"
+        }
+      },
+      "title": "meta",
+      "type": "object"
+    },
+    "minReplicaCountType": {
+      "default": "",
+      "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
+      "title": "minReplicaCountType"
+    },
+    "mounts": {
+      "additionalProperties": false,
+      "properties": {
+        "caCerts": {
+          "additionalProperties": false,
+          "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
+          "properties": {
+            "configMap": {
+              "default": "",
+              "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
+              "title": "configMap"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets the path to the certs folder. @internal -- do not change this value",
+              "title": "paths"
+            },
+            "secret": {
+              "default": "",
+              "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
+              "title": "secret"
+            }
+          },
+          "title": "caCerts"
+        },
+        "componentCerts": {
+          "additionalProperties": false,
+          "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
+          "properties": {
+            "configMap": {
+              "default": "",
+              "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
+              "title": "configMap"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets the path to the component certs. @internal -- do not change this value",
+              "title": "paths"
+            },
+            "secret": {
+              "default": "",
+              "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
+              "title": "secret"
+            }
+          },
+          "title": "componentCerts"
+        },
+        "conf": {
+          "additionalProperties": false,
+          "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
+          "properties": {
+            "path": {
+              "default": "/opt/bitnami/postgresql/conf",
+              "description": "Sets the path to the conf files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the conf files @internal -- do not change this value",
+              "title": "paths"
+            }
+          },
+          "title": "conf"
+        },
+        "data": {
+          "additionalProperties": false,
+          "properties": {
+            "class": {
+              "default": "",
+              "description": "Sets the class of the data disk",
+              "title": "class"
+            },
+            "path": {
+              "default": "",
+              "description": "Sets the path to the data files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "description": "Sets a list of paths to the data files @internal -- do not change this value",
+              "items": {
+                "anyOf": [
+                  {
+                    "type": "string"
+                  }
+                ]
+              },
+              "title": "paths"
+            },
+            "size": {
+              "default": "30Gi",
+              "description": "Sets the size of the data disk",
+              "title": "size"
+            },
+            "volumeName": {
+              "default": "",
+              "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
+              "title": "volumeName"
+            }
+          },
+          "title": "data",
+          "type": "object"
+        },
+        "disk": {
+          "additionalProperties": false,
+          "properties": {
+            "class": {
+              "default": "",
+              "description": "Sets the class of the disk",
+              "title": "class"
+            },
+            "enabled": {
+              "default": "false",
+              "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
+              "title": "enabled"
+            },
+            "migration": {
+              "default": "false",
+              "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
+              "title": "migration"
+            },
+            "path": {
+              "default": "",
+              "description": "Sets the path to the disk files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the data files @internal -- do not change this value",
+              "title": "paths"
+            },
+            "size": {
+              "default": "",
+              "description": "Sets the size of the disk",
+              "title": "size"
+            },
+            "volumeName": {
+              "default": "",
+              "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
+              "title": "volumeName"
+            }
+          },
+          "title": "disk",
+          "type": "object"
+        },
+        "file": {
+          "additionalProperties": false,
+          "properties": {
+            "class": {
+              "default": "",
+              "description": "Sets the class of the shared disk",
+              "title": "class"
+            },
+            "path": {
+              "default": "",
+              "description": "Sets the path to the shared files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the shared files @internal -- do not change this value",
+              "title": "paths"
+            },
+            "size": {
+              "default": "",
+              "description": "Sets the size of the shared disk",
+              "title": "size"
+            },
+            "volumeName": {
+              "default": "",
+              "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
+              "title": "volumeName"
+            }
+          },
+          "title": "file",
+          "type": "object"
+        },
+        "fonts": {
+          "additionalProperties": false,
+          "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
+          "properties": {
+            "path": {
+              "default": "",
+              "description": "Sets the path to the fonts folder. @internal -- do not change this value",
+              "title": "path"
+            }
+          },
+          "title": "fonts"
+        },
+        "generic": {
+          "default": "",
+          "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
+          "title": "generic"
+        },
+        "license": {
+          "additionalProperties": false,
+          "description": "some nscale Components require a license file and this defines it's location",
+          "properties": {
+            "path": {
+              "default": "",
+              "description": "Sets the path to the license files @internal -- do not change this value",
+              "title": "path"
+            }
+          },
+          "title": "license"
+        },
+        "logs": {
+          "additionalProperties": false,
+          "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
+          "properties": {
+            "path": {
+              "default": "",
+              "description": "Sets the path to the log files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths to the log files @internal -- do not change this value",
+              "title": "paths"
+            },
+            "size": {
+              "default": "",
+              "description": "Sets the size of the log disk (all paths)",
+              "title": "size"
+            }
+          },
+          "title": "logs"
+        },
+        "pool": {
+          "additionalProperties": false,
+          "properties": {
+            "path": {
+              "default": "",
+              "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
+              "title": "path"
+            }
+          },
+          "title": "pool",
+          "type": "object"
+        },
+        "ptemp": {
+          "additionalProperties": false,
+          "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
+          "properties": {
+            "path": {
+              "default": "",
+              "description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "default": "",
+              "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
+              "title": "paths"
+            }
+          },
+          "title": "ptemp"
+        },
+        "temp": {
+          "additionalProperties": false,
+          "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
+          "properties": {
+            "path": {
+              "default": "",
+              "description": "Sets the path to the temporary files @internal -- do not change this value",
+              "title": "path"
+            },
+            "paths": {
+              "description": "Sets a list of paths to the temporary files @internal -- do not change this value",
+              "items": {
+                "anyOf": [
+                  {
+                    "type": "string"
+                  },
+                  {
+                    "type": "string"
+                  }
+                ]
+              },
+              "title": "paths"
+            },
+            "size": {
+              "default": "1Gi",
+              "description": "Sets the size of the temporary disk (all paths)",
+              "title": "size"
+            }
+          },
+          "title": "temp"
+        }
+      },
+      "title": "mounts",
+      "type": "object"
+    },
+    "nameOverride": {
+      "default": "",
+      "description": "This overrides the output of the internal name function",
+      "title": "nameOverride"
+    },
+    "nodeSelector": {
+      "default": "",
+      "description": "select specific nodes for this component",
+      "title": "nodeSelector"
+    },
+    "priority": {
+      "additionalProperties": false,
+      "description": "You can give a component a specific priorityClass to implement a quality of service. You can leave this empty, then no priority is set. If you set a class, this class is taken If you additionally enable create, the class is created for you with the value defined.",
+      "properties": {
+        "className": {
+          "default": "",
+          "description": "Set the priority class for the Application Layer deployment if desired",
+          "title": "className"
+        },
+        "createClass": {
+          "default": "",
+          "description": "Creates an individual PriorityClass for this instance",
+          "title": "createClass"
+        },
+        "value": {
+          "default": "1000000",
+          "description": "Sets the priorityValue",
+          "title": "value"
+        }
+      },
+      "title": "priority"
+    },
+    "replicaCount": {
+      "default": "1",
+      "description": "The replicaCount for the Database should never be changed @ignore",
+      "title": "replicaCount"
+    },
+    "resources": {
+      "additionalProperties": false,
+      "description": "Assigns hardware resources to container",
+      "properties": {
+        "limits": {
+          "additionalProperties": false,
+          "description": "Limits the maximum resources",
+          "properties": {
+            "cpu": {
+              "default": "",
+              "description": "The maximum allowed CPU for the container",
+              "title": "cpu"
+            },
+            "memory": {
+              "default": "",
+              "description": "The maximum allowed RAM for the container",
+              "title": "memory"
+            }
+          },
+          "title": "limits"
+        },
+        "requests": {
+          "additionalProperties": false,
+          "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
+          "properties": {
+            "cpu": {
+              "default": "",
+              "description": "Set the share of guaranteed CPU to the container.",
+              "title": "cpu"
+            },
+            "memory": {
+              "default": "",
+              "description": "Set the share of guaranteed RAM to the container",
+              "title": "memory"
+            }
+          },
+          "title": "requests"
+        }
+      },
+      "title": "resources"
+    },
+    "security": {
+      "additionalProperties": false,
+      "description": "Security Section defining default runtime environment for your container",
+      "properties": {
+        "containerSecurityContext": {
+          "additionalProperties": false,
+          "properties": {
+            "allowPrivilegeEscalation": {
+              "default": "false",
+              "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
+              "title": "allowPrivilegeEscalation"
+            },
+            "capabilities": {
+              "additionalProperties": false,
+              "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
+              "properties": {
+                "drop": {
+                  "items": {
+                    "anyOf": [
+                      {
+                        "type": "string"
+                      }
+                    ]
+                  },
+                  "title": "drop",
+                  "type": "array"
+                }
+              },
+              "title": "capabilities"
+            },
+            "readOnlyRootFilesystem": {
+              "default": "true",
+              "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
+              "title": "readOnlyRootFilesystem"
+            }
+          },
+          "title": "containerSecurityContext",
+          "type": "object"
+        },
+        "podSecurityContext": {
+          "additionalProperties": false,
+          "properties": {
+            "fsGroup": {
+              "default": "1001",
+              "description": "The file system group as which new files are created @internal -- there is normally no need to change this",
+              "title": "fsGroup"
+            },
+            "fsGroupChangePolicy": {
+              "default": "OnRootMismatch",
+              "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
+              "title": "fsGroupChangePolicy"
+            },
+            "runAsUser": {
+              "default": "1001",
+              "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
+              "title": "runAsUser"
+            }
+          },
+          "title": "podSecurityContext",
+          "type": "object"
+        },
+        "zeroTrust": {
+          "default": "`false`",
+          "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
+          "title": "zeroTrust"
+        }
+      },
+      "title": "security"
+    },
+    "service": {
+      "additionalProperties": false,
+      "properties": {
+        "annotations": {
+          "default": "",
+          "description": "adds extra Annotations to the service",
+          "title": "annotations"
+        },
+        "enabled": {
+          "default": "true",
+          "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
+          "title": "enabled"
+        },
+        "selector": {
+          "default": "component",
+          "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
+          "title": "selector"
+        }
+      },
+      "title": "service",
+      "type": "object"
+    },
+    "telemetry": {
+      "additionalProperties": false,
+      "description": "Settings for telemetry tools",
+      "properties": {
+        "openTelemetry": {
+          "default": "",
+          "description": "turns Open Telemetry on",
+          "title": "openTelemetry"
+        },
+        "serviceName": {
+          "default": "",
+          "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
+          "title": "serviceName"
+        }
+      },
+      "title": "telemetry"
+    },
+    "template": {
+      "additionalProperties": false,
+      "description": "provide extra settings for pod templates",
+      "properties": {
+        "annotations": {
+          "default": "",
+          "description": "set additional annotations for pods",
+          "title": "annotations"
+        },
+        "labels": {
+          "default": "",
+          "description": "set additional labels for pods",
+          "title": "labels"
+        }
+      },
+      "title": "template"
+    },
+    "terminationGracePeriodSeconds": {
+      "default": "",
+      "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
+      "title": "terminationGracePeriodSeconds"
+    },
+    "timezone": {
+      "default": "`Europe/Berlin`",
+      "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
+      "title": "timezone"
+    },
+    "tolerations": {
+      "default": "",
+      "description": "Set tolerations for this component",
+      "title": "tolerations"
+    },
+    "utils": {
+      "additionalProperties": false,
+      "properties": {
+        "debug": {
+          "default": "`false`",
+          "description": "Turn debugging *on* will give you stack trace etc.  Please check out the Chart Developer Guide",
+          "title": "debug"
+        },
+        "disableWait": {
+          "default": "`false`",
+          "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
+          "title": "disableWait"
+        },
+        "disableWave": {
+          "default": "`false`",
+          "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
+          "title": "disableWave"
+        },
+        "includeNamespace": {
+          "default": "`true`",
+          "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
+          "title": "includeNamespace"
+        },
+        "maintenance": {
+          "default": "`false`",
+          "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
+          "title": "maintenance"
+        },
+        "renderComments": {
+          "default": "`true`",
+          "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
+          "title": "renderComments"
+        }
+      },
+      "title": "utils",
+      "type": "object"
+    }
+  },
+  "type": "object"
+}