# yaml-language-server: $schema=values.schema.json nstoreDownloader: # -- enables the nstore downloader enabled: false # -- set the nstore URL # @default -- `https://nstore.ceyoniq.com...` nstore: "https://nstore.ceyoniq.com/repository/com/ceyoniq/nscale/businessapps/" # -- target directory in the conf pv target: pool/nstore # -- provide the image to be used for this component image: # -- if you use a private repo, feel free to set it here repo: cr.nplus.cloud/subscription # -- the name of the image to use name: toolbox2 # -- the tag of the image to use tag: "latest" pullPolicy: IfNotPresent # -- you can provide your own pullSecrets, in case you use # a private repo. pullSecrets: - nscale-cr - nplus-cr # -- Security Section defining default runtime environment for your container security: podSecurityContext: # -- The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context # for security # @internal -- there is normally no need to change this runAsUser: 1001 # -- The file system group as which new files are created # @internal -- there is normally no need to change this fsGroup: 1001 # -- Under which condition should the fsGroup be changed # @internal -- there is normally no need to change this fsGroupChangePolicy: OnRootMismatch containerSecurityContext: # -- sets the container root file system to read only. This should be the case in production environment # @internal -- you should not change this readOnlyRootFilesystem: true # -- Some functionality may need the possibility to allow privilege escalation. This should be very restrictive # @internal -- you should not change this allowPrivilegeEscalation: false # -- Capabilities this container should have. Only allow the necessity, and drop as many as possible # @internal -- you should not change this capabilities: drop: - ALL # -- turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes # @default -- `false` zeroTrust: # -- Assigns hardware resources to container resources: # -- Requests are used to assign a minimum to a container. This is the guaranteed amount requests: # -- Set the share of guaranteed CPU to the container. cpu: "1m" # -- Set the share of guaranteed RAM to the container memory: "64Mi" # -- Limits the maximum resources limits: # -- The maximum allowed CPU for the container cpu: "1" # -- The maximum allowed RAM for the container memory: "512Mi" # -- set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) # etc. # @default -- `Europe/Berlin` timezone: meta: # -- the type of the component. You should not change this value, except if # you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* # This type is used to create cluster communication for nappl and nstl and potentially # group multiple replicaSets into one service. type: envtoolbox # -- lists the ports this component exposes. This is important for zero trust mode and others. ports: # -- The http port this component uses (if any). In zero trust mode, this will be disabled. # @internal -- this is a constant value of the component and should not be changed. http: # -- The tls / https port, this component uses (if any) # @internal -- this is a constant value of the component and should not be changed. https: # -- A potential tcp port, this component uses (if any) # @internal -- this is a constant value of the component and should not be changed. tcp: # -- A potential tls / tcps port, this component uses (if any) # @internal -- this is a constant value of the component and should not be changed. tcps: # -- A potential rmi port, this component uses (if any) # @internal -- this is a constant value of the component and should not be changed. rmi: # -- sets tenant information to be able to invoice per use in a cloud environment tenant: # -- sets provider (partner, reseller) information to be able to invoice per use in a cloud environment provider: # -- Sets the wave in which this component should be deployed within an ArgoCD deployment # if unset, it uses the default wave thus all components are installed in one wave, then relying # on correct wait settings just like in a helm installation wave: # -- Sets the language of the main service (in the *service* container). This is used for instance # if you turn OpenTelemetry on, to know which Agent to inject into the container. language: # -- The container name of the main service for this component. This is used to define where to # inject the telemetry agents, if any serviceContainer: # -- A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment # runs in. This can be used in template functions to add the stage to for instance the service name of # telemetry services like open telemetry. (see telemetry example) stage: # -- This is the version of the component, used for display # @internal -- set by devOps pipeline, so do not modify componentVersion: # -- Set tolerations for this component tolerations: # -- select specific nodes for this component nodeSelector: # -- Sets the name of a secret, which holds additional environment variables for # the configuration. It is added as envFrom secretRef to the container. envSecret: # -- Sets the name of a configMap, which holds additional environment variables for # the configuration. It is added as envFrom configMap to the container. envMap: # -- Sets additional environment variables for # the configuration. env: # -- This overrides the output of the internal name function nameOverride: # -- This overrides the output of the internal fullname function fullnameOverride: utils: # -- Turn debugging *on* will give you stack trace etc. # Please check out the Chart Developer Guide # @default -- `false` debug: # -- You can turn Comment rendering *on* to get descriptive information inside the manifests. It # will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD # @default -- `true` renderComments: # -- By default, the namespace is rendered into the manifest. However, if you want to use # `helm template` and store manifests for later applying them to multiple namespaces, you might # want to turn this `false` to be able to use `kubectl apply -n -f template.yaml` later # @default -- `true` includeNamespace: # -- in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the # pods will start in idle, not starting the service at all. This will allow you to gain access to the container # to perform recovery and maintenance tasks while having the real container up. # @default -- `false` maintenance: # -- If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components # of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components # while previous waves are not finished yet. # @default -- `false` disableWave: # -- in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are # only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might # start components even if they are not intended to run yet. # @default -- `false` disableWait: # -- if you set minReplicaCountType, a podDesruptionBudget will be created with this value as # minAvailable, using the component type as selector. This is useful for components, that are spread # across multiple replicaSets, like sharepoint or storage layer minReplicaCountType: # -- Settings for telemetry tools telemetry: # -- turns Open Telemetry on openTelemetry: # -- Sets the service name for the telemetry service to more convenient # identify the displayed component # Example: "{{ .this.meta.type }}-{{ .instance.name }}" serviceName: # -- Sets the terminationGracePeriodSeconds for the component # If not set, it uses the Kubernetes defaults terminationGracePeriodSeconds: