# yaml-language-server: $schema=values.schema.json # -- Security Section defining default runtime environment for your container security: podSecurityContext: # -- The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context # for security # @internal -- there is normally no need to change this runAsUser: 1001 # -- The file system group as which new files are created # @internal -- there is normally no need to change this fsGroup: 1001 # -- Under which condition should the fsGroup be changed # @internal -- there is normally no need to change this fsGroupChangePolicy: OnRootMismatch runAsNonRoot: true containerSecurityContext: # -- sets the container root file system to read only. This should be the case in production environment # @internal -- you should not change this readOnlyRootFilesystem: true # -- Some functionality may need the possibility to allow privilege escalation. This should be very restrictive # @internal -- you should not change this allowPrivilegeEscalation: false # -- Capabilities this container should have. Only allow the necessity, and drop as many as possible # @internal -- you should not change this capabilities: drop: - ALL cni: # -- You might want to access storage layer outside the cluster (proxy concept) # To do so, you can add a specific IP Range here, which is set within the # network policy. nstlIpRange: # -- turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes # @default -- `false` zeroTrust: mounts: # -- The temp volume is used to hold any superflues and temporary data. # it is deleted when the pod terminates. However, it is extremely important # as all pods filesystems are read only temp: # -- Sets the path to the temporary files # @internal -- do not change this value path: # -- Sets a list of paths to the temporary files # @internal -- do not change this value paths: - "/opt/ceyoniq/nscale-server/storage-layer/tmp" # -- Sets the size of the temporary disk (all paths) size: "500Mi" # -- The conf volume is a RWX volume mounted by the environment, that holds # all configurations of all instances and components in this environment conf: # -- Sets the path to the conf files # @internal -- do not change this value path: "/opt/ceyoniq/nscale-server/storage-layer/etc" # -- Sets a list of paths to the conf files # @internal -- do not change this value paths: # -- The log volume is used to take any left-over logging in the container. # The container should log to stdout, but if any component still tries to log to disk # this disk needs to be writeable logs: # -- Sets the path to the log files # @internal -- do not change this value path: # -- Sets a list of paths to the log files # @internal -- do not change this value paths: # -- Sets the size of the log disk (all paths) size: "5Gi" # -- the medium for the emptyDisk volume # if you unset it, it drops it from the manifest medium: # -- some nscale Components require a license file and this # defines it's location license: # -- Sets the path to the license files # @internal -- do not change this value path: "/opt/ceyoniq/nscale-server/storage-layer/etc/license.xml" # -- If you want to use additional # fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the # fonts directory from the environment pool fonts: # -- Sets the path to the fonts folder. # @internal -- do not change this value path: # -- You can add a file with trusted Root Certificates (e.g. Azure), to be able to # connect to alien services via https. If you have a self-signed root certificate, # you can also add it here. caCerts: # -- Sets the path to the certs folder. # @internal -- do not change this value paths: - "/opt/ceyoniq/nscale-server/storage-layer/etc/CA.CER" # -- Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting secret: # -- Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting configMap: # -- the java based nscale components have their own certificates, that you might want to upload. # You can normally do so via the environment configuration, but should you want to use a secret, # you can set it here componentCerts: # -- Sets the path to the component certs. # @internal -- do not change this value paths: # -- Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting secret: # -- Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting configMap: data: # -- Sets the size of the data disk size: "50Gi" # -- Sets the class of the data disk class: # -- Sets a list of paths to the data files # @internal -- do not change this value paths: - "/opt/ceyoniq/nscale-server/storage-layer/da" - "/opt/ceyoniq/nscale-server/storage-layer/hd" - "/opt/ceyoniq/nscale-server/storage-layer/logsdb" # -- If you do not want to have a Volume created by the provisioner, # you can set the name of your volume here to attach to this pre-existing one volumeName: # -- Sets the path to the data files # @internal -- do not change this value path: disk: # -- Sets the size of the disk size: "50Gi" # -- Sets the class of the disk class: # -- Sets a list of paths to the data files # @internal -- do not change this value paths: - "/opt/ceyoniq/nscale-server/storage-layer/arc" - "/opt/ceyoniq/nscale-server/storage-layer/ret" - "/opt/ceyoniq/nscale-server/storage-layer/hid" # -- If you do not want to have a Volume created by the provisioner, # you can set the name of your volume here to attach to this pre-existing one volumeName: # -- Sets the path to the disk files # @internal -- do not change this value path: # -- enables the use of the second data disk. If enabled, all paths defined will end up on this disk. # In case of the (default) disabled, the paths will be added to the primaty data disk. enabled: false # -- Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. # This is done only once and only if there is legacy data at all. No files are overwritten! migration: false file: # -- If you do not want to have a Volume created by the provisioner, # you can set the name of your volume here to attach to this pre-existing one volumeName: # -- Sets the size of the shared disk size: # -- Sets the class of the shared disk class: # -- Sets the path to the shared files # @internal -- do not change this value path: # -- Sets a list of paths to the shared files # @internal -- do not change this value paths: pool: # -- Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. # this is used to store scripts, apps and assets that are required to deploy an application / solution # @internal -- do not change this value path: # -- The temp volume is used to hold any superflues and temporary data. # it is deleted when the pod terminates. However, it is extremely important # as all pods filesystems are read only ptemp: # -- Sets the path for temporary files that are persisted # @internal -- do not change this value path: # -- Sets a list of paths for temporary files that are persisted # @internal -- do not change this value paths: - "/opt/ceyoniq/nscale-server/storage-layer/accounting" - "/opt/ceyoniq/nscale-server/storage-layer/log" - "/var/crash" # -- Allows to define generic mounts of pre-provisioned PVs into any container. # This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container. generic: # -- provide the image to be used for this component image: # -- you can provide your own pullSecrets, in case you use # a private repo. pullSecrets: - nscale-cr - nplus-cr # -- the name of the image to use name: storage-layer # -- the tag of the image to use tag: latest # -- if you use a private repo, feel free to set it here repo: ceyoniq.azurecr.io/release/nscale # -- set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) # etc. # @default -- `Europe/Berlin` timezone: meta: # -- the type of the component. You should not change this value, except if # you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* # This type is used to create cluster communication for nappl and nstl and potentially # group multiple replicaSets into one service. type: nstl # -- lists the ports this component exposes. This is important for zero trust mode and others. ports: # -- The http port this component uses (if any). In zero trust mode, this will be disabled. # @internal -- this is a constant value of the component and should not be changed. http: # -- The tls / https port, this component uses (if any) # @internal -- this is a constant value of the component and should not be changed. https: # -- A potential tcp port, this component uses (if any) # @internal -- this is a constant value of the component and should not be changed. tcp: 3005 # -- A potential tls / tcps port, this component uses (if any) # @internal -- this is a constant value of the component and should not be changed. tcps: 3006 # -- A potential rmi port, this component uses (if any) # @internal -- this is a constant value of the component and should not be changed. rmi: # -- sets tenant information to be able to invoice per use in a cloud environment tenant: # -- sets provider (partner, reseller) information to be able to invoice per use in a cloud environment provider: # -- Sets the wave in which this component should be deployed within an ArgoCD deployment # if unset, it uses the default wave thus all components are installed in one wave, then relying # on correct wait settings just like in a helm installation wave: # -- Sets the language of the main service (in the *service* container). This is used for instance # if you turn OpenTelemetry on, to know which Agent to inject into the container. language: cpp # -- The container name of the main service for this component. This is used to define where to # inject the telemetry agents, if any serviceContainer: storage-layer # -- A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment # runs in. This can be used in template functions to add the stage to for instance the service name of # telemetry services like open telemetry. (see telemetry example) stage: # -- This is the version of the component, used for display # @internal -- set by devOps pipeline, so do not modify componentVersion: # -- Set tolerations for this component tolerations: # -- select specific nodes for this component nodeSelector: # -- the replicaCount for the Storage Layer. This does not make sense, so # leave this at 1 at any time, unless you know exactly what you are doing. # @ignore replicaCount: 1 # -- ingress settings. # however, the nstl does not use http, so a layer 7 LB # does not make any sense. # @ignore ingress: # -- enables ingress on this component # do not change this! # @ignore enabled: false # -- enables checking the highest DocID when starting the server. # this only makes sense, if you also set a separate volume for the highest ID # This is a backup / restore feature to avoid data mangling checkHighestDocId: # -- sets the path of the highest ID file. dvCheckPath: # -- Sets the name of a secret, which holds additional environment variables for # the configuration. It is added as envFrom secretRef to the container. envSecret: # -- Sets the name of a configMap, which holds additional environment variables for # the configuration. It is added as envFrom configMap to the container. envMap: # -- Sets additional environment variables for # the configuration. env: # -- Assigns hardware resources to container resources: # -- Requests are used to assign a minimum to a container. This is the guaranteed amount requests: # -- Set the share of guaranteed CPU to the container. cpu: # -- Set the share of guaranteed RAM to the container memory: # -- Limits the maximum resources limits: # -- The maximum allowed CPU for the container cpu: # -- The maximum allowed RAM for the container memory: # -- sets and enables / disables the accounting function. # If enabled, it writes the csv files to *ptemp* (`//accounting`) # The internal path is set to `/opt/ceyoniq/nscale-server/storage-layer/accounting` by `mounts.ptemp.paths` accounting: # -- This overrides the output of the internal name function nameOverride: # -- This overrides the output of the internal fullname function fullnameOverride: utils: # -- Turn debugging *on* will give you stack trace etc. # Please check out the Chart Developer Guide # @default -- `false` debug: # -- You can turn Comment rendering *on* to get descriptive information inside the manifests. It # will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD # @default -- `true` renderComments: # -- By default, the namespace is rendered into the manifest. However, if you want to use # `helm template` and store manifests for later applying them to multiple namespaces, you might # want to turn this `false` to be able to use `kubectl apply -n -f template.yaml` later # @default -- `true` includeNamespace: # -- in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the # pods will start in idle, not starting the service at all. This will allow you to gain access to the container # to perform recovery and maintenance tasks while having the real container up. # @default -- `false` maintenance: # -- If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components # of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components # while previous waves are not finished yet. # @default -- `false` disableWave: # -- in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are # only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might # start components even if they are not intended to run yet. # @default -- `false` disableWait: logForwarder: service: # -- enables the service to be consumed by group components and a potential ingress # Disabling the service also disables the ingress. enabled: true # -- The selector can be `component` or `type` # *component* selects only pods that are in the replicaset. # *type* selects any pod that has the given type selector: "component" # -- adds extra Annotations to the service annotations: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # -- if you set minReplicaCountType, a podDesruptionBudget will be created with this value as # minAvailable, using the component type as selector. This is useful for components, that are spread # across multiple replicaSets, like sharepoint or storage layer minReplicaCountType: # -- provide extra settings for pod templates template: # -- set additional annotations for pods annotations: # -- set additional labels for pods labels: # -- Settings for telemetry tools telemetry: # -- turns Open Telemetry on openTelemetry: # -- Sets the service name for the telemetry service to more convenient # identify the displayed component # Example: "{{ .this.meta.type }}-{{ .instance.name }}" serviceName: # -- Sets the terminationGracePeriodSeconds for the component # If not set, it uses the Kubernetes defaults terminationGracePeriodSeconds: