# yaml-language-server: $schema=values.schema.json meta: # -- the type of the component. You should not change this value, except if # you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* # This type is used to create cluster communication for nappl and nstl and potentially # group multiple replicaSets into one service. type: application # -- lists the ports this component exposes. This is important for zero trust mode and others. ports: # -- The http port this component uses (if any). In zero trust mode, this will be disabled. # @internal -- this is a constant value of the component and should not be changed. http: # -- The tls / https port, this component uses (if any) # @internal -- this is a constant value of the component and should not be changed. https: # -- A potential tcp port, this component uses (if any) # @internal -- this is a constant value of the component and should not be changed. tcp: # -- A potential tls / tcps port, this component uses (if any) # @internal -- this is a constant value of the component and should not be changed. tcps: # -- A potential rmi port, this component uses (if any) # @internal -- this is a constant value of the component and should not be changed. rmi: # -- sets tenant information to be able to invoice per use in a cloud environment tenant: # -- sets provider (partner, reseller) information to be able to invoice per use in a cloud environment provider: # -- Sets the wave in which this component should be deployed within an ArgoCD deployment # if unset, it uses the default wave thus all components are installed in one wave, then relying # on correct wait settings just like in a helm installation wave: # -- Sets the language of the main service (in the *service* container). This is used for instance # if you turn OpenTelemetry on, to know which Agent to inject into the container. language: # -- The container name of the main service for this component. This is used to define where to # inject the telemetry agents, if any serviceContainer: # -- A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment # runs in. This can be used in template functions to add the stage to for instance the service name of # telemetry services like open telemetry. (see telemetry example) stage: # -- This is the version of the component, used for display # @internal -- set by devOps pipeline, so do not modify componentVersion: mounts: # -- The conf volume is a RWX volume mounted by the environment, that holds # all configurations of all instances and components in this environment conf: # -- Sets the path to the conf files # @internal -- do not change this value path: "/application" # -- Sets a list of paths to the conf files # @internal -- do not change this value paths: pool: # -- Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. # this is used to store scripts, apps and assets that are required to deploy an application / solution # @internal -- do not change this value path: "/pool" # -- The temp volume is used to hold any superflues and temporary data. # it is deleted when the pod terminates. However, it is extremely important # as all pods filesystems are read only temp: # -- Sets the path to the temporary files # @internal -- do not change this value path: "/tmp" # -- Sets a list of paths to the temporary files # @internal -- do not change this value paths: # -- Sets the size of the temporary disk (all paths) size: # -- The log volume is used to take any left-over logging in the container. # The container should log to stdout, but if any component still tries to log to disk # this disk needs to be writeable logs: # -- Sets the path to the log files # @internal -- do not change this value path: # -- Sets a list of paths to the log files # @internal -- do not change this value paths: # -- Sets the size of the log disk (all paths) size: # -- some nscale Components require a license file and this # defines it's location license: # -- Sets the path to the license files # @internal -- do not change this value path: # -- If you want to use additional # fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the # fonts directory from the environment pool fonts: # -- Sets the path to the fonts folder. # @internal -- do not change this value path: # -- You can add a file with trusted Root Certificates (e.g. Azure), to be able to # connect to alien services via https. If you have a self-signed root certificate, # you can also add it here. caCerts: # -- Sets the path to the certs folder. # @internal -- do not change this value paths: # -- Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting secret: # -- Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting configMap: # -- the java based nscale components have their own certificates, that you might want to upload. # You can normally do so via the environment configuration, but should you want to use a secret, # you can set it here componentCerts: # -- Sets the path to the component certs. # @internal -- do not change this value paths: # -- Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting secret: # -- Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting configMap: data: # -- Sets the size of the data disk size: # -- Sets the class of the data disk class: # -- Sets the path to the data files # @internal -- do not change this value path: # -- Sets a list of paths to the data files # @internal -- do not change this value paths: # -- If you do not want to have a Volume created by the provisioner, # you can set the name of your volume here to attach to this pre-existing one volumeName: file: # -- Sets the size of the shared disk size: # -- Sets the class of the shared disk class: # -- Sets the path to the shared files # @internal -- do not change this value path: # -- Sets a list of paths to the shared files # @internal -- do not change this value paths: # -- If you do not want to have a Volume created by the provisioner, # you can set the name of your volume here to attach to this pre-existing one volumeName: # -- The temp volume is used to hold any superflues and temporary data. # it is deleted when the pod terminates. However, it is extremely important # as all pods filesystems are read only ptemp: # -- Sets the path for temporary files that are persisted # @internal -- do not change this value path: # -- Sets a list of paths for temporary files that are persisted # @internal -- do not change this value paths: # -- Allows to define generic mounts of pre-provisioned PVs into any container. # This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container. generic: disk: # -- Sets the size of the disk size: # -- Sets the class of the disk class: # -- Sets the path to the disk files # @internal -- do not change this value path: # -- Sets a list of paths to the data files # @internal -- do not change this value paths: # -- If you do not want to have a Volume created by the provisioner, # you can set the name of your volume here to attach to this pre-existing one volumeName: # -- enables the use of the second data disk. If enabled, all paths defined will end up on this disk. # In case of the (default) disabled, the paths will be added to the primaty data disk. enabled: false # -- Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. # This is done only once and only if there is legacy data at all. No files are overwritten! migration: false # -- The nscale Application Layer, this component should talk to nappl: # -- nappl host name host: # -- nappl port (http 8080 or https 8443) port: # -- sets the Advanced Connect to tls ssl: # -- instance of the Application Layer, likely `instance1` instance: # -- The technical account to login with account: # -- The domain of the technical account domain: # -- The password of the technical accunt (if not set by secret) password: # -- An optional secret that holds the credentials (the keys must be `account` and `password`) secret: nstl: # -- The dns of the *nscale Server Storage Layer*. This is used to add it to the nappl configuration host: rs: # -- The dns of the *nscale rendition Server*. This is used to add it to the nappl configuration host: # -- provide the image to be used for this component image: # -- you can provide your own pullSecrets, in case you use # a private repo. pullSecrets: - nscale-cr - nplus-cr # -- the name of the image to use name: toolbox2 # -- the tag of the image to use tag: latest # -- if you use a private repo, feel free to set it here repo: cr.nplus.cloud/subscription # -- Security Section defining default runtime environment for your container security: podSecurityContext: # -- The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context # for security # @internal -- there is normally no need to change this runAsUser: 1001 # -- The file system group as which new files are created # @internal -- there is normally no need to change this fsGroup: 1001 # -- Under which condition should the fsGroup be changed # @internal -- there is normally no need to change this fsGroupChangePolicy: OnRootMismatch containerSecurityContext: # -- sets the container root file system to read only. This should be the case in production environment # @internal -- you should not change this readOnlyRootFilesystem: true # -- Some functionality may need the possibility to allow privilege escalation. This should be very restrictive # @internal -- you should not change this allowPrivilegeEscalation: false # -- Capabilities this container should have. Only allow the necessity, and drop as many as possible # @internal -- you should not change this capabilities: drop: - ALL # -- turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes # @default -- `false` zeroTrust: # -- Assigns hardware resources to container resources: # -- Requests are used to assign a minimum to a container. This is the guaranteed amount requests: # -- Set the share of guaranteed CPU to the container. cpu: # -- Set the share of guaranteed RAM to the container memory: # -- Limits the maximum resources limits: # -- The maximum allowed CPU for the container cpu: # -- The maximum allowed RAM for the container memory: # -- set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) # etc. # @default -- `Europe/Berlin` timezone: # -- Set tolerations for this component tolerations: # -- select specific nodes for this component nodeSelector: # -- Sets the name of a secret, which holds additional environment variables for # the configuration. It is added as envFrom secretRef to the container. envSecret: # -- Sets the name of a configMap, which holds additional environment variables for # the configuration. It is added as envFrom configMap to the container. envMap: # -- Sets additional environment variables for # the configuration. env: # -- This overrides the output of the internal name function nameOverride: # -- This overrides the output of the internal fullname function fullnameOverride: # -- A list of URLs (Links) to Assets to download before anything else # if the download is a .tar.gz, it is automatically untared to /pool/downloads download: # -- A list of scripts to run after the deployment of Apps run: # -- A list of scripts to run before the deployment of Apps prerun: utils: # -- Turn debugging *on* will give you stack trace etc. # Please check out the Chart Developer Guide # @default -- `false` debug: # -- You can turn Comment rendering *on* to get descriptive information inside the manifests. It # will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD # @default -- `true` renderComments: # -- By default, the namespace is rendered into the manifest. However, if you want to use # `helm template` and store manifests for later applying them to multiple namespaces, you might # want to turn this `false` to be able to use `kubectl apply -n -f template.yaml` later # @default -- `true` includeNamespace: # -- in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the # pods will start in idle, not starting the service at all. This will allow you to gain access to the container # to perform recovery and maintenance tasks while having the real container up. # @default -- `false` maintenance: # -- If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components # of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components # while previous waves are not finished yet. # @default -- `false` disableWave: # -- in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are # only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might # start components even if they are not intended to run yet. # @default -- `false` disableWait: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # # : # # path: # # volumeName: # # subPath: # -- Defines a list of conditions that need to be met before this components starts. # The condition must be a network port that opens, when the master component is ready. # Mostly, this will be a service, since a component is only added to a service if the # probes succeed. waitFor: # -- if you set minReplicaCountType, a podDesruptionBudget will be created with this value as # minAvailable, using the component type as selector. This is useful for components, that are spread # across multiple replicaSets, like sharepoint or storage layer minReplicaCountType: # -- Settings for telemetry tools telemetry: # -- turns Open Telemetry on openTelemetry: # -- Sets the service name for the telemetry service to more convenient # identify the displayed component # Example: "{{ .this.meta.type }}-{{ .instance.name }}" serviceName: # -- Sets the terminationGracePeriodSeconds for the component # If not set, it uses the Kubernetes defaults terminationGracePeriodSeconds: