339 lines
15 KiB
YAML
339 lines
15 KiB
YAML
# yaml-language-server: $schema=values.schema.json
|
|
meta:
|
|
# -- the type of the component. You should not change this value, except if
|
|
# you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner*
|
|
# This type is used to create cluster communication for nappl and nstl and potentially
|
|
# group multiple replicaSets into one service.
|
|
type: application
|
|
# -- lists the ports this component exposes. This is important for zero trust mode and others.
|
|
ports:
|
|
# -- The http port this component uses (if any). In zero trust mode, this will be disabled.
|
|
# @internal -- this is a constant value of the component and should not be changed.
|
|
http:
|
|
# -- The tls / https port, this component uses (if any)
|
|
# @internal -- this is a constant value of the component and should not be changed.
|
|
https:
|
|
# -- A potential tcp port, this component uses (if any)
|
|
# @internal -- this is a constant value of the component and should not be changed.
|
|
tcp:
|
|
# -- A potential tls / tcps port, this component uses (if any)
|
|
# @internal -- this is a constant value of the component and should not be changed.
|
|
tcps:
|
|
# -- A potential rmi port, this component uses (if any)
|
|
# @internal -- this is a constant value of the component and should not be changed.
|
|
rmi:
|
|
# -- sets tenant information to be able to invoice per use in a cloud environment
|
|
tenant:
|
|
# -- sets provider (partner, reseller) information to be able to invoice per use in a cloud environment
|
|
provider:
|
|
# -- Sets the wave in which this component should be deployed within an ArgoCD deployment
|
|
# if unset, it uses the default wave thus all components are installed in one wave, then relying
|
|
# on correct wait settings just like in a helm installation
|
|
wave:
|
|
# -- Sets the language of the main service (in the *service* container). This is used for instance
|
|
# if you turn OpenTelemetry on, to know which Agent to inject into the container.
|
|
language:
|
|
# -- The container name of the main service for this component. This is used to define where to
|
|
# inject the telemetry agents, if any
|
|
serviceContainer:
|
|
# -- A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment
|
|
# runs in. This can be used in template functions to add the stage to for instance the service name of
|
|
# telemetry services like open telemetry. (see telemetry example)
|
|
stage:
|
|
# -- This is the version of the component, used for display
|
|
# @internal -- set by devOps pipeline, so do not modify
|
|
componentVersion:
|
|
mounts:
|
|
# -- The conf volume is a RWX volume mounted by the environment, that holds
|
|
# all configurations of all instances and components in this environment
|
|
conf:
|
|
# -- Sets the path to the conf files
|
|
# @internal -- do not change this value
|
|
path: "/application"
|
|
# -- Sets a list of paths to the conf files
|
|
# @internal -- do not change this value
|
|
paths:
|
|
pool:
|
|
# -- Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted.
|
|
# this is used to store scripts, apps and assets that are required to deploy an application / solution
|
|
# @internal -- do not change this value
|
|
path: "/pool"
|
|
# -- The temp volume is used to hold any superflues and temporary data.
|
|
# it is deleted when the pod terminates. However, it is extremely important
|
|
# as all pods filesystems are read only
|
|
temp:
|
|
# -- Sets the path to the temporary files
|
|
# @internal -- do not change this value
|
|
path: "/tmp"
|
|
# -- Sets a list of paths to the temporary files
|
|
# @internal -- do not change this value
|
|
paths:
|
|
# -- Sets the size of the temporary disk (all paths)
|
|
size:
|
|
# -- The log volume is used to take any left-over logging in the container.
|
|
# The container should log to stdout, but if any component still tries to log to disk
|
|
# this disk needs to be writeable
|
|
logs:
|
|
# -- Sets the path to the log files
|
|
# @internal -- do not change this value
|
|
path:
|
|
# -- Sets a list of paths to the log files
|
|
# @internal -- do not change this value
|
|
paths:
|
|
# -- Sets the size of the log disk (all paths)
|
|
size:
|
|
# -- some nscale Components require a license file and this
|
|
# defines it's location
|
|
license:
|
|
# -- Sets the path to the license files
|
|
# @internal -- do not change this value
|
|
path:
|
|
# -- If you want to use additional
|
|
# fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the
|
|
# fonts directory from the environment pool
|
|
fonts:
|
|
# -- Sets the path to the fonts folder.
|
|
# @internal -- do not change this value
|
|
path:
|
|
# -- You can add a file with trusted Root Certificates (e.g. Azure), to be able to
|
|
# connect to alien services via https. If you have a self-signed root certificate,
|
|
# you can also add it here.
|
|
caCerts:
|
|
# -- Sets the path to the certs folder.
|
|
# @internal -- do not change this value
|
|
paths:
|
|
# -- Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting
|
|
secret:
|
|
# -- Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting
|
|
configMap:
|
|
# -- the java based nscale components have their own certificates, that you might want to upload.
|
|
# You can normally do so via the environment configuration, but should you want to use a secret,
|
|
# you can set it here
|
|
componentCerts:
|
|
# -- Sets the path to the component certs.
|
|
# @internal -- do not change this value
|
|
paths:
|
|
# -- Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting
|
|
secret:
|
|
# -- Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting
|
|
configMap:
|
|
data:
|
|
# -- Sets the size of the data disk
|
|
size:
|
|
# -- Sets the class of the data disk
|
|
class:
|
|
# -- Sets the path to the data files
|
|
# @internal -- do not change this value
|
|
path:
|
|
# -- Sets a list of paths to the data files
|
|
# @internal -- do not change this value
|
|
paths:
|
|
# -- If you do not want to have a Volume created by the provisioner,
|
|
# you can set the name of your volume here to attach to this pre-existing one
|
|
volumeName:
|
|
file:
|
|
# -- Sets the size of the shared disk
|
|
size:
|
|
# -- Sets the class of the shared disk
|
|
class:
|
|
# -- Sets the path to the shared files
|
|
# @internal -- do not change this value
|
|
path:
|
|
# -- Sets a list of paths to the shared files
|
|
# @internal -- do not change this value
|
|
paths:
|
|
# -- If you do not want to have a Volume created by the provisioner,
|
|
# you can set the name of your volume here to attach to this pre-existing one
|
|
volumeName:
|
|
# -- The temp volume is used to hold any superflues and temporary data.
|
|
# it is deleted when the pod terminates. However, it is extremely important
|
|
# as all pods filesystems are read only
|
|
ptemp:
|
|
# -- Sets the path for temporary files that are persisted
|
|
# @internal -- do not change this value
|
|
path:
|
|
# -- Sets a list of paths for temporary files that are persisted
|
|
# @internal -- do not change this value
|
|
paths:
|
|
# -- Allows to define generic mounts of pre-provisioned PVs into any container.
|
|
# This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.
|
|
generic:
|
|
disk:
|
|
# -- Sets the size of the disk
|
|
size:
|
|
# -- Sets the class of the disk
|
|
class:
|
|
# -- Sets the path to the disk files
|
|
# @internal -- do not change this value
|
|
path:
|
|
# -- Sets a list of paths to the data files
|
|
# @internal -- do not change this value
|
|
paths:
|
|
# -- If you do not want to have a Volume created by the provisioner,
|
|
# you can set the name of your volume here to attach to this pre-existing one
|
|
volumeName:
|
|
# -- enables the use of the second data disk. If enabled, all paths defined will end up on this disk.
|
|
# In case of the (default) disabled, the paths will be added to the primaty data disk.
|
|
enabled: false
|
|
# -- Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk.
|
|
# This is done only once and only if there is legacy data at all. No files are overwritten!
|
|
migration: false
|
|
# -- The nscale Application Layer, this component should talk to
|
|
nappl:
|
|
# -- nappl host name
|
|
host:
|
|
# -- nappl port (http 8080 or https 8443)
|
|
port:
|
|
# -- sets the Advanced Connect to tls
|
|
ssl:
|
|
# -- instance of the Application Layer, likely `instance1`
|
|
instance:
|
|
# -- The technical account to login with
|
|
account:
|
|
# -- The domain of the technical account
|
|
domain:
|
|
# -- The password of the technical accunt (if not set by secret)
|
|
password:
|
|
# -- An optional secret that holds the credentials (the keys must be `account` and `password`)
|
|
secret:
|
|
nstl:
|
|
# -- The dns of the *nscale Server Storage Layer*. This is used to add it to the nappl configuration
|
|
host:
|
|
rs:
|
|
# -- The dns of the *nscale rendition Server*. This is used to add it to the nappl configuration
|
|
host:
|
|
# -- provide the image to be used for this component
|
|
image:
|
|
# -- you can provide your own pullSecrets, in case you use
|
|
# a private repo.
|
|
pullSecrets:
|
|
- nscale-cr
|
|
- nplus-cr
|
|
# -- the name of the image to use
|
|
name: application-layer
|
|
# -- the tag of the image to use
|
|
tag: latest
|
|
# -- if you use a private repo, feel free to set it here
|
|
repo: ceyoniq.azurecr.io/release/nscale
|
|
# -- Security Section defining default runtime environment for your container
|
|
security:
|
|
podSecurityContext:
|
|
# -- The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context
|
|
# for security
|
|
# @internal -- there is normally no need to change this
|
|
runAsUser: 1001
|
|
# -- The file system group as which new files are created
|
|
# @internal -- there is normally no need to change this
|
|
fsGroup: 1001
|
|
# -- Under which condition should the fsGroup be changed
|
|
# @internal -- there is normally no need to change this
|
|
fsGroupChangePolicy: OnRootMismatch
|
|
containerSecurityContext:
|
|
# -- sets the container root file system to read only. This should be the case in production environment
|
|
# @internal -- you should not change this
|
|
readOnlyRootFilesystem: true
|
|
# -- Some functionality may need the possibility to allow privilege escalation. This should be very restrictive
|
|
# @internal -- you should not change this
|
|
allowPrivilegeEscalation: false
|
|
# -- Capabilities this container should have. Only allow the necessity, and drop as many as possible
|
|
# @internal -- you should not change this
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
# -- turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes
|
|
# @default -- `false`
|
|
zeroTrust:
|
|
# -- Assigns hardware resources to container
|
|
resources:
|
|
# -- Requests are used to assign a minimum to a container. This is the guaranteed amount
|
|
requests:
|
|
# -- Set the share of guaranteed CPU to the container.
|
|
cpu:
|
|
# -- Set the share of guaranteed RAM to the container
|
|
memory:
|
|
# -- Limits the maximum resources
|
|
limits:
|
|
# -- The maximum allowed CPU for the container
|
|
cpu:
|
|
# -- The maximum allowed RAM for the container
|
|
memory:
|
|
# -- set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl)
|
|
# etc.
|
|
# @default -- `Europe/Berlin`
|
|
timezone:
|
|
# -- Set tolerations for this component
|
|
tolerations:
|
|
# -- select specific nodes for this component
|
|
nodeSelector:
|
|
# -- Sets the name of a secret, which holds additional environment variables for
|
|
# the configuration. It is added as envFrom secretRef to the container.
|
|
envSecret:
|
|
# -- Sets the name of a configMap, which holds additional environment variables for
|
|
# the configuration. It is added as envFrom configMap to the container.
|
|
envMap:
|
|
# -- Sets additional environment variables for
|
|
# the configuration.
|
|
env:
|
|
# -- This overrides the output of the internal name function
|
|
nameOverride:
|
|
# -- This overrides the output of the internal fullname function
|
|
fullnameOverride:
|
|
# -- A list of scripts to run after the deployment of Apps
|
|
run:
|
|
# -- A list of scripts to run before the deployment of Apps
|
|
prerun:
|
|
# -- A list of URLs (Links) to Assets to download before anything else
|
|
# if the download is a .tar.gz, it is automatically untared to /pool/downloads
|
|
download:
|
|
# -- Provide a list of docareas to create. Please also see the example files
|
|
docAreas:
|
|
utils:
|
|
# -- Turn debugging *on* will give you stack trace etc.
|
|
# Please check out the Chart Developer Guide
|
|
# @default -- `false`
|
|
debug:
|
|
# -- You can turn Comment rendering *on* to get descriptive information inside the manifests. It
|
|
# will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD
|
|
# @default -- `true`
|
|
renderComments:
|
|
# -- By default, the namespace is rendered into the manifest. However, if you want to use
|
|
# `helm template` and store manifests for later applying them to multiple namespaces, you might
|
|
# want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later
|
|
# @default -- `true`
|
|
includeNamespace:
|
|
# -- in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the
|
|
# pods will start in idle, not starting the service at all. This will allow you to gain access to the container
|
|
# to perform recovery and maintenance tasks while having the real container up.
|
|
# @default -- `false`
|
|
maintenance:
|
|
# -- If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components
|
|
# of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components
|
|
# while previous waves are not finished yet.
|
|
# @default -- `false`
|
|
disableWave:
|
|
# -- in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are
|
|
# only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might
|
|
# start components even if they are not intended to run yet.
|
|
# @default -- `false`
|
|
disableWait:
|
|
# -- Defines a list of conditions that need to be met before this components starts.
|
|
# The condition must be a network port that opens, when the master component is ready.
|
|
# Mostly, this will be a service, since a component is only added to a service if the
|
|
# probes succeed.
|
|
waitFor:
|
|
# -- if you set minReplicaCountType, a podDesruptionBudget will be created with this value as
|
|
# minAvailable, using the component type as selector. This is useful for components, that are spread
|
|
# across multiple replicaSets, like sharepoint or storage layer
|
|
minReplicaCountType:
|
|
# -- Settings for telemetry tools
|
|
telemetry:
|
|
# -- turns Open Telemetry on
|
|
openTelemetry:
|
|
# -- Sets the service name for the telemetry service to more convenient
|
|
# identify the displayed component
|
|
# Example: "{{ .this.meta.type }}-{{ .instance.name }}"
|
|
serviceName:
|
|
# -- Sets the terminationGracePeriodSeconds for the component
|
|
# If not set, it uses the Kubernetes defaults
|
|
terminationGracePeriodSeconds:
|