381 lines
16 KiB
JSON
381 lines
16 KiB
JSON
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"env": {
|
|
"default": "",
|
|
"description": "Sets additional environment variables for the configuration.",
|
|
"title": "env"
|
|
},
|
|
"envMap": {
|
|
"default": "",
|
|
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
|
|
"title": "envMap"
|
|
},
|
|
"envSecret": {
|
|
"default": "",
|
|
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
|
|
"title": "envSecret"
|
|
},
|
|
"fullnameOverride": {
|
|
"default": "",
|
|
"description": "This overrides the output of the internal fullname function",
|
|
"title": "fullnameOverride"
|
|
},
|
|
"global": {
|
|
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
|
|
"title": "global",
|
|
"type": "object"
|
|
},
|
|
"globals": {
|
|
"description": "nplus Global Functions Library Chart",
|
|
"properties": {
|
|
"global": {
|
|
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
|
|
"title": "global",
|
|
"type": "object"
|
|
}
|
|
},
|
|
"title": "nplus-globals",
|
|
"type": "object"
|
|
},
|
|
"image": {
|
|
"additionalProperties": false,
|
|
"description": "provide the image to be used for this component",
|
|
"properties": {
|
|
"name": {
|
|
"default": "toolbox2",
|
|
"description": "the name of the image to use",
|
|
"title": "name"
|
|
},
|
|
"pullPolicy": {
|
|
"default": "IfNotPresent",
|
|
"title": "pullPolicy",
|
|
"type": "string"
|
|
},
|
|
"pullSecrets": {
|
|
"description": "you can provide your own pullSecrets, in case you use a private repo.",
|
|
"items": {
|
|
"anyOf": [
|
|
{
|
|
"type": "string"
|
|
},
|
|
{
|
|
"type": "string"
|
|
}
|
|
]
|
|
},
|
|
"title": "pullSecrets"
|
|
},
|
|
"repo": {
|
|
"default": "cr.nplus.cloud/subscription",
|
|
"description": "if you use a private repo, feel free to set it here",
|
|
"title": "repo"
|
|
},
|
|
"tag": {
|
|
"default": "1.2.1300",
|
|
"description": "the tag of the image to use",
|
|
"title": "tag"
|
|
}
|
|
},
|
|
"title": "image"
|
|
},
|
|
"meta": {
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"componentVersion": {
|
|
"default": "",
|
|
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
|
|
"title": "componentVersion"
|
|
},
|
|
"language": {
|
|
"default": "",
|
|
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
|
|
"title": "language"
|
|
},
|
|
"ports": {
|
|
"additionalProperties": false,
|
|
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
|
|
"properties": {
|
|
"http": {
|
|
"default": "",
|
|
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
|
|
"title": "http"
|
|
},
|
|
"https": {
|
|
"default": "",
|
|
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
|
|
"title": "https"
|
|
},
|
|
"rmi": {
|
|
"default": "",
|
|
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
|
|
"title": "rmi"
|
|
},
|
|
"tcp": {
|
|
"default": "",
|
|
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
|
|
"title": "tcp"
|
|
},
|
|
"tcps": {
|
|
"default": "",
|
|
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
|
|
"title": "tcps"
|
|
}
|
|
},
|
|
"title": "ports"
|
|
},
|
|
"provider": {
|
|
"default": "",
|
|
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
|
|
"title": "provider"
|
|
},
|
|
"serviceContainer": {
|
|
"default": "",
|
|
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
|
|
"title": "serviceContainer"
|
|
},
|
|
"stage": {
|
|
"default": "",
|
|
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
|
|
"title": "stage"
|
|
},
|
|
"tenant": {
|
|
"default": "",
|
|
"description": "sets tenant information to be able to invoice per use in a cloud environment",
|
|
"title": "tenant"
|
|
},
|
|
"type": {
|
|
"default": "envtoolbox",
|
|
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
|
|
"title": "type"
|
|
},
|
|
"wave": {
|
|
"default": "",
|
|
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
|
|
"title": "wave"
|
|
}
|
|
},
|
|
"title": "meta",
|
|
"type": "object"
|
|
},
|
|
"minReplicaCountType": {
|
|
"default": "",
|
|
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
|
|
"title": "minReplicaCountType"
|
|
},
|
|
"nameOverride": {
|
|
"default": "",
|
|
"description": "This overrides the output of the internal name function",
|
|
"title": "nameOverride"
|
|
},
|
|
"nodeSelector": {
|
|
"default": "",
|
|
"description": "select specific nodes for this component",
|
|
"title": "nodeSelector"
|
|
},
|
|
"nstoreDownloader": {
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"enabled": {
|
|
"default": "false",
|
|
"description": "enables the nstore downloader",
|
|
"title": "enabled"
|
|
},
|
|
"nstore": {
|
|
"default": "`https://nstore.ceyoniq.com...`",
|
|
"description": "set the nstore URL",
|
|
"title": "nstore"
|
|
},
|
|
"target": {
|
|
"default": "pool/nstore",
|
|
"description": "target directory in the conf pv",
|
|
"title": "target"
|
|
}
|
|
},
|
|
"title": "nstoreDownloader",
|
|
"type": "object"
|
|
},
|
|
"resources": {
|
|
"additionalProperties": false,
|
|
"description": "Assigns hardware resources to container",
|
|
"properties": {
|
|
"limits": {
|
|
"additionalProperties": false,
|
|
"description": "Limits the maximum resources",
|
|
"properties": {
|
|
"cpu": {
|
|
"default": "1",
|
|
"description": "The maximum allowed CPU for the container",
|
|
"title": "cpu"
|
|
},
|
|
"memory": {
|
|
"default": "512Mi",
|
|
"description": "The maximum allowed RAM for the container",
|
|
"title": "memory"
|
|
}
|
|
},
|
|
"title": "limits"
|
|
},
|
|
"requests": {
|
|
"additionalProperties": false,
|
|
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
|
|
"properties": {
|
|
"cpu": {
|
|
"default": "1m",
|
|
"description": "Set the share of guaranteed CPU to the container.",
|
|
"title": "cpu"
|
|
},
|
|
"memory": {
|
|
"default": "64Mi",
|
|
"description": "Set the share of guaranteed RAM to the container",
|
|
"title": "memory"
|
|
}
|
|
},
|
|
"title": "requests"
|
|
}
|
|
},
|
|
"title": "resources"
|
|
},
|
|
"security": {
|
|
"additionalProperties": false,
|
|
"description": "Security Section defining default runtime environment for your container",
|
|
"properties": {
|
|
"containerSecurityContext": {
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"allowPrivilegeEscalation": {
|
|
"default": "false",
|
|
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
|
|
"title": "allowPrivilegeEscalation"
|
|
},
|
|
"capabilities": {
|
|
"additionalProperties": false,
|
|
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
|
|
"properties": {
|
|
"drop": {
|
|
"items": {
|
|
"anyOf": [
|
|
{
|
|
"type": "string"
|
|
}
|
|
]
|
|
},
|
|
"title": "drop",
|
|
"type": "array"
|
|
}
|
|
},
|
|
"title": "capabilities"
|
|
},
|
|
"readOnlyRootFilesystem": {
|
|
"default": "true",
|
|
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
|
|
"title": "readOnlyRootFilesystem"
|
|
}
|
|
},
|
|
"title": "containerSecurityContext",
|
|
"type": "object"
|
|
},
|
|
"podSecurityContext": {
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"fsGroup": {
|
|
"default": "1001",
|
|
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
|
|
"title": "fsGroup"
|
|
},
|
|
"fsGroupChangePolicy": {
|
|
"default": "OnRootMismatch",
|
|
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
|
|
"title": "fsGroupChangePolicy"
|
|
},
|
|
"runAsUser": {
|
|
"default": "1001",
|
|
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
|
|
"title": "runAsUser"
|
|
}
|
|
},
|
|
"title": "podSecurityContext",
|
|
"type": "object"
|
|
},
|
|
"zeroTrust": {
|
|
"default": "`false`",
|
|
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
|
|
"title": "zeroTrust"
|
|
}
|
|
},
|
|
"title": "security"
|
|
},
|
|
"telemetry": {
|
|
"additionalProperties": false,
|
|
"description": "Settings for telemetry tools",
|
|
"properties": {
|
|
"openTelemetry": {
|
|
"default": "",
|
|
"description": "turns Open Telemetry on",
|
|
"title": "openTelemetry"
|
|
},
|
|
"serviceName": {
|
|
"default": "",
|
|
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
|
|
"title": "serviceName"
|
|
}
|
|
},
|
|
"title": "telemetry"
|
|
},
|
|
"terminationGracePeriodSeconds": {
|
|
"default": "",
|
|
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
|
|
"title": "terminationGracePeriodSeconds"
|
|
},
|
|
"timezone": {
|
|
"default": "`Europe/Berlin`",
|
|
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
|
|
"title": "timezone"
|
|
},
|
|
"tolerations": {
|
|
"default": "",
|
|
"description": "Set tolerations for this component",
|
|
"title": "tolerations"
|
|
},
|
|
"utils": {
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"debug": {
|
|
"default": "`false`",
|
|
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
|
|
"title": "debug"
|
|
},
|
|
"disableWait": {
|
|
"default": "`false`",
|
|
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
|
|
"title": "disableWait"
|
|
},
|
|
"disableWave": {
|
|
"default": "`false`",
|
|
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
|
|
"title": "disableWave"
|
|
},
|
|
"includeNamespace": {
|
|
"default": "`true`",
|
|
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
|
|
"title": "includeNamespace"
|
|
},
|
|
"maintenance": {
|
|
"default": "`false`",
|
|
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
|
|
"title": "maintenance"
|
|
},
|
|
"renderComments": {
|
|
"default": "`true`",
|
|
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
|
|
"title": "renderComments"
|
|
}
|
|
},
|
|
"title": "utils",
|
|
"type": "object"
|
|
}
|
|
},
|
|
"type": "object"
|
|
}
|