public/nplus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
0bd2038c86a6dee3270856c2c1e2dc6a9c6cdee9
nplus/samples/chart/tenant/values.schema.json
Andreas Ahmann 0bd2038c86 Public Information
2025-01-24 16:18:47 +01:00

29294 lines
1.4 MiB
Raw Blame History

{
"$schema": "http://json-schema.org/draft-07/schema#",
"additionalProperties": false,
"properties": {
"global": {
"additionalProperties": false,
"properties": {
"ingress": {
"additionalProperties": false,
"properties": {
"domain": {
"default": "{{ .instance.group | default .Release.Name }}.sample.nplus.cloud",
"title": "domain",
"type": "string"
}
},
"title": "ingress",
"type": "object"
}
},
"title": "global",
"type": "object"
},
"instance": {
"description": "nplus Instance, an umbrella chart for orchestrating the components in a nplus Instance",
"properties": {
"administrator": {
"description": "nscale Administrator, providing the Web Version of the Administrator to be used in the Instance",
"properties": {
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "administrator",
"description": "the name of the image to use",
"title": "name"
},
"pullPolicy": {
"default": "IfNotPresent",
"title": "pullPolicy",
"type": "string"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.3.1201",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "/rapadm",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"default": "",
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "true",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"javaOpts": {
"additionalProperties": false,
"description": "Options for the Java VM",
"properties": {
"javaMaxMem": {
"default": "",
"description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed",
"title": "javaMaxMem"
},
"javaMaxRamPercentage": {
"default": "",
"description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.",
"title": "javaMaxRamPercentage"
},
"javaMinMem": {
"default": "",
"description": "set the minimum memory, java will consume",
"title": "javaMinMem"
},
"javaMisc": {
"default": "-Dorg.eclipse.rap.rwt.settingStoreFactory=settings-per-user",
"description": "Any misc Java Options that need to be passed to the container",
"title": "javaMisc"
}
},
"title": "javaOpts"
},
"meta": {
"additionalProperties": false,
"description": "defines internal constants for nplus. do not change these values",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "java",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "8080",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "8443",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "administrator",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "administrator",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "/tmp",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nappl": {
"additionalProperties": false,
"description": "The nscale Application Layer, this component should talk to",
"properties": {
"account": {
"default": "",
"description": "The technical account to login with",
"title": "account"
},
"domain": {
"default": "",
"description": "The domain of the technical account",
"title": "domain"
},
"host": {
"default": "",
"description": "nappl host name",
"title": "host"
},
"instance": {
"default": "",
"description": "instance of the Application Layer, likely `instance1`",
"title": "instance"
},
"password": {
"default": "",
"description": "The password of the technical accunt (if not set by secret)",
"title": "password"
},
"port": {
"default": "",
"description": "nappl port (http 8080 or https 8443)",
"title": "port"
},
"secret": {
"default": "",
"description": "An optional secret that holds the credentials (the keys must be `account` and `password`)",
"title": "secret"
},
"ssl": {
"default": "",
"description": "sets the Advanced Connect to tls",
"title": "ssl"
}
},
"title": "nappl"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"replicaCount": {
"default": "1",
"description": "There should only be a single Administrator instance, so the replicaCount is fixed to 1 @ignore -- Do not change this.",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
}
},
"title": "nplus-component-administrator",
"type": "object"
},
"application": {
"description": "nplus Application, used to install Apps and Customizations into the nscale Application Layer.",
"properties": {
"docAreas": {
"default": "",
"description": "Provide a list of docareas to create. Please also see the example files",
"title": "docAreas"
},
"download": {
"default": "",
"description": "A list of URLs (Links) to Assets to download before anything else if the download is a .tar.gz, it is automatically untared to /pool/downloads",
"title": "download"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "application-layer",
"description": "the name of the image to use",
"title": "name"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.3.1300.2024121814",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"meta": {
"additionalProperties": false,
"description": "yaml-language-server: $schema=values.schema.json",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "application",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta",
"type": "object"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/application",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "/pool",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "/tmp",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nappl": {
"additionalProperties": false,
"description": "The nscale Application Layer, this component should talk to",
"properties": {
"account": {
"default": "",
"description": "The technical account to login with",
"title": "account"
},
"domain": {
"default": "",
"description": "The domain of the technical account",
"title": "domain"
},
"host": {
"default": "",
"description": "nappl host name",
"title": "host"
},
"instance": {
"default": "",
"description": "instance of the Application Layer, likely `instance1`",
"title": "instance"
},
"password": {
"default": "",
"description": "The password of the technical accunt (if not set by secret)",
"title": "password"
},
"port": {
"default": "",
"description": "nappl port (http 8080 or https 8443)",
"title": "port"
},
"secret": {
"default": "",
"description": "An optional secret that holds the credentials (the keys must be `account` and `password`)",
"title": "secret"
},
"ssl": {
"default": "",
"description": "sets the Advanced Connect to tls",
"title": "ssl"
}
},
"title": "nappl"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"nstl": {
"additionalProperties": false,
"properties": {
"host": {
"default": "",
"description": "The dns of the *nscale Server Storage Layer*. This is used to add it to the nappl configuration",
"title": "host"
}
},
"title": "nstl",
"type": "object"
},
"prerun": {
"default": "",
"description": "A list of scripts to run before the deployment of Apps",
"title": "prerun"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"rs": {
"additionalProperties": false,
"properties": {
"host": {
"default": "",
"description": "The dns of the *nscale rendition Server*. This is used to add it to the nappl configuration",
"title": "host"
}
},
"title": "rs",
"type": "object"
},
"run": {
"default": "",
"description": "A list of scripts to run after the deployment of Apps",
"title": "run"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
}
},
"title": "nplus-application",
"type": "object"
},
"backend": {
"description": "Installs Namespace-Wide Resources such as the conf PVC and the ptemp PVC",
"properties": {
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"meta": {
"additionalProperties": false,
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta",
"type": "object"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"storage": {
"additionalProperties": false,
"description": "yaml-language-server: $schema=values.schema.json",
"properties": {
"conf": {
"additionalProperties": false,
"properties": {
"name": {
"default": "",
"description": "this is the name of the common config storage. please see section \"Storage\" for more information",
"title": "name"
},
"size": {
"default": "",
"description": "this is the size of the common config storage. please see section \"Storage\" for more information",
"title": "size"
},
"volumeName": {
"default": "",
"description": "you can set the volumeName to the value of a pre-existing volume to avoid having the PV created for you by the csi driver provisioner",
"title": "volumeName"
}
},
"title": "conf",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"properties": {
"name": {
"default": "",
"description": "this is the name of the common persistant temp storage. please see section \"Storage\" for more information",
"title": "name"
},
"size": {
"default": "",
"description": "this is the size of the common ptemp storage. please see section \"Storage\" for more information",
"title": "size"
},
"volumeName": {
"default": "",
"description": "you can set the volumeName to the value of a pre-existing volume to avoid having the PV created for you by the csi driver provisioner",
"title": "volumeName"
}
},
"title": "ptemp",
"type": "object"
}
},
"title": "storage",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
}
},
"title": "nplus-environment-backend",
"type": "object"
},
"cmis": {
"description": "nscale CMIS Connector, provides a CMIS Interface to the Instance",
"properties": {
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "cmis-connector",
"description": "the name of the image to use",
"title": "name"
},
"pullPolicy": {
"default": "IfNotPresent",
"title": "pullPolicy",
"type": "string"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.3.1200.2024112508",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "/cmis",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"default": "",
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "true",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"javaOpts": {
"additionalProperties": false,
"description": "Options for the Java VM",
"properties": {
"javaMaxMem": {
"default": "",
"description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed",
"title": "javaMaxMem"
},
"javaMaxRamPercentage": {
"default": "",
"description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.",
"title": "javaMaxRamPercentage"
},
"javaMinMem": {
"default": "",
"description": "set the minimum memory, java will consume",
"title": "javaMinMem"
},
"javaMisc": {
"default": "",
"description": "Any misc Java Options that need to be passed to the container",
"title": "javaMisc"
}
},
"title": "javaOpts"
},
"meta": {
"additionalProperties": false,
"description": "defines internal constants for nplus. do not change these values",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "java",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "8096",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "8196",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "cmis-connector",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "cmis",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta"
},
"minReplicaCount": {
"default": "",
"description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.",
"title": "minReplicaCount"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-cmis-connector/conf",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-cmis-connector/logs",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-cmis-connector/temp",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nappl": {
"additionalProperties": false,
"description": "The nscale Application Layer, this component should talk to",
"properties": {
"account": {
"default": "",
"description": "The technical account to login with",
"title": "account"
},
"domain": {
"default": "",
"description": "The domain of the technical account",
"title": "domain"
},
"host": {
"default": "",
"description": "nappl host name",
"title": "host"
},
"instance": {
"default": "",
"description": "instance of the Application Layer, likely `instance1`",
"title": "instance"
},
"password": {
"default": "",
"description": "The password of the technical accunt (if not set by secret)",
"title": "password"
},
"port": {
"default": "",
"description": "nappl port (http 8080 or https 8443)",
"title": "port"
},
"secret": {
"default": "",
"description": "An optional secret that holds the credentials (the keys must be `account` and `password`)",
"title": "secret"
},
"ssl": {
"default": "",
"description": "sets the Advanced Connect to tls",
"title": "ssl"
}
},
"title": "nappl"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"replicaCount": {
"default": "1",
"description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"updateStrategy": {
"default": "",
"description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.",
"title": "updateStrategy"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
}
},
"title": "nplus-component-cmis",
"type": "object"
},
"components": {
"additionalProperties": false,
"description": "yaml-language-server: $schema=values.schema.json",
"properties": {
"administrator": {
"default": "false",
"description": "enable a *nscale Administrator Web* component in this instance",
"title": "administrator"
},
"application": {
"default": "false",
"description": "deploy any solution using GBA, Standard Apps or shell copy with this generic deployment chart",
"title": "application"
},
"cmis": {
"default": "false",
"description": "enable a *nscale CMIS Connector* component in this instance",
"title": "cmis"
},
"database": {
"default": "true",
"description": "enable an internal *Postgres Database* in this instance",
"title": "database"
},
"dmsapi": {
"default": false,
"description": "TODO: remove",
"title": "dmsapi",
"type": "boolean"
},
"erpcmis": {
"default": "false",
"description": "enable a *nscale ERP CMIS Connector* component in this instance",
"title": "erpcmis"
},
"erpproxy": {
"default": "false",
"description": "enable a *nscale ERP Proxy Connector* component in this instance",
"title": "erpproxy"
},
"ilm": {
"default": "false",
"description": "enable a *nscale ILM Connector* component in this instance",
"title": "ilm"
},
"mon": {
"default": "false",
"description": "enable a *nscale Monitoring Console* component in this instance",
"title": "mon"
},
"nappl": {
"default": "true",
"description": "enable a consumer *nscale Application Layer* component in this instance",
"title": "nappl"
},
"nappljobs": {
"default": "false",
"description": "enable a dedicated jobs *nscale Application Layer* component in this instance please also make sure to set the *jobs* setting",
"title": "nappljobs"
},
"nstl": {
"default": "true",
"description": "enable a *nscale Server Storage Layer* component in this instance If you are in a **High Availability** scenario, disable this",
"title": "nstl"
},
"nstla": {
"default": "false",
"description": "enable an additional *nscale Server Storage Layer* node in this instance within a **High Availability** scenario.",
"title": "nstla"
},
"nstlb": {
"default": "false",
"description": "enable an additional *nscale Server Storage Layer* node in this instance within a **High Availability** scenario.",
"title": "nstlb"
},
"nstlc": {
"default": "false",
"description": "enable an additional *nscale Server Storage Layer* node in this instance within a **High Availability** scenario.",
"title": "nstlc"
},
"nstld": {
"default": "false",
"description": "enable an additional *nscale Server Storage Layer* node in this instance within a **High Availability** scenario.",
"title": "nstld"
},
"pam": {
"default": "false",
"description": "enable a *nscale Process Automation Modeler* component in this instance",
"title": "pam"
},
"pipeliner": {
"default": "false",
"description": "enable *nscale Pipeliner* component in this instance",
"title": "pipeliner"
},
"prepper": {
"default": "false",
"description": "download, deploy and run any git asset or script prior to installation of the components",
"title": "prepper"
},
"rms": {
"default": "false",
"description": "enable a *nplus Remote Management Server* component in this instance If you are in a **High Availability** scenario, disable this",
"title": "rms"
},
"rmsa": {
"default": "false",
"description": "enable an additional *nplus Remote Management Server* in this instance within a **High Availability** scenario.",
"title": "rmsa"
},
"rmsb": {
"default": "false",
"description": "enable an additional *nplus Remote Management Server* in this instance within a **High Availability** scenario.",
"title": "rmsb"
},
"rs": {
"default": "true",
"description": "enable a *nscale Rendition Server* component in this instance",
"title": "rs"
},
"sharepoint": {
"default": "false",
"description": "enable a *nscale Sharepoint Connector* component in this instance",
"title": "sharepoint"
},
"sharepointa": {
"default": "false",
"description": "enable an additional *nscale Sharepoint Connector* component in this instance for another set of configuration parameters",
"title": "sharepointa"
},
"sharepointb": {
"default": "false",
"description": "enable an additional *nscale Sharepoint Connector* component in this instance for another set of configuration parameters",
"title": "sharepointb"
},
"sharepointc": {
"default": "false",
"description": "enable an additional *nscale Sharepoint Connector* component in this instance for another set of configuration parameters",
"title": "sharepointc"
},
"sharepointd": {
"default": "false",
"description": "enable an additional *nscale Sharepoint Connector* component in this instance for another set of configuration parameters",
"title": "sharepointd"
},
"sim": {
"additionalProperties": false,
"description": "This section is for the single-instance-mode in which all environement components are integrated into the instance",
"properties": {
"backend": {
"default": "false",
"description": "This is for *Single-Instance-Mode* **only**. Read the docu before enabling this. the backend components holds the common storages / PVCs for conf and ptemp umong other common environmental resources",
"title": "backend"
},
"dav": {
"default": "false",
"description": "This is for *Single-Instance-Mode* **only**. Read the docu before enabling this. DAV gives you WebDAV access to your conf and ptemp volumes",
"title": "dav"
},
"operator": {
"default": "false",
"description": "This is for *Single-Instance-Mode* **only**. Read the docu before enabling this. The Operator will let you query the Custom Resources for nscale, e.g. `kubectl get nscale`",
"title": "operator"
},
"toolbox": {
"default": "false",
"description": "This is for *Single-Instance-Mode* **only**. Read the docu before enabling this. the toolbox has a git client installed and is suitable for pulling, pushing, copying stuff into the pool, fonts, certificates, snippets and configuration files",
"title": "toolbox"
}
},
"title": "sim"
},
"web": {
"default": "true",
"description": "enable a *nscale Web* component in this instance",
"title": "web"
},
"webdav": {
"default": "false",
"description": "enable a *nscale WebDAV Connector* component in this instance",
"title": "webdav"
}
},
"title": "components",
"type": "object"
},
"database": {
"description": "Postgres Database, deploys a DEV or TESTING environment DB",
"properties": {
"database": {
"additionalProperties": false,
"properties": {
"account": {
"default": "nscale",
"description": "the technical account to own the nscale database, if not set by secret",
"title": "account"
},
"name": {
"default": "nscale",
"description": "name of the nscale database",
"title": "name"
},
"password": {
"default": "nscale",
"description": "password of the technical account, if not set by secret",
"title": "password"
},
"secret": {
"default": "",
"description": "the secret with credentials (account, password) for the nscale technical account. This setting has priority over account and password",
"title": "secret"
}
},
"title": "database",
"type": "object"
},
"dbAdmin": {
"additionalProperties": false,
"properties": {
"account": {
"default": "postgres",
"description": "the database admin account, if not set by secret",
"title": "account"
},
"password": {
"default": "postgres",
"description": "the database admin password, if not set by secret",
"title": "password"
},
"secret": {
"default": "",
"description": "the secret with credentials (account, password) for the database admin account. This setting has priority over adminAccount and adminPassword",
"title": "secret"
}
},
"title": "dbAdmin",
"type": "object"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "bitnami/postgresql",
"description": "the name of the image to use",
"title": "name"
},
"pullSecrets": {
"default": "",
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"title": "pullSecrets"
},
"repo": {
"default": "",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "15",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"meta": {
"additionalProperties": false,
"description": "yaml-language-server: $schema=values.schema.json",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "5432",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "database",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta",
"type": "object"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/bitnami/postgresql/conf",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "30Gi",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"priority": {
"additionalProperties": false,
"description": "You can give a component a specific priorityClass to implement a quality of service. You can leave this empty, then no priority is set. If you set a class, this class is taken If you additionally enable create, the class is created for you with the value defined.",
"properties": {
"className": {
"default": "",
"description": "Set the priority class for the Application Layer deployment if desired",
"title": "className"
},
"createClass": {
"default": "",
"description": "Creates an individual PriorityClass for this instance",
"title": "createClass"
},
"value": {
"default": "1000000",
"description": "Sets the priorityValue",
"title": "value"
}
},
"title": "priority"
},
"replicaCount": {
"default": "1",
"description": "The replicaCount for the Database should never be changed @ignore",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
}
},
"title": "nplus-component-database",
"type": "object"
},
"dav": {
"description": "Provides WebDAV access to environment resources such as the conf PVC and the ptemp PVC",
"properties": {
"account": {
"default": "admin",
"description": "the dav user",
"title": "account"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "toolbox2",
"description": "the name of the image to use",
"title": "name"
},
"pullPolicy": {
"default": "IfNotPresent",
"title": "pullPolicy",
"type": "string"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "cr.nplus.cloud/subscription",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "1.2.1300",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "/dav",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"default": "",
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "true",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"meta": {
"additionalProperties": false,
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "8080",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "8443",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "envdav",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta",
"type": "object"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"password": {
"default": "admin",
"description": "password of the dav user",
"title": "password"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "1",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "512Mi",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "1m",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "64Mi",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"secret": {
"default": "",
"description": "Alternatively, define a secret",
"title": "secret"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
}
},
"title": "nplus-environment-dav",
"type": "object"
},
"dmsapi": {
"description": "eon DMS-API provides a eon Standard Interface to the Instance",
"properties": {
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "dms-api",
"description": "the name of the image to use",
"title": "name"
},
"pullPolicy": {
"default": "IfNotPresent",
"title": "pullPolicy",
"type": "string"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "cr.nplus.cloud/subscription",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "9.2.1200",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "/dms_api",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"default": "",
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "true",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"javaOpts": {
"additionalProperties": false,
"description": "Options for the Java VM",
"properties": {
"javaMaxMem": {
"default": "",
"description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed",
"title": "javaMaxMem"
},
"javaMaxRamPercentage": {
"default": "",
"description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.",
"title": "javaMaxRamPercentage"
},
"javaMinMem": {
"default": "",
"description": "set the minimum memory, java will consume",
"title": "javaMinMem"
},
"javaMisc": {
"default": "",
"description": "Any misc Java Options that need to be passed to the container",
"title": "javaMisc"
}
},
"title": "javaOpts"
},
"meta": {
"additionalProperties": false,
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "java",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "9443",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "dms-api",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "dmsapi",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta",
"type": "object"
},
"minReplicaCount": {
"default": "",
"description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.",
"title": "minReplicaCount"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/tomcat/conf",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "/opt/tomcat/logs",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nappl": {
"additionalProperties": false,
"description": "The nscale Application Layer, this component should talk to",
"properties": {
"account": {
"default": "",
"description": "The technical account to login with",
"title": "account"
},
"domain": {
"default": "",
"description": "The domain of the technical account",
"title": "domain"
},
"host": {
"default": "",
"description": "nappl host name",
"title": "host"
},
"instance": {
"default": "",
"description": "instance of the Application Layer, likely `instance1`",
"title": "instance"
},
"password": {
"default": "",
"description": "The password of the technical accunt (if not set by secret)",
"title": "password"
},
"port": {
"default": "",
"description": "nappl port (http 8080 or https 8443)",
"title": "port"
},
"secret": {
"default": "",
"description": "An optional secret that holds the credentials (the keys must be `account` and `password`)",
"title": "secret"
},
"ssl": {
"default": "",
"description": "sets the Advanced Connect to tls",
"title": "ssl"
}
},
"title": "nappl"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"replicaCount": {
"default": "1",
"description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"updateStrategy": {
"default": "",
"description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.",
"title": "updateStrategy"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
}
},
"title": "eon-dms-api",
"type": "object"
},
"erpcmis": {
"description": "nscale ERP CMIS, providing SAP S/4 HANA Public Cloud Archive Access",
"properties": {
"alien": {
"additionalProperties": false,
"properties": {
"doAppend": {
"default": "",
"description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*",
"title": "doAppend"
},
"port": {
"default": "",
"description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*",
"title": "port"
},
"server": {
"default": "",
"description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*",
"title": "server"
},
"ssl": {
"default": "",
"description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*",
"title": "ssl"
},
"url": {
"default": "",
"description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*",
"title": "url"
},
"useSign": {
"default": "",
"description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*",
"title": "useSign"
}
},
"title": "alien",
"type": "object"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "erp-cmis-connector",
"description": "the name of the image to use",
"title": "name"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.2.1000.2024032720",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "/cmis/browser",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"default": "",
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "true",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"javaOpts": {
"additionalProperties": false,
"description": "Options for the Java VM",
"properties": {
"javaMaxMem": {
"default": "",
"description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed",
"title": "javaMaxMem"
},
"javaMaxRamPercentage": {
"default": "",
"description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.",
"title": "javaMaxRamPercentage"
},
"javaMinMem": {
"default": "",
"description": "set the minimum memory, java will consume",
"title": "javaMinMem"
},
"javaMisc": {
"default": "",
"description": "Any misc Java Options that need to be passed to the container",
"title": "javaMisc"
}
},
"title": "javaOpts"
},
"meta": {
"additionalProperties": false,
"description": "defines internal constants for nplus. do not change these values",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "java",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "8096",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "8196",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "erpcmis-connector",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "erpcmis",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta"
},
"migration": {
"additionalProperties": false,
"properties": {
"checkDocuments": {
"default": "",
"description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*",
"title": "checkDocuments"
},
"checkIgnoreTime": {
"default": "",
"description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*",
"title": "checkIgnoreTime"
},
"delay": {
"default": "",
"description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*",
"title": "delay"
},
"doListMigration": {
"default": "",
"description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*",
"title": "doListMigration"
},
"enabled": {
"default": "",
"description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*",
"title": "enabled"
},
"fileDelimiter": {
"default": "",
"description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*",
"title": "fileDelimiter"
},
"viaFileSystem": {
"default": "",
"description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*",
"title": "viaFileSystem"
}
},
"title": "migration",
"type": "object"
},
"minReplicaCount": {
"default": "",
"description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.",
"title": "minReplicaCount"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-for-sap/erp-cmis/conf",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-for-sap/erp-cmis/logs",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-for-sap/erp-cmis/temp",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nappl": {
"additionalProperties": false,
"description": "The nscale Application Layer, this component should talk to",
"properties": {
"account": {
"default": "",
"description": "The technical account to login with",
"title": "account"
},
"domain": {
"default": "",
"description": "The domain of the technical account",
"title": "domain"
},
"host": {
"default": "",
"description": "nappl host name",
"title": "host"
},
"instance": {
"default": "",
"description": "instance of the Application Layer, likely `instance1`",
"title": "instance"
},
"password": {
"default": "",
"description": "The password of the technical accunt (if not set by secret)",
"title": "password"
},
"port": {
"default": "",
"description": "nappl port (http 8080 or https 8443)",
"title": "port"
},
"secret": {
"default": "",
"description": "An optional secret that holds the credentials (the keys must be `account` and `password`)",
"title": "secret"
},
"ssl": {
"default": "",
"description": "sets the Advanced Connect to tls",
"title": "ssl"
}
},
"title": "nappl"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"replicaCount": {
"default": "1",
"description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"sign": {
"additionalProperties": false,
"properties": {
"authID": {
"default": "",
"description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*",
"title": "authID"
},
"keyAlias": {
"default": "",
"description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*",
"title": "keyAlias"
},
"keyPassword": {
"default": "",
"description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*",
"title": "keyPassword"
}
},
"title": "sign",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"updateStrategy": {
"default": "",
"description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.",
"title": "updateStrategy"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
},
"xsap": {
"additionalProperties": false,
"properties": {
"useSign": {
"default": "",
"description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*",
"title": "useSign"
}
},
"title": "xsap",
"type": "object"
}
},
"title": "nplus-component-erpcmis",
"type": "object"
},
"erpproxy": {
"description": "nscale ERP Proxy, providing SAP Archive Link access to alien Archive Components",
"properties": {
"alien": {
"additionalProperties": false,
"properties": {
"doAppend": {
"default": "",
"description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*",
"title": "doAppend"
},
"port": {
"default": "",
"description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*",
"title": "port"
},
"server": {
"default": "",
"description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*",
"title": "server"
},
"ssl": {
"default": "",
"description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*",
"title": "ssl"
},
"url": {
"default": "",
"description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*",
"title": "url"
},
"useSign": {
"default": "",
"description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*",
"title": "useSign"
}
},
"title": "alien",
"type": "object"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "sap-proxy-connector",
"description": "the name of the image to use",
"title": "name"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/pre-release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.3.1000.2024092409",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "/sap_proxy",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"default": "",
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "true",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"javaOpts": {
"additionalProperties": false,
"description": "Options for the Java VM",
"properties": {
"javaMaxMem": {
"default": "",
"description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed",
"title": "javaMaxMem"
},
"javaMaxRamPercentage": {
"default": "",
"description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.",
"title": "javaMaxRamPercentage"
},
"javaMinMem": {
"default": "",
"description": "set the minimum memory, java will consume",
"title": "javaMinMem"
},
"javaMisc": {
"default": "",
"description": "Any misc Java Options that need to be passed to the container",
"title": "javaMisc"
}
},
"title": "javaOpts"
},
"meta": {
"additionalProperties": false,
"description": "defines internal constants for nplus. do not change these values",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "java",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "8097",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "8197",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "erpproxy-connector",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "erpproxy",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta"
},
"migration": {
"additionalProperties": false,
"properties": {
"checkDocuments": {
"default": "",
"description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*",
"title": "checkDocuments"
},
"checkIgnoreTime": {
"default": "",
"description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*",
"title": "checkIgnoreTime"
},
"delay": {
"default": "",
"description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*",
"title": "delay"
},
"doListMigration": {
"default": "",
"description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*",
"title": "doListMigration"
},
"enabled": {
"default": "",
"description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*",
"title": "enabled"
},
"fileDelimiter": {
"default": "",
"description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*",
"title": "fileDelimiter"
},
"viaFileSystem": {
"default": "",
"description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*",
"title": "viaFileSystem"
}
},
"title": "migration",
"type": "object"
},
"minReplicaCount": {
"default": "",
"description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.",
"title": "minReplicaCount"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-for-sap/sap-proxy/conf",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-for-sap/sap-proxy/logs",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-for-sap/sap-proxy/temp",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nappl": {
"additionalProperties": false,
"description": "The nscale Application Layer, this component should talk to",
"properties": {
"account": {
"default": "",
"description": "The technical account to login with",
"title": "account"
},
"domain": {
"default": "",
"description": "The domain of the technical account",
"title": "domain"
},
"host": {
"default": "",
"description": "nappl host name",
"title": "host"
},
"instance": {
"default": "",
"description": "instance of the Application Layer, likely `instance1`",
"title": "instance"
},
"password": {
"default": "",
"description": "The password of the technical accunt (if not set by secret)",
"title": "password"
},
"port": {
"default": "",
"description": "nappl port (http 8080 or https 8443)",
"title": "port"
},
"secret": {
"default": "",
"description": "An optional secret that holds the credentials (the keys must be `account` and `password`)",
"title": "secret"
},
"ssl": {
"default": "",
"description": "sets the Advanced Connect to tls",
"title": "ssl"
}
},
"title": "nappl"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"replicaCount": {
"default": "1",
"description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"sign": {
"additionalProperties": false,
"properties": {
"authID": {
"default": "",
"description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*",
"title": "authID"
},
"keyAlias": {
"default": "",
"description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*",
"title": "keyAlias"
},
"keyPassword": {
"default": "",
"description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*",
"title": "keyPassword"
}
},
"title": "sign",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"updateStrategy": {
"default": "",
"description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.",
"title": "updateStrategy"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
},
"xsap": {
"additionalProperties": false,
"properties": {
"url": {
"default": "{{ printf \"%s/%s\" ($.this.nappl).instance \"xsap/cs/xsap\"}}",
"description": "xsap url to use.",
"title": "url"
},
"useSign": {
"default": "",
"description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*",
"title": "useSign"
}
},
"title": "xsap",
"type": "object"
}
},
"title": "nplus-component-erpproxy",
"type": "object"
},
"global": {
"additionalProperties": false,
"properties": {
"database": {
"additionalProperties": false,
"properties": {
"account": {
"default": "nscale",
"description": "DB account (if not using a secret)",
"title": "account"
},
"dialect": {
"default": "PostgreSQL",
"description": "nscale DB server dialect",
"title": "dialect"
},
"driverclass": {
"default": "org.postgresql.Driver",
"description": "nscale DB server driverclass",
"title": "driverclass"
},
"name": {
"default": "nscale",
"description": "name of the nscale DB",
"title": "name"
},
"password": {
"default": "nscale",
"description": "DB password (if not using a secret)",
"title": "password"
},
"passwordEncoded": {
"default": "false",
"description": "weather the password is stored encrypted",
"title": "passwordEncoded"
},
"schema": {
"default": "public",
"description": "DB schema name",
"title": "schema"
},
"secret": {
"default": "",
"description": "DB credential secret (account, password)",
"title": "secret"
},
"url": {
"default": "jdbc:postgresql://{{ .component.prefix }}database:5432/{{ .this.database.name }}",
"description": "The URL to the database",
"title": "url"
}
},
"title": "database",
"type": "object"
},
"ingress": {
"additionalProperties": false,
"properties": {
"appRoot": {
"default": "/nscale_web",
"description": "Sets the root for this instance, where incoming root traffic should be redirected to",
"title": "appRoot"
},
"class": {
"default": "`public``",
"description": "sets the global ingressclass for all components to use - if they do not define a specific one, for example if there are separate controllers for internal and external traffic",
"title": "class"
},
"createSelfSignedCertificate": {
"default": "true",
"description": "if you do not define an issuer to generate the tls secret for you, you still can have a self signed certificate generated for you, if you set this to true. The default is true, so either you have an issuer or not, you will always end up with a certificate. Set an empty issuer and createSelfSignedCertificate to false to have no certificate generated and use an external or existing secret. Then make sure the secret matches.",
"title": "createSelfSignedCertificate"
},
"domain": {
"default": "",
"description": "Sets the global domain within the instance to be used, if the component does not define any domain. If this remains empty, no ingress is generated Example: `{{ .instance.group }}.lab.nplus.cloud`",
"title": "domain"
},
"issuer": {
"default": "",
"description": "Sets the name of the issuer to create the tls secret. Very common is to have it created by cert-manager. Please see the documentation how to create a cert-manager cluster issuer for example. If no issuer is set, no certificate request will be generated",
"title": "issuer"
},
"namespace": {
"default": "`ingress, kube-system, ingress-nginx`",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. This secret is then either generated by cert-manager or self signed by helm - or not created",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress",
"type": "object"
},
"instance": {
"additionalProperties": false,
"properties": {
"group": {
"default": "",
"description": "The group of the instance. This is used for the networkPolicies. Only Pods within one group are allowed to communicate if you enable the nplus Network Policies. By default, this is set the same as the instance name",
"title": "group"
},
"name": {
"default": "{{ .Release.Name }}",
"description": "The name of the instance. Should this name be identical to the namespace name, then the prefix will be dropped. By default, this is the .Release.Name",
"title": "name"
}
},
"title": "instance",
"type": "object"
},
"license": {
"default": "nscale-license",
"description": "Globally set the license secret name",
"title": "license"
},
"logForwarderImage": {
"additionalProperties": false,
"properties": {
"name": {
"default": "fluent-bit",
"description": "defines the nplus toolbox name to be used for the *wait* feature",
"title": "name"
},
"pullPolicy": {
"default": "IfNotPresent",
"description": "defines the nplus toolbox pull policy to be used for the *wait* feature",
"title": "pullPolicy"
},
"repo": {
"default": "cr.fluentbit.io/fluent",
"description": "defines the nplus toolbox image to be used for the *wait* feature",
"title": "repo"
},
"tag": {
"default": "2.0",
"description": "defines the tag for the logforwarder (FluentBit) @internal -- set by devOps pipeline, so do not modify",
"title": "tag"
}
},
"title": "logForwarderImage",
"type": "object"
},
"meta": {
"additionalProperties": false,
"properties": {
"nscaleVersion": {
"default": "9.3.1300",
"description": "Sets the nscale version of this deployment / instance. This is used by the operator to display the correct version e.g. in the Web UI. @internal -- this is set by the devOps pipeline, so do not modify",
"title": "nscaleVersion"
}
},
"title": "meta",
"type": "object"
},
"nappl": {
"additionalProperties": false,
"properties": {
"account": {
"default": "admin",
"description": "The technical account to login with",
"title": "account"
},
"domain": {
"default": "nscale",
"description": "The domain of the technical account",
"title": "domain"
},
"host": {
"default": "{{ .component.prefix }}nappl.{{ .Release.Namespace }}",
"description": "sets the *nscale Server Application Layer* host to be used. As this is a global option, it can be overridden at component level.",
"title": "host"
},
"instance": {
"default": "nscalealinst1",
"description": "the instance of *nscale Server Application Layer* to be used @internal -- As this is depricated for nscale 10, you should never modify this.",
"title": "instance"
},
"password": {
"default": "admin",
"description": "The password of the technical accunt (if not set by secret)",
"title": "password"
},
"port": {
"default": "8080",
"description": "sets the *nscale Server Application Layer* port to be used. As this is a global option, it can be overridden at component level. if you switch to zero trus mode or change the nappl backend to https, you want to modify this port to 8443",
"title": "port"
},
"secret": {
"default": "",
"description": "An optional secret that holds the credentials (the keys must be `account` and `password`)",
"title": "secret"
},
"ssl": {
"default": "false",
"description": "wether to use ssl or not for the advanced connector",
"title": "ssl"
}
},
"title": "nappl",
"type": "object"
},
"security": {
"additionalProperties": false,
"properties": {
"cni": {
"additionalProperties": false,
"properties": {
"administratorInstance": {
"default": "{{ .this.instance.name }}",
"description": "sets the instance, from which Administration is allowed",
"title": "administratorInstance"
},
"administratorNamespace": {
"default": "{{ .Release.Namespace }}",
"description": "sets the namespace, from which Administration is allowed",
"title": "administratorNamespace"
},
"createNetworkPolicy": {
"default": "",
"description": "creates NetworkPolicies for each component.",
"title": "createNetworkPolicy"
},
"defaultEgressPolicy": {
"default": "",
"description": "if defined, creates a default NetworkPolicy to handle egress Traffic from the instance. Possible Values: deny, allow, none",
"title": "defaultEgressPolicy"
},
"defaultIngressPolicy": {
"default": "",
"description": "if defined, creates a default NetworkPolicy to handle ingress Traffic to the instance. Possible Values: deny, allow, none",
"title": "defaultIngressPolicy"
},
"monitoringInstance": {
"default": "{{ .this.instance.name }}",
"description": "sets the instance, from which Monitoring is allowed",
"title": "monitoringInstance"
},
"monitoringNamespace": {
"default": "{{ .Release.Namespace }}",
"description": "sets the namespace, from which Monitoring is allowed",
"title": "monitoringNamespace"
},
"pamInstance": {
"default": "{{ .this.instance.name }}",
"description": "sets the instance, from which Process Automation Modeling is allowed",
"title": "pamInstance"
},
"pamNamespace": {
"default": "{{ .Release.Namespace }}",
"description": "sets the namespace, from which Process Automation Modeling is allowed",
"title": "pamNamespace"
}
},
"title": "cni",
"type": "object"
},
"zeroTrust": {
"default": "",
"description": "enables zero trust on the instance. When enabled, no unencrypted http connection is allowed. This will remove all http ports from pods, services, network policies and ingress rules",
"title": "zeroTrust"
}
},
"title": "security",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"properties": {
"openTelemetry": {
"default": "",
"description": "if you use a OpenTelemetry as a telemetry collector, you can enable it here. This will add the annotations to some known pods for the injector to use agents inside the pods for telemetry collection. This often goes along with the `language` setting in the meta section to tell the telemetry collector which agent to inject.",
"title": "openTelemetry"
}
},
"title": "telemetry",
"type": "object"
},
"waitImage": {
"additionalProperties": false,
"properties": {
"name": {
"default": "toolbox2",
"description": "defines the nplus toolbox name to be used for the *wait* feature",
"title": "name"
},
"pullPolicy": {
"default": "IfNotPresent",
"description": "defines the nplus toolbox pull policy to be used for the *wait* feature",
"title": "pullPolicy"
},
"repo": {
"default": "cr.nplus.cloud/subscription",
"description": "defines the nplus toolbox image to be used for the *wait* feature",
"title": "repo"
},
"tag": {
"default": "1.2.1300",
"description": "defines the nplus toolbox tag to be used for the *wait* feature @internal -- set by devOps pipeline, so do not modify",
"title": "tag"
}
},
"title": "waitImage",
"type": "object"
}
},
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"ilm": {
"description": "nscale ILM Connector, providing a certified SAP ILM interface",
"properties": {
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "ilm-connector",
"description": "the name of the image to use",
"title": "name"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.3.1000.2024091702",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "/sap_ilm",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"default": "",
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "true",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"javaOpts": {
"additionalProperties": false,
"description": "Options for the Java VM",
"properties": {
"javaMaxMem": {
"default": "",
"description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed",
"title": "javaMaxMem"
},
"javaMaxRamPercentage": {
"default": "",
"description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.",
"title": "javaMaxRamPercentage"
},
"javaMinMem": {
"default": "",
"description": "set the minimum memory, java will consume",
"title": "javaMinMem"
},
"javaMisc": {
"default": "",
"description": "Any misc Java Options that need to be passed to the container",
"title": "javaMisc"
}
},
"title": "javaOpts"
},
"meta": {
"additionalProperties": false,
"description": "defines internal constants for nplus. do not change these values",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "java",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "8297",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "8397",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "ilm-connector",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "ilm",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta"
},
"minReplicaCount": {
"default": "",
"description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.",
"title": "minReplicaCount"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-for-sap/erp-connector-ilm/conf",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-for-sap/erp-connector-ilm/logs",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-for-sap/erp-connector-ilm/temp",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nappl": {
"additionalProperties": false,
"description": "The nscale Application Layer, this component should talk to",
"properties": {
"account": {
"default": "",
"description": "The technical account to login with",
"title": "account"
},
"domain": {
"default": "",
"description": "The domain of the technical account",
"title": "domain"
},
"host": {
"default": "",
"description": "nappl host name",
"title": "host"
},
"instance": {
"default": "",
"description": "instance of the Application Layer, likely `instance1`",
"title": "instance"
},
"password": {
"default": "",
"description": "The password of the technical accunt (if not set by secret)",
"title": "password"
},
"port": {
"default": "",
"description": "nappl port (http 8080 or https 8443)",
"title": "port"
},
"secret": {
"default": "",
"description": "An optional secret that holds the credentials (the keys must be `account` and `password`)",
"title": "secret"
},
"ssl": {
"default": "",
"description": "sets the Advanced Connect to tls",
"title": "ssl"
}
},
"title": "nappl"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"replicaCount": {
"default": "1",
"description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"updateStrategy": {
"default": "",
"description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.",
"title": "updateStrategy"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
}
},
"title": "nplus-component-ilm",
"type": "object"
},
"meta": {
"additionalProperties": false,
"properties": {
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
}
},
"title": "meta",
"type": "object"
},
"mon": {
"description": "nscale Monitoring Console, used to provide sensor information from all components to dashboards",
"properties": {
"activateRmi": {
"default": "false",
"description": "Activates the RMI Interface. Due to security concern, this defaults to `false`",
"title": "activateRmi"
},
"activateSsl": {
"default": "true",
"description": "Activates SSL / TLS communication",
"title": "activateSsl"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "monitoring-console",
"description": "the name of the image to use",
"title": "name"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.3.1000.2024092618",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "/nscalemc",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"default": "",
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "true",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"javaOpts": {
"additionalProperties": false,
"description": "Options for the Java VM",
"properties": {
"javaMaxMem": {
"default": "",
"description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed",
"title": "javaMaxMem"
},
"javaMaxRamPercentage": {
"default": "",
"description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.",
"title": "javaMaxRamPercentage"
},
"javaMinMem": {
"default": "",
"description": "set the minimum memory, java will consume",
"title": "javaMinMem"
},
"javaMisc": {
"default": "",
"description": "Any misc Java Options that need to be passed to the container",
"title": "javaMisc"
}
},
"title": "javaOpts"
},
"meta": {
"additionalProperties": false,
"description": "defines internal constants for nplus. do not change these values",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "java",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "8387",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "8388",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "8389",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "monitoring-console",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "mon",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-monitoring/workspace",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "10Gi",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-monitoring/workspace/license.xml",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"replicaCount": {
"default": "1",
"description": "There should only be a single Monitoring instance, so the replicaCount is fixed to 1 @ignore -- Do not change this.",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
}
},
"title": "nplus-component-mon",
"type": "object"
},
"nappl": {
"description": "nscale Server Application Layer, the central component in the nscale ecosystem",
"properties": {
"database": {
"additionalProperties": false,
"description": "If you define the database in your values, this DB settings are taken. If you leave this empty, the settings from the config file are used.",
"properties": {
"account": {
"default": "",
"description": "alternative 1: the account name of the technical DB user for nscale",
"title": "account"
},
"dialect": {
"default": "",
"description": "the database dialect to use",
"title": "dialect"
},
"driverclass": {
"default": "",
"description": "the driver class to use",
"title": "driverclass"
},
"name": {
"default": "",
"description": "the name of the database to use",
"title": "name"
},
"password": {
"default": "",
"description": "alternative 1: the password of the technical DB user for nscale",
"title": "password"
},
"passwordEncoded": {
"default": "",
"description": "weather the DB password is stored encrypted",
"title": "passwordEncoded"
},
"schema": {
"default": "",
"description": "the database schema to use",
"title": "schema"
},
"secret": {
"default": "",
"description": "alternative 2: use a secret for the account and password",
"title": "secret"
},
"url": {
"default": "",
"description": "the DB URL",
"title": "url"
}
},
"title": "database"
},
"disableSessionReplication": {
"default": "",
"description": "enables/disables the session replication for these cluster members.",
"title": "disableSessionReplication"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "application-layer",
"description": "the name of the image to use",
"title": "name"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.3.1300.2024121814",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "/nscalealinst1",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "false",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"includeDefaultPaths": {
"default": "true",
"description": "toggles default paths like index.html, res and engine.properties",
"title": "includeDefaultPaths"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"javaOpts": {
"additionalProperties": false,
"description": "Options for the Java VM",
"properties": {
"javaMaxMem": {
"default": "",
"description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed",
"title": "javaMaxMem"
},
"javaMaxRamPercentage": {
"default": "",
"description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.",
"title": "javaMaxRamPercentage"
},
"javaMinMem": {
"default": "",
"description": "set the minimum memory, java will consume",
"title": "javaMinMem"
},
"javaMisc": {
"default": "",
"description": "Any misc Java Options that need to be passed to the container",
"title": "javaMisc"
}
},
"title": "javaOpts"
},
"jobs": {
"default": "true",
"description": "enables/disables the job affinity / priority for these cluster members",
"title": "jobs"
},
"kubePing": {
"additionalProperties": false,
"description": "sets the serviceAccount for NAPPL. Up to 9.1.1100, this was needed for the cluster communication (kubePing). Starting 9.1.1201, this is not the case any more If it is left empty, also the automountServiceAccountToken is disabled. If you set Values, they are ignored in Versions > 9.1.1200",
"properties": {
"create": {
"default": "true",
"description": "Creates the ServiceAccount (only if Version < 9.1.1200) Later Versions use a Cluster Service and resolve the IP Adresses from the EndpointSlices",
"title": "create"
},
"name": {
"default": "{{ .component.fullName }}-kubeping",
"description": "Set the ServiceAccount Name for the kubePing Protocol",
"title": "name"
}
},
"title": "kubePing"
},
"meta": {
"additionalProperties": false,
"description": "defines internal constants for nplus. do not change these values",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "java",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "8080",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "8443",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "application-layer",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "core",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta"
},
"minReplicaCount": {
"default": "",
"description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.",
"title": "minReplicaCount"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"description": "Sets the path to the component certs. @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-server/application-layer/conf",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "/usr/share/fonts/truetype/nplus",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-server/application-layer/conf/license.xml",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-server/application-layer/logs",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "5Gi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nodeSelector": {
"additionalProperties": false,
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"priority": {
"additionalProperties": false,
"description": "You can give a component a specific priorityClass to implement a quality of service. You can leave this empty, then no priority is set. If you set a class, this class is taken If you additionally enable create, the class is created for you with the value defined.",
"properties": {
"className": {
"default": "",
"description": "Set the priority class for the Application Layer deployment if desired",
"title": "className"
},
"createClass": {
"default": "true",
"description": "Creates an individual PriorityClass for this instance",
"title": "createClass"
},
"value": {
"default": "1000000",
"description": "Sets the priorityValue",
"title": "value"
}
},
"title": "priority"
},
"replicaCount": {
"default": "1",
"description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"cni": {
"additionalProperties": false,
"properties": {
"dbIpRange": {
"default": "",
"description": "defines the IP Range of out-of-cluster DB Servers, that the nappl is allowed to communicate with.",
"title": "dbIpRange"
},
"sapIpRange": {
"default": "",
"description": "defines the IP Range of out-of-cluster SAP Servers, that the nappl is allowed to communicate with.",
"title": "sapIpRange"
}
},
"title": "cni",
"type": "object"
},
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"sessionCacheStorageType": {
"default": "",
"description": "Sets the Session Cache Storage Type to HEAP or OFF_HEAP",
"title": "sessionCacheStorageType"
},
"snc": {
"additionalProperties": false,
"properties": {
"enabled": {
"default": "false",
"description": "Enables the NAPPL SNC to access SAP Systems. Since nscale 8, the configuration is done in the Administration Client.",
"title": "enabled"
}
},
"title": "snc",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"description": "Set tolerations for this component",
"items": {},
"title": "tolerations"
},
"updateStrategy": {
"default": "RollingUpdate",
"description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.",
"title": "updateStrategy"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
}
},
"title": "nplus-component-nappl",
"type": "object"
},
"nappljobs": {
"description": "nscale Server Application Layer, the central component in the nscale ecosystem",
"properties": {
"database": {
"additionalProperties": false,
"description": "If you define the database in your values, this DB settings are taken. If you leave this empty, the settings from the config file are used.",
"properties": {
"account": {
"default": "",
"description": "alternative 1: the account name of the technical DB user for nscale",
"title": "account"
},
"dialect": {
"default": "",
"description": "the database dialect to use",
"title": "dialect"
},
"driverclass": {
"default": "",
"description": "the driver class to use",
"title": "driverclass"
},
"name": {
"default": "",
"description": "the name of the database to use",
"title": "name"
},
"password": {
"default": "",
"description": "alternative 1: the password of the technical DB user for nscale",
"title": "password"
},
"passwordEncoded": {
"default": "",
"description": "weather the DB password is stored encrypted",
"title": "passwordEncoded"
},
"schema": {
"default": "",
"description": "the database schema to use",
"title": "schema"
},
"secret": {
"default": "",
"description": "alternative 2: use a secret for the account and password",
"title": "secret"
},
"url": {
"default": "",
"description": "the DB URL",
"title": "url"
}
},
"title": "database"
},
"disableSessionReplication": {
"default": "",
"description": "enables/disables the session replication for these cluster members.",
"title": "disableSessionReplication"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "application-layer",
"description": "the name of the image to use",
"title": "name"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.3.1300.2024121814",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "/nscalealinst1",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "false",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"includeDefaultPaths": {
"default": "true",
"description": "toggles default paths like index.html, res and engine.properties",
"title": "includeDefaultPaths"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"javaOpts": {
"additionalProperties": false,
"description": "Options for the Java VM",
"properties": {
"javaMaxMem": {
"default": "",
"description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed",
"title": "javaMaxMem"
},
"javaMaxRamPercentage": {
"default": "",
"description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.",
"title": "javaMaxRamPercentage"
},
"javaMinMem": {
"default": "",
"description": "set the minimum memory, java will consume",
"title": "javaMinMem"
},
"javaMisc": {
"default": "",
"description": "Any misc Java Options that need to be passed to the container",
"title": "javaMisc"
}
},
"title": "javaOpts"
},
"jobs": {
"default": "true",
"description": "enables/disables the job affinity / priority for these cluster members",
"title": "jobs"
},
"kubePing": {
"additionalProperties": false,
"description": "sets the serviceAccount for NAPPL. Up to 9.1.1100, this was needed for the cluster communication (kubePing). Starting 9.1.1201, this is not the case any more If it is left empty, also the automountServiceAccountToken is disabled. If you set Values, they are ignored in Versions > 9.1.1200",
"properties": {
"create": {
"default": "true",
"description": "Creates the ServiceAccount (only if Version < 9.1.1200) Later Versions use a Cluster Service and resolve the IP Adresses from the EndpointSlices",
"title": "create"
},
"name": {
"default": "{{ .component.fullName }}-kubeping",
"description": "Set the ServiceAccount Name for the kubePing Protocol",
"title": "name"
}
},
"title": "kubePing"
},
"meta": {
"additionalProperties": false,
"description": "defines internal constants for nplus. do not change these values",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "java",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "8080",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "8443",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "application-layer",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "core",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta"
},
"minReplicaCount": {
"default": "",
"description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.",
"title": "minReplicaCount"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"description": "Sets the path to the component certs. @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-server/application-layer/conf",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "/usr/share/fonts/truetype/nplus",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-server/application-layer/conf/license.xml",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-server/application-layer/logs",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "5Gi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nodeSelector": {
"additionalProperties": false,
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"priority": {
"additionalProperties": false,
"description": "You can give a component a specific priorityClass to implement a quality of service. You can leave this empty, then no priority is set. If you set a class, this class is taken If you additionally enable create, the class is created for you with the value defined.",
"properties": {
"className": {
"default": "",
"description": "Set the priority class for the Application Layer deployment if desired",
"title": "className"
},
"createClass": {
"default": "true",
"description": "Creates an individual PriorityClass for this instance",
"title": "createClass"
},
"value": {
"default": "1000000",
"description": "Sets the priorityValue",
"title": "value"
}
},
"title": "priority"
},
"replicaCount": {
"default": "1",
"description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"cni": {
"additionalProperties": false,
"properties": {
"dbIpRange": {
"default": "",
"description": "defines the IP Range of out-of-cluster DB Servers, that the nappl is allowed to communicate with.",
"title": "dbIpRange"
},
"sapIpRange": {
"default": "",
"description": "defines the IP Range of out-of-cluster SAP Servers, that the nappl is allowed to communicate with.",
"title": "sapIpRange"
}
},
"title": "cni",
"type": "object"
},
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"sessionCacheStorageType": {
"default": "",
"description": "Sets the Session Cache Storage Type to HEAP or OFF_HEAP",
"title": "sessionCacheStorageType"
},
"snc": {
"additionalProperties": false,
"properties": {
"enabled": {
"default": "false",
"description": "Enables the NAPPL SNC to access SAP Systems. Since nscale 8, the configuration is done in the Administration Client.",
"title": "enabled"
}
},
"title": "snc",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"description": "Set tolerations for this component",
"items": {},
"title": "tolerations"
},
"updateStrategy": {
"default": "RollingUpdate",
"description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.",
"title": "updateStrategy"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
}
},
"title": "nplus-component-nappl",
"type": "object"
},
"nstl": {
"description": "nscale Server Storage Layer, virtualizing the storage to be used by the nscale Server",
"properties": {
"accounting": {
"default": "",
"description": "sets and enables / disables the accounting function. If enabled, it writes the csv files to *ptemp* (`<instance>/<component>/accounting`) The internal path is set to `/opt/ceyoniq/nscale-server/storage-layer/accounting` by `mounts.ptemp.paths`",
"title": "accounting"
},
"checkHighestDocId": {
"default": "",
"description": "enables checking the highest DocID when starting the server. this only makes sense, if you also set a separate volume for the highest ID This is a backup / restore feature to avoid data mangling",
"title": "checkHighestDocId"
},
"dvCheckPath": {
"default": "",
"description": "sets the path of the highest ID file.",
"title": "dvCheckPath"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "storage-layer",
"description": "the name of the image to use",
"title": "name"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.3.1201.2024112518",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "ingress settings. however, the nstl does not use http, so a layer 7 LB does not make any sense. @ignore",
"properties": {
"enabled": {
"default": "false",
"description": "enables ingress on this component do not change this! @ignore",
"title": "enabled"
}
},
"title": "ingress"
},
"logForwarder": {
"default": "",
"title": "logForwarder",
"type": "null"
},
"meta": {
"additionalProperties": false,
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "cpp",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "3005",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "3006",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "storage-layer",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "nstl",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta",
"type": "object"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-server/storage-layer/etc",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "50Gi",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "50Gi",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-server/storage-layer/etc/license.xml",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"medium": {
"default": "",
"description": "the medium for the emptyDisk volume if you unset it, it drops it from the manifest",
"title": "medium"
},
"path": {
"default": "",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "5Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "500Mi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"replicaCount": {
"default": "1",
"description": "the replicaCount for the Storage Layer. This does not make sense, so leave this at 1 at any time, unless you know exactly what you are doing. @ignore",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"cni": {
"additionalProperties": false,
"properties": {
"nstlIpRange": {
"default": "",
"description": "You might want to access storage layer outside the cluster (proxy concept) To do so, you can add a specific IP Range here, which is set within the network policy.",
"title": "nstlIpRange"
}
},
"title": "cni",
"type": "object"
},
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsNonRoot": {
"default": true,
"title": "runAsNonRoot",
"type": "boolean"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
}
},
"title": "nplus-component-nstl",
"type": "object"
},
"nstla": {
"description": "nscale Server Storage Layer, virtualizing the storage to be used by the nscale Server",
"properties": {
"accounting": {
"default": "",
"description": "sets and enables / disables the accounting function. If enabled, it writes the csv files to *ptemp* (`<instance>/<component>/accounting`) The internal path is set to `/opt/ceyoniq/nscale-server/storage-layer/accounting` by `mounts.ptemp.paths`",
"title": "accounting"
},
"checkHighestDocId": {
"default": "",
"description": "enables checking the highest DocID when starting the server. this only makes sense, if you also set a separate volume for the highest ID This is a backup / restore feature to avoid data mangling",
"title": "checkHighestDocId"
},
"dvCheckPath": {
"default": "",
"description": "sets the path of the highest ID file.",
"title": "dvCheckPath"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "storage-layer",
"description": "the name of the image to use",
"title": "name"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.3.1201.2024112518",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "ingress settings. however, the nstl does not use http, so a layer 7 LB does not make any sense. @ignore",
"properties": {
"enabled": {
"default": "false",
"description": "enables ingress on this component do not change this! @ignore",
"title": "enabled"
}
},
"title": "ingress"
},
"logForwarder": {
"default": "",
"title": "logForwarder",
"type": "null"
},
"meta": {
"additionalProperties": false,
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "cpp",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "3005",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "3006",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "storage-layer",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "nstl",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta",
"type": "object"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-server/storage-layer/etc",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "50Gi",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "50Gi",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-server/storage-layer/etc/license.xml",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"medium": {
"default": "",
"description": "the medium for the emptyDisk volume if you unset it, it drops it from the manifest",
"title": "medium"
},
"path": {
"default": "",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "5Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "500Mi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"replicaCount": {
"default": "1",
"description": "the replicaCount for the Storage Layer. This does not make sense, so leave this at 1 at any time, unless you know exactly what you are doing. @ignore",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"cni": {
"additionalProperties": false,
"properties": {
"nstlIpRange": {
"default": "",
"description": "You might want to access storage layer outside the cluster (proxy concept) To do so, you can add a specific IP Range here, which is set within the network policy.",
"title": "nstlIpRange"
}
},
"title": "cni",
"type": "object"
},
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsNonRoot": {
"default": true,
"title": "runAsNonRoot",
"type": "boolean"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
}
},
"title": "nplus-component-nstl",
"type": "object"
},
"nstlb": {
"description": "nscale Server Storage Layer, virtualizing the storage to be used by the nscale Server",
"properties": {
"accounting": {
"default": "",
"description": "sets and enables / disables the accounting function. If enabled, it writes the csv files to *ptemp* (`<instance>/<component>/accounting`) The internal path is set to `/opt/ceyoniq/nscale-server/storage-layer/accounting` by `mounts.ptemp.paths`",
"title": "accounting"
},
"checkHighestDocId": {
"default": "",
"description": "enables checking the highest DocID when starting the server. this only makes sense, if you also set a separate volume for the highest ID This is a backup / restore feature to avoid data mangling",
"title": "checkHighestDocId"
},
"dvCheckPath": {
"default": "",
"description": "sets the path of the highest ID file.",
"title": "dvCheckPath"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "storage-layer",
"description": "the name of the image to use",
"title": "name"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.3.1201.2024112518",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "ingress settings. however, the nstl does not use http, so a layer 7 LB does not make any sense. @ignore",
"properties": {
"enabled": {
"default": "false",
"description": "enables ingress on this component do not change this! @ignore",
"title": "enabled"
}
},
"title": "ingress"
},
"logForwarder": {
"default": "",
"title": "logForwarder",
"type": "null"
},
"meta": {
"additionalProperties": false,
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "cpp",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "3005",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "3006",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "storage-layer",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "nstl",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta",
"type": "object"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-server/storage-layer/etc",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "50Gi",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "50Gi",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-server/storage-layer/etc/license.xml",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"medium": {
"default": "",
"description": "the medium for the emptyDisk volume if you unset it, it drops it from the manifest",
"title": "medium"
},
"path": {
"default": "",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "5Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "500Mi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"replicaCount": {
"default": "1",
"description": "the replicaCount for the Storage Layer. This does not make sense, so leave this at 1 at any time, unless you know exactly what you are doing. @ignore",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"cni": {
"additionalProperties": false,
"properties": {
"nstlIpRange": {
"default": "",
"description": "You might want to access storage layer outside the cluster (proxy concept) To do so, you can add a specific IP Range here, which is set within the network policy.",
"title": "nstlIpRange"
}
},
"title": "cni",
"type": "object"
},
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsNonRoot": {
"default": true,
"title": "runAsNonRoot",
"type": "boolean"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
}
},
"title": "nplus-component-nstl",
"type": "object"
},
"nstlc": {
"description": "nscale Server Storage Layer, virtualizing the storage to be used by the nscale Server",
"properties": {
"accounting": {
"default": "",
"description": "sets and enables / disables the accounting function. If enabled, it writes the csv files to *ptemp* (`<instance>/<component>/accounting`) The internal path is set to `/opt/ceyoniq/nscale-server/storage-layer/accounting` by `mounts.ptemp.paths`",
"title": "accounting"
},
"checkHighestDocId": {
"default": "",
"description": "enables checking the highest DocID when starting the server. this only makes sense, if you also set a separate volume for the highest ID This is a backup / restore feature to avoid data mangling",
"title": "checkHighestDocId"
},
"dvCheckPath": {
"default": "",
"description": "sets the path of the highest ID file.",
"title": "dvCheckPath"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "storage-layer",
"description": "the name of the image to use",
"title": "name"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.3.1201.2024112518",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "ingress settings. however, the nstl does not use http, so a layer 7 LB does not make any sense. @ignore",
"properties": {
"enabled": {
"default": "false",
"description": "enables ingress on this component do not change this! @ignore",
"title": "enabled"
}
},
"title": "ingress"
},
"logForwarder": {
"default": "",
"title": "logForwarder",
"type": "null"
},
"meta": {
"additionalProperties": false,
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "cpp",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "3005",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "3006",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "storage-layer",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "nstl",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta",
"type": "object"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-server/storage-layer/etc",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "50Gi",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "50Gi",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-server/storage-layer/etc/license.xml",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"medium": {
"default": "",
"description": "the medium for the emptyDisk volume if you unset it, it drops it from the manifest",
"title": "medium"
},
"path": {
"default": "",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "5Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "500Mi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"replicaCount": {
"default": "1",
"description": "the replicaCount for the Storage Layer. This does not make sense, so leave this at 1 at any time, unless you know exactly what you are doing. @ignore",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"cni": {
"additionalProperties": false,
"properties": {
"nstlIpRange": {
"default": "",
"description": "You might want to access storage layer outside the cluster (proxy concept) To do so, you can add a specific IP Range here, which is set within the network policy.",
"title": "nstlIpRange"
}
},
"title": "cni",
"type": "object"
},
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsNonRoot": {
"default": true,
"title": "runAsNonRoot",
"type": "boolean"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
}
},
"title": "nplus-component-nstl",
"type": "object"
},
"nstld": {
"description": "nscale Server Storage Layer, virtualizing the storage to be used by the nscale Server",
"properties": {
"accounting": {
"default": "",
"description": "sets and enables / disables the accounting function. If enabled, it writes the csv files to *ptemp* (`<instance>/<component>/accounting`) The internal path is set to `/opt/ceyoniq/nscale-server/storage-layer/accounting` by `mounts.ptemp.paths`",
"title": "accounting"
},
"checkHighestDocId": {
"default": "",
"description": "enables checking the highest DocID when starting the server. this only makes sense, if you also set a separate volume for the highest ID This is a backup / restore feature to avoid data mangling",
"title": "checkHighestDocId"
},
"dvCheckPath": {
"default": "",
"description": "sets the path of the highest ID file.",
"title": "dvCheckPath"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "storage-layer",
"description": "the name of the image to use",
"title": "name"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.3.1201.2024112518",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "ingress settings. however, the nstl does not use http, so a layer 7 LB does not make any sense. @ignore",
"properties": {
"enabled": {
"default": "false",
"description": "enables ingress on this component do not change this! @ignore",
"title": "enabled"
}
},
"title": "ingress"
},
"logForwarder": {
"default": "",
"title": "logForwarder",
"type": "null"
},
"meta": {
"additionalProperties": false,
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "cpp",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "3005",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "3006",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "storage-layer",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "nstl",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta",
"type": "object"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-server/storage-layer/etc",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "50Gi",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "50Gi",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-server/storage-layer/etc/license.xml",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"medium": {
"default": "",
"description": "the medium for the emptyDisk volume if you unset it, it drops it from the manifest",
"title": "medium"
},
"path": {
"default": "",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "5Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "500Mi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"replicaCount": {
"default": "1",
"description": "the replicaCount for the Storage Layer. This does not make sense, so leave this at 1 at any time, unless you know exactly what you are doing. @ignore",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"cni": {
"additionalProperties": false,
"properties": {
"nstlIpRange": {
"default": "",
"description": "You might want to access storage layer outside the cluster (proxy concept) To do so, you can add a specific IP Range here, which is set within the network policy.",
"title": "nstlIpRange"
}
},
"title": "cni",
"type": "object"
},
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsNonRoot": {
"default": true,
"title": "runAsNonRoot",
"type": "boolean"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
}
},
"title": "nplus-component-nstl",
"type": "object"
},
"operator": {
"description": "Installs the nplus operator managin the custom resource definitions for nplus and nscale",
"properties": {
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "operator",
"description": "the name of the image to use",
"title": "name"
},
"pullPolicy": {
"default": "IfNotPresent",
"title": "pullPolicy",
"type": "string"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "cr.nplus.cloud/subscription",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "1.2.1300",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "/monitoring",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"default": "",
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "true",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"meta": {
"additionalProperties": false,
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "8080",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "8443",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "envoperator",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta",
"type": "object"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "1",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "512Mi",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "1m",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "64Mi",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"ui": {
"default": "true",
"description": "Enables the web ui, default under /monitoring",
"title": "ui"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
}
},
"title": "nplus-environment-operator",
"type": "object"
},
"pam": {
"description": "nscale Process Automation Modeler, providing Web UI Modeler for PAP",
"properties": {
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "process-automation-modeler",
"description": "the name of the image to use",
"title": "name"
},
"pullPolicy": {
"default": "IfNotPresent",
"title": "pullPolicy",
"type": "string"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.3.1200.63696",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "/modeler",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"default": "",
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "true",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"javaOpts": {
"additionalProperties": false,
"description": "Options for the Java VM",
"properties": {
"javaMaxMem": {
"default": "",
"description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed",
"title": "javaMaxMem"
},
"javaMaxRamPercentage": {
"default": "",
"description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.",
"title": "javaMaxRamPercentage"
},
"javaMinMem": {
"default": "",
"description": "set the minimum memory, java will consume",
"title": "javaMinMem"
},
"javaMisc": {
"default": "",
"description": "Any misc Java Options that need to be passed to the container",
"title": "javaMisc"
}
},
"title": "javaOpts"
},
"meta": {
"additionalProperties": false,
"description": "defines internal constants for nplus. do not change these values",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "java",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "8092",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "pam",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "pam",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-server/process-automation-modeler/conf",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-server/process-automation-modeler/apache/logs",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nappl": {
"additionalProperties": false,
"description": "The nscale Application Layer, this component should talk to",
"properties": {
"account": {
"default": "",
"description": "The technical account to login with",
"title": "account"
},
"domain": {
"default": "",
"description": "The domain of the technical account",
"title": "domain"
},
"host": {
"default": "",
"description": "nappl host name",
"title": "host"
},
"instance": {
"default": "",
"description": "instance of the Application Layer, likely `instance1`",
"title": "instance"
},
"password": {
"default": "",
"description": "The password of the technical accunt (if not set by secret)",
"title": "password"
},
"port": {
"default": "",
"description": "nappl port (http 8080 or https 8443)",
"title": "port"
},
"secret": {
"default": "",
"description": "An optional secret that holds the credentials (the keys must be `account` and `password`)",
"title": "secret"
},
"ssl": {
"default": "",
"description": "sets the Advanced Connect to tls",
"title": "ssl"
}
},
"title": "nappl"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"replicaCount": {
"default": "1",
"description": "As this is a Admin component, there is no HA or anything so we stick to exactly 1 replica. @ignore -- Fix Value",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
}
},
"title": "nplus-component-pam",
"type": "object"
},
"pipeliner": {
"description": "nscale Pipeliner, the mass import / export tool of nscale",
"properties": {
"dav": {
"additionalProperties": false,
"properties": {
"account": {
"default": "pipeliner",
"description": "the dav user",
"title": "account"
},
"image": {
"additionalProperties": false,
"description": "the Image to use for the DAV server",
"properties": {
"name": {
"default": "toolbox2",
"title": "name",
"type": "string"
},
"pullPolicy": {
"default": "IfNotPresent",
"description": "the DAV server image pull policy",
"title": "pullPolicy"
},
"repo": {
"default": "cr.nplus.cloud/subscription",
"title": "repo",
"type": "string"
},
"tag": {
"default": "1.2.1300",
"title": "tag",
"type": "string"
}
},
"title": "image"
},
"password": {
"default": "pipeliner",
"description": "password of the dav user",
"title": "password"
},
"secret": {
"default": "",
"description": "Alternatively, define a secret",
"title": "secret"
}
},
"title": "dav",
"type": "object"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "pipeliner",
"description": "the name of the image to use",
"title": "name"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.3.1300.2024121815",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "/{{ .component.name }}",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"default": "",
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "true",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"meta": {
"additionalProperties": false,
"description": "defines internal constants for nplus. do not change these values",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "cpp",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "8080",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "4173",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "pipeliner",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "pipeliner",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-pipeliner/workdir",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "10Gi",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"defaultConfig": {
"default": "{{ .component.fullName }}-defaultconfig",
"description": "Sets a configMap with default configuration files that get copied to a new and empty container just before the template folder gets copied. Existing files are not overwritten.",
"title": "defaultConfig"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-pipeliner/workdir/license.xml",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-pipeliner/workdir/log",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"replicaCount": {
"default": "0",
"description": "Default ReplicaCount is 0 as the pipeliner requires a working cold.xml",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
}
},
"title": "nplus-component-pipeliner",
"type": "object"
},
"prepper": {
"description": "nplus Prepper, used to deploy assets prior to component deployment",
"properties": {
"download": {
"default": "",
"description": "A list of URLs (Links) to Assets to download before anything else if the download is a .tar.gz, it is automatically untared to /pool/downloads",
"title": "download"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "toolbox2",
"description": "the name of the image to use",
"title": "name"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "cr.nplus.cloud/subscription",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "1.2.1300",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"meta": {
"additionalProperties": false,
"description": "yaml-language-server: $schema=values.schema.json",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "application",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta",
"type": "object"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/application",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "/pool",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "/tmp",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nappl": {
"additionalProperties": false,
"description": "The nscale Application Layer, this component should talk to",
"properties": {
"account": {
"default": "",
"description": "The technical account to login with",
"title": "account"
},
"domain": {
"default": "",
"description": "The domain of the technical account",
"title": "domain"
},
"host": {
"default": "",
"description": "nappl host name",
"title": "host"
},
"instance": {
"default": "",
"description": "instance of the Application Layer, likely `instance1`",
"title": "instance"
},
"password": {
"default": "",
"description": "The password of the technical accunt (if not set by secret)",
"title": "password"
},
"port": {
"default": "",
"description": "nappl port (http 8080 or https 8443)",
"title": "port"
},
"secret": {
"default": "",
"description": "An optional secret that holds the credentials (the keys must be `account` and `password`)",
"title": "secret"
},
"ssl": {
"default": "",
"description": "sets the Advanced Connect to tls",
"title": "ssl"
}
},
"title": "nappl"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"nstl": {
"additionalProperties": false,
"properties": {
"host": {
"default": "",
"description": "The dns of the *nscale Server Storage Layer*. This is used to add it to the nappl configuration",
"title": "host"
}
},
"title": "nstl",
"type": "object"
},
"prerun": {
"default": "",
"description": "A list of scripts to run before the deployment of Apps",
"title": "prerun"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"rs": {
"additionalProperties": false,
"properties": {
"host": {
"default": "",
"description": "The dns of the *nscale rendition Server*. This is used to add it to the nappl configuration",
"title": "host"
}
},
"title": "rs",
"type": "object"
},
"run": {
"default": "",
"description": "A list of scripts to run after the deployment of Apps",
"title": "run"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
}
},
"title": "nplus-prepper",
"type": "object"
},
"rms": {
"description": "nplus Remote Management Server incl. RMS and Access Proxy",
"properties": {
"comps": {
"additionalProperties": false,
"description": "yaml-language-server: $schema=values.schema.json",
"properties": {
"cmis": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "CMIS Connector",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}cmis.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "cmis",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"http": {
"default": "8096",
"description": "proxied port @internal -- do not change",
"title": "http"
},
"https": {
"default": "8196",
"description": "proxied port @internal -- do not change",
"title": "https"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "Deployment",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "cmis",
"type": "object"
},
"ilm": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "SAP ILM Connector",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}ilm.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "ilm",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"http": {
"default": "8297",
"description": "proxied port @internal -- do not change",
"title": "http"
},
"https": {
"default": "8397",
"description": "proxied port @internal -- do not change",
"title": "https"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "Deployment",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "ilm",
"type": "object"
},
"mon": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "Monitoring Console",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}mon.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "mon",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"http": {
"default": "8387",
"description": "proxied port @internal -- do not change",
"title": "http"
},
"https": {
"default": "8388",
"description": "proxied port @internal -- do not change",
"title": "https"
},
"tcp": {
"default": "8389",
"description": "proxied port @internal -- do not change",
"title": "tcp"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "StatefulSet",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "mon",
"type": "object"
},
"nappl": {
"additionalProperties": false,
"description": "Values for the nappl component",
"properties": {
"displayName": {
"default": "Application Layer",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}nappl.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "nappl",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"http": {
"default": "8080",
"description": "proxied port @internal -- do not change",
"title": "http"
},
"https": {
"default": "8443",
"description": "proxied port @internal -- do not change",
"title": "https"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "StatefulSet",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "nappl"
},
"nstl": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "Storage Layer",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}nstl.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "nstl",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"tcp": {
"default": "3005",
"description": "proxied port @internal -- do not change",
"title": "tcp"
},
"tcps": {
"default": "3006",
"description": "proxied port @internal -- do not change",
"title": "tcps"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "StatefulSet",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "nstl",
"type": "object"
},
"pipeliner": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "Pipeliner",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}pipeliner.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "pipeliner",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"tcp": {
"default": "4173",
"description": "proxied port @internal -- do not change",
"title": "tcp"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "StatefulSet",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "pipeliner",
"type": "object"
},
"rs": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "Rendition Server",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}rs.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "rs",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"http": {
"default": "8192",
"description": "proxied port @internal -- do not change",
"title": "http"
},
"https": {
"default": "8193",
"description": "proxied port @internal -- do not change",
"title": "https"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "Deployment",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "rs",
"type": "object"
},
"web": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "Application Layer Web",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}web.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "web",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"http": {
"default": "8090",
"description": "proxied port @internal -- do not change",
"title": "http"
},
"https": {
"default": "8453",
"description": "proxied port @internal -- do not change",
"title": "https"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "Deployment",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "web",
"type": "object"
}
},
"title": "comps",
"type": "object"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "admin-server",
"description": "the name of the image to use",
"title": "name"
},
"pullPolicy": {
"default": "IfNotPresent",
"title": "pullPolicy",
"type": "string"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "git.nplus.cloud/subscription",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "1.2.1200",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"meta": {
"additionalProperties": false,
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "rms",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta",
"type": "object"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"medium": {
"default": "",
"description": "the medium for the emptyDisk volume if you unset it, it drops it from the manifest",
"title": "medium"
},
"path": {
"default": "/opt/ceyoniq/nscale-rms/log",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "100Mi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"replicaCount": {
"default": "1",
"description": "the replicaCount for the Storage Layer. This does not make sense, so leave this at 1 at any time, unless you know exactly what you are doing. @ignore",
"title": "replicaCount"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"cni": {
"additionalProperties": false,
"properties": {
"adminIpRange": {
"default": "",
"description": "defines the IP Range of out-of-cluster Administrator Workplaces that are allowed to access the RMS Server.",
"title": "adminIpRange"
}
},
"title": "cni",
"type": "object"
},
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
}
},
"title": "nplus-component-rms",
"type": "object"
},
"rmsa": {
"description": "nplus Remote Management Server incl. RMS and Access Proxy",
"properties": {
"comps": {
"additionalProperties": false,
"description": "yaml-language-server: $schema=values.schema.json",
"properties": {
"cmis": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "CMIS Connector",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}cmis.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "cmis",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"http": {
"default": "8096",
"description": "proxied port @internal -- do not change",
"title": "http"
},
"https": {
"default": "8196",
"description": "proxied port @internal -- do not change",
"title": "https"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "Deployment",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "cmis",
"type": "object"
},
"ilm": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "SAP ILM Connector",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}ilm.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "ilm",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"http": {
"default": "8297",
"description": "proxied port @internal -- do not change",
"title": "http"
},
"https": {
"default": "8397",
"description": "proxied port @internal -- do not change",
"title": "https"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "Deployment",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "ilm",
"type": "object"
},
"mon": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "Monitoring Console",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}mon.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "mon",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"http": {
"default": "8387",
"description": "proxied port @internal -- do not change",
"title": "http"
},
"https": {
"default": "8388",
"description": "proxied port @internal -- do not change",
"title": "https"
},
"tcp": {
"default": "8389",
"description": "proxied port @internal -- do not change",
"title": "tcp"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "StatefulSet",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "mon",
"type": "object"
},
"nappl": {
"additionalProperties": false,
"description": "Values for the nappl component",
"properties": {
"displayName": {
"default": "Application Layer",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}nappl.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "nappl",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"http": {
"default": "8080",
"description": "proxied port @internal -- do not change",
"title": "http"
},
"https": {
"default": "8443",
"description": "proxied port @internal -- do not change",
"title": "https"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "StatefulSet",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "nappl"
},
"nstl": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "Storage Layer",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}nstl.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "nstl",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"tcp": {
"default": "3005",
"description": "proxied port @internal -- do not change",
"title": "tcp"
},
"tcps": {
"default": "3006",
"description": "proxied port @internal -- do not change",
"title": "tcps"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "StatefulSet",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "nstl",
"type": "object"
},
"pipeliner": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "Pipeliner",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}pipeliner.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "pipeliner",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"tcp": {
"default": "4173",
"description": "proxied port @internal -- do not change",
"title": "tcp"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "StatefulSet",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "pipeliner",
"type": "object"
},
"rs": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "Rendition Server",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}rs.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "rs",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"http": {
"default": "8192",
"description": "proxied port @internal -- do not change",
"title": "http"
},
"https": {
"default": "8193",
"description": "proxied port @internal -- do not change",
"title": "https"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "Deployment",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "rs",
"type": "object"
},
"web": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "Application Layer Web",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}web.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "web",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"http": {
"default": "8090",
"description": "proxied port @internal -- do not change",
"title": "http"
},
"https": {
"default": "8453",
"description": "proxied port @internal -- do not change",
"title": "https"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "Deployment",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "web",
"type": "object"
}
},
"title": "comps",
"type": "object"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "admin-server",
"description": "the name of the image to use",
"title": "name"
},
"pullPolicy": {
"default": "IfNotPresent",
"title": "pullPolicy",
"type": "string"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "git.nplus.cloud/subscription",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "1.2.1200",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"meta": {
"additionalProperties": false,
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "rms",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta",
"type": "object"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"medium": {
"default": "",
"description": "the medium for the emptyDisk volume if you unset it, it drops it from the manifest",
"title": "medium"
},
"path": {
"default": "/opt/ceyoniq/nscale-rms/log",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "100Mi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"replicaCount": {
"default": "1",
"description": "the replicaCount for the Storage Layer. This does not make sense, so leave this at 1 at any time, unless you know exactly what you are doing. @ignore",
"title": "replicaCount"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"cni": {
"additionalProperties": false,
"properties": {
"adminIpRange": {
"default": "",
"description": "defines the IP Range of out-of-cluster Administrator Workplaces that are allowed to access the RMS Server.",
"title": "adminIpRange"
}
},
"title": "cni",
"type": "object"
},
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
}
},
"title": "nplus-component-rms",
"type": "object"
},
"rmsb": {
"description": "nplus Remote Management Server incl. RMS and Access Proxy",
"properties": {
"comps": {
"additionalProperties": false,
"description": "yaml-language-server: $schema=values.schema.json",
"properties": {
"cmis": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "CMIS Connector",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}cmis.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "cmis",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"http": {
"default": "8096",
"description": "proxied port @internal -- do not change",
"title": "http"
},
"https": {
"default": "8196",
"description": "proxied port @internal -- do not change",
"title": "https"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "Deployment",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "cmis",
"type": "object"
},
"ilm": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "SAP ILM Connector",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}ilm.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "ilm",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"http": {
"default": "8297",
"description": "proxied port @internal -- do not change",
"title": "http"
},
"https": {
"default": "8397",
"description": "proxied port @internal -- do not change",
"title": "https"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "Deployment",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "ilm",
"type": "object"
},
"mon": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "Monitoring Console",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}mon.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "mon",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"http": {
"default": "8387",
"description": "proxied port @internal -- do not change",
"title": "http"
},
"https": {
"default": "8388",
"description": "proxied port @internal -- do not change",
"title": "https"
},
"tcp": {
"default": "8389",
"description": "proxied port @internal -- do not change",
"title": "tcp"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "StatefulSet",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "mon",
"type": "object"
},
"nappl": {
"additionalProperties": false,
"description": "Values for the nappl component",
"properties": {
"displayName": {
"default": "Application Layer",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}nappl.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "nappl",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"http": {
"default": "8080",
"description": "proxied port @internal -- do not change",
"title": "http"
},
"https": {
"default": "8443",
"description": "proxied port @internal -- do not change",
"title": "https"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "StatefulSet",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "nappl"
},
"nstl": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "Storage Layer",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}nstl.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "nstl",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"tcp": {
"default": "3005",
"description": "proxied port @internal -- do not change",
"title": "tcp"
},
"tcps": {
"default": "3006",
"description": "proxied port @internal -- do not change",
"title": "tcps"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "StatefulSet",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "nstl",
"type": "object"
},
"pipeliner": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "Pipeliner",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}pipeliner.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "pipeliner",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"tcp": {
"default": "4173",
"description": "proxied port @internal -- do not change",
"title": "tcp"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "StatefulSet",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "pipeliner",
"type": "object"
},
"rs": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "Rendition Server",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}rs.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "rs",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"http": {
"default": "8192",
"description": "proxied port @internal -- do not change",
"title": "http"
},
"https": {
"default": "8193",
"description": "proxied port @internal -- do not change",
"title": "https"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "Deployment",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "rs",
"type": "object"
},
"web": {
"additionalProperties": false,
"properties": {
"displayName": {
"default": "Application Layer Web",
"description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change",
"title": "displayName"
},
"enabled": {
"default": "false",
"description": "Toggles if this component should be available through RMS",
"title": "enabled"
},
"host": {
"default": "{{ .component.prefix }}web.{{ .Release.Namespace }}.svc.cluster.local",
"description": "The host, where this component runs",
"title": "host"
},
"name": {
"default": "web",
"description": "The internal name of the component @internal -- do not change",
"title": "name"
},
"ports": {
"additionalProperties": false,
"description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change",
"properties": {
"http": {
"default": "8090",
"description": "proxied port @internal -- do not change",
"title": "http"
},
"https": {
"default": "8453",
"description": "proxied port @internal -- do not change",
"title": "https"
}
},
"title": "ports"
},
"replicaSetType": {
"default": "Deployment",
"description": "The type of the replicaSet - important for the kubectl command @internal -- do not change",
"title": "replicaSetType"
},
"restartReplicas": {
"default": "1",
"description": "The amount of replicas to set when starting through the *nscale Administrator* client",
"title": "restartReplicas"
}
},
"title": "web",
"type": "object"
}
},
"title": "comps",
"type": "object"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "admin-server",
"description": "the name of the image to use",
"title": "name"
},
"pullPolicy": {
"default": "IfNotPresent",
"title": "pullPolicy",
"type": "string"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "git.nplus.cloud/subscription",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "1.2.1200",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"meta": {
"additionalProperties": false,
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "rms",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta",
"type": "object"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"medium": {
"default": "",
"description": "the medium for the emptyDisk volume if you unset it, it drops it from the manifest",
"title": "medium"
},
"path": {
"default": "/opt/ceyoniq/nscale-rms/log",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "100Mi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"replicaCount": {
"default": "1",
"description": "the replicaCount for the Storage Layer. This does not make sense, so leave this at 1 at any time, unless you know exactly what you are doing. @ignore",
"title": "replicaCount"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"cni": {
"additionalProperties": false,
"properties": {
"adminIpRange": {
"default": "",
"description": "defines the IP Range of out-of-cluster Administrator Workplaces that are allowed to access the RMS Server.",
"title": "adminIpRange"
}
},
"title": "cni",
"type": "object"
},
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
}
},
"title": "nplus-component-rms",
"type": "object"
},
"rs": {
"description": "nscale Rendition Server, providing means to format-convert common file types",
"properties": {
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "rendition-server",
"description": "the name of the image to use",
"title": "name"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.3.1301.2024121910",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"default": "",
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "false",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"javaOpts": {
"additionalProperties": false,
"description": "Options for the Java VM",
"properties": {
"javaMaxMem": {
"default": "",
"description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed",
"title": "javaMaxMem"
},
"javaMaxRamPercentage": {
"default": "",
"description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.",
"title": "javaMaxRamPercentage"
},
"javaMinMem": {
"default": "",
"description": "set the minimum memory, java will consume",
"title": "javaMinMem"
},
"javaMisc": {
"default": "",
"description": "Any misc Java Options that need to be passed to the container",
"title": "javaMisc"
}
},
"title": "javaOpts"
},
"meta": {
"additionalProperties": false,
"description": "defines internal constants for nplus. do not change these values",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "java",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "8192",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "8193",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "rendition-server",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "rs",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta"
},
"minReplicaCount": {
"default": "",
"description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.",
"title": "minReplicaCount"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-rendition-server/conf",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "10Gi",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "/usr/share/fonts/truetype/nplus",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-rendition-server/conf/license.xml",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-rendition-server/logs",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "5Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "10Gi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"replicaCount": {
"default": "1",
"description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"updateStrategy": {
"default": "",
"description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.",
"title": "updateStrategy"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
}
},
"title": "nplus-component-rs",
"type": "object"
},
"sharepoint": {
"description": "nscale SharePoint Connector, providing SP archiving to the Instance",
"properties": {
"clusterService": {
"additionalProperties": false,
"properties": {
"contextPath": {
"default": "",
"description": "set the contextPath (url) for the SharePoint Cluster Service (for GET requests to a group of sharepoint instances)",
"title": "contextPath"
},
"enabled": {
"default": false,
"title": "enabled",
"type": "boolean"
}
},
"title": "clusterService",
"type": "object"
},
"connector": {
"additionalProperties": false,
"properties": {
"cTagPropertyName": {
"default": "cTag",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "cTagPropertyName"
},
"eTagPropertyName": {
"default": "eTag",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "eTagPropertyName"
},
"idPropertyName": {
"default": "sharePointId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "idPropertyName"
},
"listItemIdPropertyName": {
"default": "SharePointListItemId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "listItemIdPropertyName"
},
"nscaleExpirationPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleExpirationPropertyName"
},
"nscaleGdprRelevantPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleGdprRelevantPropertyName"
},
"nscaleLegalHidePropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleLegalHidePropertyName"
},
"nscaleLegalHoldPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleLegalHoldPropertyName"
},
"nscaleRetentionPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleRetentionPropertyName"
},
"parentIdPropertyName": {
"default": "sharePointParentId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "parentIdPropertyName"
},
"sharePointChangeTokenPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointChangeTokenPropertyName"
},
"sharePointCreatedPropertyName": {
"default": "SharePointCreated",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointCreatedPropertyName"
},
"sharePointCreatorPropertyName": {
"default": "SharePointCreator",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointCreatorPropertyName"
},
"sharePointEditedPropertyName": {
"default": "SharePointLastModified",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointEditedPropertyName"
},
"sharePointEditorPropertyName": {
"default": "SharePointEditor",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointEditorPropertyName"
},
"stubIdPropertyName": {
"default": "SharePointStubId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "stubIdPropertyName"
},
"stubListItemIdPropertyName": {
"default": "SharePointStubListItemId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "stubListItemIdPropertyName"
},
"webUrlPropertyName": {
"default": "sharePointWebUrl",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "webUrlPropertyName"
}
},
"title": "connector",
"type": "object"
},
"doInitialCrawl": {
"default": "false",
"description": "toggle initial crawling. This value is mandatory.",
"title": "doInitialCrawl"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "sharepoint-connector",
"description": "the name of the image to use",
"title": "name"
},
"pullPolicy": {
"default": "IfNotPresent",
"title": "pullPolicy",
"type": "string"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.2.1400.2024073012",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "/nscale_spc",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"default": "",
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "true",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"javaOpts": {
"additionalProperties": false,
"description": "Options for the Java VM",
"properties": {
"javaMaxMem": {
"default": "",
"description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed",
"title": "javaMaxMem"
},
"javaMaxRamPercentage": {
"default": "",
"description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.",
"title": "javaMaxRamPercentage"
},
"javaMinMem": {
"default": "",
"description": "set the minimum memory, java will consume",
"title": "javaMinMem"
},
"javaMisc": {
"default": "",
"description": "Any misc Java Options that need to be passed to the container",
"title": "javaMisc"
}
},
"title": "javaOpts"
},
"management": {
"additionalProperties": false,
"properties": {
"port": {
"default": "18098",
"description": "see mail from Manuel, 30.7.2024",
"title": "port"
},
"security": {
"default": "false",
"description": "see mail from Manuel, 30.7.2024",
"title": "security"
},
"ssl": {
"default": "false",
"description": "see mail from Manuel, 30.7.2024",
"title": "ssl"
}
},
"title": "management",
"type": "object"
},
"meta": {
"additionalProperties": false,
"description": "defines internal constants for nplus. do not change these values",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "java",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "8098",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "8498",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "sharepoint-connector",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "sharepoint",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"description": "Sets the path to the component certs. @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/sharepoint-connector/conf",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "/opt/ceyoniq/sharepoint-connector/bin/logs",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nappl": {
"additionalProperties": false,
"description": "The nscale Application Layer, this component should talk to",
"properties": {
"account": {
"default": "",
"description": "The technical account to login with",
"title": "account"
},
"baseFolder": {
"default": "",
"description": "The base folder, this component should write to",
"title": "baseFolder"
},
"docArea": {
"default": "",
"description": "The document area, this component should write to",
"title": "docArea"
},
"domain": {
"default": "",
"description": "The domain of the technical account",
"title": "domain"
},
"host": {
"default": "",
"description": "nappl host name",
"title": "host"
},
"instance": {
"default": "",
"description": "instance of the Application Layer, likely `instance1`",
"title": "instance"
},
"password": {
"default": "",
"description": "The password of the technical accunt (if not set by secret)",
"title": "password"
},
"port": {
"default": "",
"description": "nappl port (http 8080 or https 8443)",
"title": "port"
},
"secret": {
"default": "",
"description": "An optional secret that holds the credentials (the keys must be `account` and `password`)",
"title": "secret"
},
"ssl": {
"default": "",
"description": "sets the Advanced Connect to tls",
"title": "ssl"
}
},
"title": "nappl"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"parallelRequests": {
"default": "5",
"description": "amount of parallel requests",
"title": "parallelRequests"
},
"replicaCount": {
"default": "1",
"description": "this is fix to 1 @ignore",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"sharepoint": {
"additionalProperties": false,
"properties": {
"clientCertPw": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "clientCertPw"
},
"clientId": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "clientId"
},
"doCheckOut": {
"default": "false",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "doCheckOut"
},
"secret": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "secret"
},
"serviceBusConnectionString": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusConnectionString"
},
"serviceBusQueueName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusQueueName"
},
"serviceBusRetentionConnectionString": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusRetentionConnectionString"
},
"serviceBusRetentionQueueName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusRetentionQueueName"
},
"serviceBusTopicNameConfigUpdate": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusTopicNameConfigUpdate"
},
"spHost": {
"default": "https://example.com",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "spHost"
},
"tenantId": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "tenantId"
},
"triggerProperty": {
"default": "toBeArchived",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "triggerProperty"
},
"webUserPw": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "webUserPw"
}
},
"title": "sharepoint",
"type": "object"
},
"ssl": {
"additionalProperties": false,
"properties": {
"keyAlias": {
"default": "https",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keyAlias"
},
"keyPassword": {
"default": "secret",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keyPassword"
},
"keystore": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keystore"
},
"keystorePassword": {
"default": "secret",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keystorePassword"
},
"keystoreSecret": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keystoreSecret"
}
},
"title": "ssl",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
}
},
"title": "nplus-component-sharepoint",
"type": "object"
},
"sharepointa": {
"description": "nscale SharePoint Connector, providing SP archiving to the Instance",
"properties": {
"clusterService": {
"additionalProperties": false,
"properties": {
"contextPath": {
"default": "",
"description": "set the contextPath (url) for the SharePoint Cluster Service (for GET requests to a group of sharepoint instances)",
"title": "contextPath"
},
"enabled": {
"default": false,
"title": "enabled",
"type": "boolean"
}
},
"title": "clusterService",
"type": "object"
},
"connector": {
"additionalProperties": false,
"properties": {
"cTagPropertyName": {
"default": "cTag",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "cTagPropertyName"
},
"eTagPropertyName": {
"default": "eTag",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "eTagPropertyName"
},
"idPropertyName": {
"default": "sharePointId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "idPropertyName"
},
"listItemIdPropertyName": {
"default": "SharePointListItemId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "listItemIdPropertyName"
},
"nscaleExpirationPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleExpirationPropertyName"
},
"nscaleGdprRelevantPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleGdprRelevantPropertyName"
},
"nscaleLegalHidePropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleLegalHidePropertyName"
},
"nscaleLegalHoldPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleLegalHoldPropertyName"
},
"nscaleRetentionPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleRetentionPropertyName"
},
"parentIdPropertyName": {
"default": "sharePointParentId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "parentIdPropertyName"
},
"sharePointChangeTokenPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointChangeTokenPropertyName"
},
"sharePointCreatedPropertyName": {
"default": "SharePointCreated",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointCreatedPropertyName"
},
"sharePointCreatorPropertyName": {
"default": "SharePointCreator",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointCreatorPropertyName"
},
"sharePointEditedPropertyName": {
"default": "SharePointLastModified",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointEditedPropertyName"
},
"sharePointEditorPropertyName": {
"default": "SharePointEditor",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointEditorPropertyName"
},
"stubIdPropertyName": {
"default": "SharePointStubId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "stubIdPropertyName"
},
"stubListItemIdPropertyName": {
"default": "SharePointStubListItemId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "stubListItemIdPropertyName"
},
"webUrlPropertyName": {
"default": "sharePointWebUrl",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "webUrlPropertyName"
}
},
"title": "connector",
"type": "object"
},
"doInitialCrawl": {
"default": "false",
"description": "toggle initial crawling. This value is mandatory.",
"title": "doInitialCrawl"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "sharepoint-connector",
"description": "the name of the image to use",
"title": "name"
},
"pullPolicy": {
"default": "IfNotPresent",
"title": "pullPolicy",
"type": "string"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.2.1400.2024073012",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "/nscale_spc",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"default": "",
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "true",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"javaOpts": {
"additionalProperties": false,
"description": "Options for the Java VM",
"properties": {
"javaMaxMem": {
"default": "",
"description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed",
"title": "javaMaxMem"
},
"javaMaxRamPercentage": {
"default": "",
"description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.",
"title": "javaMaxRamPercentage"
},
"javaMinMem": {
"default": "",
"description": "set the minimum memory, java will consume",
"title": "javaMinMem"
},
"javaMisc": {
"default": "",
"description": "Any misc Java Options that need to be passed to the container",
"title": "javaMisc"
}
},
"title": "javaOpts"
},
"management": {
"additionalProperties": false,
"properties": {
"port": {
"default": "18098",
"description": "see mail from Manuel, 30.7.2024",
"title": "port"
},
"security": {
"default": "false",
"description": "see mail from Manuel, 30.7.2024",
"title": "security"
},
"ssl": {
"default": "false",
"description": "see mail from Manuel, 30.7.2024",
"title": "ssl"
}
},
"title": "management",
"type": "object"
},
"meta": {
"additionalProperties": false,
"description": "defines internal constants for nplus. do not change these values",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "java",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "8098",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "8498",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "sharepoint-connector",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "sharepoint",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"description": "Sets the path to the component certs. @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/sharepoint-connector/conf",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "/opt/ceyoniq/sharepoint-connector/bin/logs",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nappl": {
"additionalProperties": false,
"description": "The nscale Application Layer, this component should talk to",
"properties": {
"account": {
"default": "",
"description": "The technical account to login with",
"title": "account"
},
"baseFolder": {
"default": "",
"description": "The base folder, this component should write to",
"title": "baseFolder"
},
"docArea": {
"default": "",
"description": "The document area, this component should write to",
"title": "docArea"
},
"domain": {
"default": "",
"description": "The domain of the technical account",
"title": "domain"
},
"host": {
"default": "",
"description": "nappl host name",
"title": "host"
},
"instance": {
"default": "",
"description": "instance of the Application Layer, likely `instance1`",
"title": "instance"
},
"password": {
"default": "",
"description": "The password of the technical accunt (if not set by secret)",
"title": "password"
},
"port": {
"default": "",
"description": "nappl port (http 8080 or https 8443)",
"title": "port"
},
"secret": {
"default": "",
"description": "An optional secret that holds the credentials (the keys must be `account` and `password`)",
"title": "secret"
},
"ssl": {
"default": "",
"description": "sets the Advanced Connect to tls",
"title": "ssl"
}
},
"title": "nappl"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"parallelRequests": {
"default": "5",
"description": "amount of parallel requests",
"title": "parallelRequests"
},
"replicaCount": {
"default": "1",
"description": "this is fix to 1 @ignore",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"sharepoint": {
"additionalProperties": false,
"properties": {
"clientCertPw": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "clientCertPw"
},
"clientId": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "clientId"
},
"doCheckOut": {
"default": "false",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "doCheckOut"
},
"secret": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "secret"
},
"serviceBusConnectionString": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusConnectionString"
},
"serviceBusQueueName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusQueueName"
},
"serviceBusRetentionConnectionString": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusRetentionConnectionString"
},
"serviceBusRetentionQueueName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusRetentionQueueName"
},
"serviceBusTopicNameConfigUpdate": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusTopicNameConfigUpdate"
},
"spHost": {
"default": "https://example.com",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "spHost"
},
"tenantId": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "tenantId"
},
"triggerProperty": {
"default": "toBeArchived",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "triggerProperty"
},
"webUserPw": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "webUserPw"
}
},
"title": "sharepoint",
"type": "object"
},
"ssl": {
"additionalProperties": false,
"properties": {
"keyAlias": {
"default": "https",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keyAlias"
},
"keyPassword": {
"default": "secret",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keyPassword"
},
"keystore": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keystore"
},
"keystorePassword": {
"default": "secret",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keystorePassword"
},
"keystoreSecret": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keystoreSecret"
}
},
"title": "ssl",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
}
},
"title": "nplus-component-sharepoint",
"type": "object"
},
"sharepointb": {
"description": "nscale SharePoint Connector, providing SP archiving to the Instance",
"properties": {
"clusterService": {
"additionalProperties": false,
"properties": {
"contextPath": {
"default": "",
"description": "set the contextPath (url) for the SharePoint Cluster Service (for GET requests to a group of sharepoint instances)",
"title": "contextPath"
},
"enabled": {
"default": false,
"title": "enabled",
"type": "boolean"
}
},
"title": "clusterService",
"type": "object"
},
"connector": {
"additionalProperties": false,
"properties": {
"cTagPropertyName": {
"default": "cTag",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "cTagPropertyName"
},
"eTagPropertyName": {
"default": "eTag",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "eTagPropertyName"
},
"idPropertyName": {
"default": "sharePointId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "idPropertyName"
},
"listItemIdPropertyName": {
"default": "SharePointListItemId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "listItemIdPropertyName"
},
"nscaleExpirationPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleExpirationPropertyName"
},
"nscaleGdprRelevantPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleGdprRelevantPropertyName"
},
"nscaleLegalHidePropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleLegalHidePropertyName"
},
"nscaleLegalHoldPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleLegalHoldPropertyName"
},
"nscaleRetentionPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleRetentionPropertyName"
},
"parentIdPropertyName": {
"default": "sharePointParentId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "parentIdPropertyName"
},
"sharePointChangeTokenPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointChangeTokenPropertyName"
},
"sharePointCreatedPropertyName": {
"default": "SharePointCreated",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointCreatedPropertyName"
},
"sharePointCreatorPropertyName": {
"default": "SharePointCreator",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointCreatorPropertyName"
},
"sharePointEditedPropertyName": {
"default": "SharePointLastModified",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointEditedPropertyName"
},
"sharePointEditorPropertyName": {
"default": "SharePointEditor",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointEditorPropertyName"
},
"stubIdPropertyName": {
"default": "SharePointStubId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "stubIdPropertyName"
},
"stubListItemIdPropertyName": {
"default": "SharePointStubListItemId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "stubListItemIdPropertyName"
},
"webUrlPropertyName": {
"default": "sharePointWebUrl",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "webUrlPropertyName"
}
},
"title": "connector",
"type": "object"
},
"doInitialCrawl": {
"default": "false",
"description": "toggle initial crawling. This value is mandatory.",
"title": "doInitialCrawl"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "sharepoint-connector",
"description": "the name of the image to use",
"title": "name"
},
"pullPolicy": {
"default": "IfNotPresent",
"title": "pullPolicy",
"type": "string"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.2.1400.2024073012",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "/nscale_spc",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"default": "",
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "true",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"javaOpts": {
"additionalProperties": false,
"description": "Options for the Java VM",
"properties": {
"javaMaxMem": {
"default": "",
"description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed",
"title": "javaMaxMem"
},
"javaMaxRamPercentage": {
"default": "",
"description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.",
"title": "javaMaxRamPercentage"
},
"javaMinMem": {
"default": "",
"description": "set the minimum memory, java will consume",
"title": "javaMinMem"
},
"javaMisc": {
"default": "",
"description": "Any misc Java Options that need to be passed to the container",
"title": "javaMisc"
}
},
"title": "javaOpts"
},
"management": {
"additionalProperties": false,
"properties": {
"port": {
"default": "18098",
"description": "see mail from Manuel, 30.7.2024",
"title": "port"
},
"security": {
"default": "false",
"description": "see mail from Manuel, 30.7.2024",
"title": "security"
},
"ssl": {
"default": "false",
"description": "see mail from Manuel, 30.7.2024",
"title": "ssl"
}
},
"title": "management",
"type": "object"
},
"meta": {
"additionalProperties": false,
"description": "defines internal constants for nplus. do not change these values",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "java",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "8098",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "8498",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "sharepoint-connector",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "sharepoint",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"description": "Sets the path to the component certs. @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/sharepoint-connector/conf",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "/opt/ceyoniq/sharepoint-connector/bin/logs",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nappl": {
"additionalProperties": false,
"description": "The nscale Application Layer, this component should talk to",
"properties": {
"account": {
"default": "",
"description": "The technical account to login with",
"title": "account"
},
"baseFolder": {
"default": "",
"description": "The base folder, this component should write to",
"title": "baseFolder"
},
"docArea": {
"default": "",
"description": "The document area, this component should write to",
"title": "docArea"
},
"domain": {
"default": "",
"description": "The domain of the technical account",
"title": "domain"
},
"host": {
"default": "",
"description": "nappl host name",
"title": "host"
},
"instance": {
"default": "",
"description": "instance of the Application Layer, likely `instance1`",
"title": "instance"
},
"password": {
"default": "",
"description": "The password of the technical accunt (if not set by secret)",
"title": "password"
},
"port": {
"default": "",
"description": "nappl port (http 8080 or https 8443)",
"title": "port"
},
"secret": {
"default": "",
"description": "An optional secret that holds the credentials (the keys must be `account` and `password`)",
"title": "secret"
},
"ssl": {
"default": "",
"description": "sets the Advanced Connect to tls",
"title": "ssl"
}
},
"title": "nappl"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"parallelRequests": {
"default": "5",
"description": "amount of parallel requests",
"title": "parallelRequests"
},
"replicaCount": {
"default": "1",
"description": "this is fix to 1 @ignore",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"sharepoint": {
"additionalProperties": false,
"properties": {
"clientCertPw": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "clientCertPw"
},
"clientId": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "clientId"
},
"doCheckOut": {
"default": "false",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "doCheckOut"
},
"secret": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "secret"
},
"serviceBusConnectionString": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusConnectionString"
},
"serviceBusQueueName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusQueueName"
},
"serviceBusRetentionConnectionString": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusRetentionConnectionString"
},
"serviceBusRetentionQueueName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusRetentionQueueName"
},
"serviceBusTopicNameConfigUpdate": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusTopicNameConfigUpdate"
},
"spHost": {
"default": "https://example.com",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "spHost"
},
"tenantId": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "tenantId"
},
"triggerProperty": {
"default": "toBeArchived",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "triggerProperty"
},
"webUserPw": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "webUserPw"
}
},
"title": "sharepoint",
"type": "object"
},
"ssl": {
"additionalProperties": false,
"properties": {
"keyAlias": {
"default": "https",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keyAlias"
},
"keyPassword": {
"default": "secret",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keyPassword"
},
"keystore": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keystore"
},
"keystorePassword": {
"default": "secret",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keystorePassword"
},
"keystoreSecret": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keystoreSecret"
}
},
"title": "ssl",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
}
},
"title": "nplus-component-sharepoint",
"type": "object"
},
"sharepointc": {
"description": "nscale SharePoint Connector, providing SP archiving to the Instance",
"properties": {
"clusterService": {
"additionalProperties": false,
"properties": {
"contextPath": {
"default": "",
"description": "set the contextPath (url) for the SharePoint Cluster Service (for GET requests to a group of sharepoint instances)",
"title": "contextPath"
},
"enabled": {
"default": false,
"title": "enabled",
"type": "boolean"
}
},
"title": "clusterService",
"type": "object"
},
"connector": {
"additionalProperties": false,
"properties": {
"cTagPropertyName": {
"default": "cTag",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "cTagPropertyName"
},
"eTagPropertyName": {
"default": "eTag",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "eTagPropertyName"
},
"idPropertyName": {
"default": "sharePointId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "idPropertyName"
},
"listItemIdPropertyName": {
"default": "SharePointListItemId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "listItemIdPropertyName"
},
"nscaleExpirationPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleExpirationPropertyName"
},
"nscaleGdprRelevantPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleGdprRelevantPropertyName"
},
"nscaleLegalHidePropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleLegalHidePropertyName"
},
"nscaleLegalHoldPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleLegalHoldPropertyName"
},
"nscaleRetentionPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleRetentionPropertyName"
},
"parentIdPropertyName": {
"default": "sharePointParentId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "parentIdPropertyName"
},
"sharePointChangeTokenPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointChangeTokenPropertyName"
},
"sharePointCreatedPropertyName": {
"default": "SharePointCreated",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointCreatedPropertyName"
},
"sharePointCreatorPropertyName": {
"default": "SharePointCreator",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointCreatorPropertyName"
},
"sharePointEditedPropertyName": {
"default": "SharePointLastModified",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointEditedPropertyName"
},
"sharePointEditorPropertyName": {
"default": "SharePointEditor",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointEditorPropertyName"
},
"stubIdPropertyName": {
"default": "SharePointStubId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "stubIdPropertyName"
},
"stubListItemIdPropertyName": {
"default": "SharePointStubListItemId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "stubListItemIdPropertyName"
},
"webUrlPropertyName": {
"default": "sharePointWebUrl",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "webUrlPropertyName"
}
},
"title": "connector",
"type": "object"
},
"doInitialCrawl": {
"default": "false",
"description": "toggle initial crawling. This value is mandatory.",
"title": "doInitialCrawl"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "sharepoint-connector",
"description": "the name of the image to use",
"title": "name"
},
"pullPolicy": {
"default": "IfNotPresent",
"title": "pullPolicy",
"type": "string"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.2.1400.2024073012",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "/nscale_spc",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"default": "",
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "true",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"javaOpts": {
"additionalProperties": false,
"description": "Options for the Java VM",
"properties": {
"javaMaxMem": {
"default": "",
"description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed",
"title": "javaMaxMem"
},
"javaMaxRamPercentage": {
"default": "",
"description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.",
"title": "javaMaxRamPercentage"
},
"javaMinMem": {
"default": "",
"description": "set the minimum memory, java will consume",
"title": "javaMinMem"
},
"javaMisc": {
"default": "",
"description": "Any misc Java Options that need to be passed to the container",
"title": "javaMisc"
}
},
"title": "javaOpts"
},
"management": {
"additionalProperties": false,
"properties": {
"port": {
"default": "18098",
"description": "see mail from Manuel, 30.7.2024",
"title": "port"
},
"security": {
"default": "false",
"description": "see mail from Manuel, 30.7.2024",
"title": "security"
},
"ssl": {
"default": "false",
"description": "see mail from Manuel, 30.7.2024",
"title": "ssl"
}
},
"title": "management",
"type": "object"
},
"meta": {
"additionalProperties": false,
"description": "defines internal constants for nplus. do not change these values",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "java",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "8098",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "8498",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "sharepoint-connector",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "sharepoint",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"description": "Sets the path to the component certs. @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/sharepoint-connector/conf",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "/opt/ceyoniq/sharepoint-connector/bin/logs",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nappl": {
"additionalProperties": false,
"description": "The nscale Application Layer, this component should talk to",
"properties": {
"account": {
"default": "",
"description": "The technical account to login with",
"title": "account"
},
"baseFolder": {
"default": "",
"description": "The base folder, this component should write to",
"title": "baseFolder"
},
"docArea": {
"default": "",
"description": "The document area, this component should write to",
"title": "docArea"
},
"domain": {
"default": "",
"description": "The domain of the technical account",
"title": "domain"
},
"host": {
"default": "",
"description": "nappl host name",
"title": "host"
},
"instance": {
"default": "",
"description": "instance of the Application Layer, likely `instance1`",
"title": "instance"
},
"password": {
"default": "",
"description": "The password of the technical accunt (if not set by secret)",
"title": "password"
},
"port": {
"default": "",
"description": "nappl port (http 8080 or https 8443)",
"title": "port"
},
"secret": {
"default": "",
"description": "An optional secret that holds the credentials (the keys must be `account` and `password`)",
"title": "secret"
},
"ssl": {
"default": "",
"description": "sets the Advanced Connect to tls",
"title": "ssl"
}
},
"title": "nappl"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"parallelRequests": {
"default": "5",
"description": "amount of parallel requests",
"title": "parallelRequests"
},
"replicaCount": {
"default": "1",
"description": "this is fix to 1 @ignore",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"sharepoint": {
"additionalProperties": false,
"properties": {
"clientCertPw": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "clientCertPw"
},
"clientId": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "clientId"
},
"doCheckOut": {
"default": "false",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "doCheckOut"
},
"secret": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "secret"
},
"serviceBusConnectionString": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusConnectionString"
},
"serviceBusQueueName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusQueueName"
},
"serviceBusRetentionConnectionString": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusRetentionConnectionString"
},
"serviceBusRetentionQueueName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusRetentionQueueName"
},
"serviceBusTopicNameConfigUpdate": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusTopicNameConfigUpdate"
},
"spHost": {
"default": "https://example.com",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "spHost"
},
"tenantId": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "tenantId"
},
"triggerProperty": {
"default": "toBeArchived",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "triggerProperty"
},
"webUserPw": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "webUserPw"
}
},
"title": "sharepoint",
"type": "object"
},
"ssl": {
"additionalProperties": false,
"properties": {
"keyAlias": {
"default": "https",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keyAlias"
},
"keyPassword": {
"default": "secret",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keyPassword"
},
"keystore": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keystore"
},
"keystorePassword": {
"default": "secret",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keystorePassword"
},
"keystoreSecret": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keystoreSecret"
}
},
"title": "ssl",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
}
},
"title": "nplus-component-sharepoint",
"type": "object"
},
"sharepointd": {
"description": "nscale SharePoint Connector, providing SP archiving to the Instance",
"properties": {
"clusterService": {
"additionalProperties": false,
"properties": {
"contextPath": {
"default": "",
"description": "set the contextPath (url) for the SharePoint Cluster Service (for GET requests to a group of sharepoint instances)",
"title": "contextPath"
},
"enabled": {
"default": false,
"title": "enabled",
"type": "boolean"
}
},
"title": "clusterService",
"type": "object"
},
"connector": {
"additionalProperties": false,
"properties": {
"cTagPropertyName": {
"default": "cTag",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "cTagPropertyName"
},
"eTagPropertyName": {
"default": "eTag",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "eTagPropertyName"
},
"idPropertyName": {
"default": "sharePointId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "idPropertyName"
},
"listItemIdPropertyName": {
"default": "SharePointListItemId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "listItemIdPropertyName"
},
"nscaleExpirationPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleExpirationPropertyName"
},
"nscaleGdprRelevantPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleGdprRelevantPropertyName"
},
"nscaleLegalHidePropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleLegalHidePropertyName"
},
"nscaleLegalHoldPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleLegalHoldPropertyName"
},
"nscaleRetentionPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "nscaleRetentionPropertyName"
},
"parentIdPropertyName": {
"default": "sharePointParentId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "parentIdPropertyName"
},
"sharePointChangeTokenPropertyName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointChangeTokenPropertyName"
},
"sharePointCreatedPropertyName": {
"default": "SharePointCreated",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointCreatedPropertyName"
},
"sharePointCreatorPropertyName": {
"default": "SharePointCreator",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointCreatorPropertyName"
},
"sharePointEditedPropertyName": {
"default": "SharePointLastModified",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointEditedPropertyName"
},
"sharePointEditorPropertyName": {
"default": "SharePointEditor",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "sharePointEditorPropertyName"
},
"stubIdPropertyName": {
"default": "SharePointStubId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "stubIdPropertyName"
},
"stubListItemIdPropertyName": {
"default": "SharePointStubListItemId",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "stubListItemIdPropertyName"
},
"webUrlPropertyName": {
"default": "sharePointWebUrl",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "webUrlPropertyName"
}
},
"title": "connector",
"type": "object"
},
"doInitialCrawl": {
"default": "false",
"description": "toggle initial crawling. This value is mandatory.",
"title": "doInitialCrawl"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "sharepoint-connector",
"description": "the name of the image to use",
"title": "name"
},
"pullPolicy": {
"default": "IfNotPresent",
"title": "pullPolicy",
"type": "string"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.2.1400.2024073012",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "/nscale_spc",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"default": "",
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "true",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"javaOpts": {
"additionalProperties": false,
"description": "Options for the Java VM",
"properties": {
"javaMaxMem": {
"default": "",
"description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed",
"title": "javaMaxMem"
},
"javaMaxRamPercentage": {
"default": "",
"description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.",
"title": "javaMaxRamPercentage"
},
"javaMinMem": {
"default": "",
"description": "set the minimum memory, java will consume",
"title": "javaMinMem"
},
"javaMisc": {
"default": "",
"description": "Any misc Java Options that need to be passed to the container",
"title": "javaMisc"
}
},
"title": "javaOpts"
},
"management": {
"additionalProperties": false,
"properties": {
"port": {
"default": "18098",
"description": "see mail from Manuel, 30.7.2024",
"title": "port"
},
"security": {
"default": "false",
"description": "see mail from Manuel, 30.7.2024",
"title": "security"
},
"ssl": {
"default": "false",
"description": "see mail from Manuel, 30.7.2024",
"title": "ssl"
}
},
"title": "management",
"type": "object"
},
"meta": {
"additionalProperties": false,
"description": "defines internal constants for nplus. do not change these values",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "java",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "8098",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "8498",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "sharepoint-connector",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "sharepoint",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"description": "Sets the path to the component certs. @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/sharepoint-connector/conf",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "/opt/ceyoniq/sharepoint-connector/bin/logs",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nappl": {
"additionalProperties": false,
"description": "The nscale Application Layer, this component should talk to",
"properties": {
"account": {
"default": "",
"description": "The technical account to login with",
"title": "account"
},
"baseFolder": {
"default": "",
"description": "The base folder, this component should write to",
"title": "baseFolder"
},
"docArea": {
"default": "",
"description": "The document area, this component should write to",
"title": "docArea"
},
"domain": {
"default": "",
"description": "The domain of the technical account",
"title": "domain"
},
"host": {
"default": "",
"description": "nappl host name",
"title": "host"
},
"instance": {
"default": "",
"description": "instance of the Application Layer, likely `instance1`",
"title": "instance"
},
"password": {
"default": "",
"description": "The password of the technical accunt (if not set by secret)",
"title": "password"
},
"port": {
"default": "",
"description": "nappl port (http 8080 or https 8443)",
"title": "port"
},
"secret": {
"default": "",
"description": "An optional secret that holds the credentials (the keys must be `account` and `password`)",
"title": "secret"
},
"ssl": {
"default": "",
"description": "sets the Advanced Connect to tls",
"title": "ssl"
}
},
"title": "nappl"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"parallelRequests": {
"default": "5",
"description": "amount of parallel requests",
"title": "parallelRequests"
},
"replicaCount": {
"default": "1",
"description": "this is fix to 1 @ignore",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"sharepoint": {
"additionalProperties": false,
"properties": {
"clientCertPw": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "clientCertPw"
},
"clientId": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "clientId"
},
"doCheckOut": {
"default": "false",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "doCheckOut"
},
"secret": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "secret"
},
"serviceBusConnectionString": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusConnectionString"
},
"serviceBusQueueName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusQueueName"
},
"serviceBusRetentionConnectionString": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusRetentionConnectionString"
},
"serviceBusRetentionQueueName": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusRetentionQueueName"
},
"serviceBusTopicNameConfigUpdate": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "serviceBusTopicNameConfigUpdate"
},
"spHost": {
"default": "https://example.com",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "spHost"
},
"tenantId": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "tenantId"
},
"triggerProperty": {
"default": "toBeArchived",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "triggerProperty"
},
"webUserPw": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "webUserPw"
}
},
"title": "sharepoint",
"type": "object"
},
"ssl": {
"additionalProperties": false,
"properties": {
"keyAlias": {
"default": "https",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keyAlias"
},
"keyPassword": {
"default": "secret",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keyPassword"
},
"keystore": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keystore"
},
"keystorePassword": {
"default": "secret",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keystorePassword"
},
"keystoreSecret": {
"default": "",
"description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*",
"title": "keystoreSecret"
}
},
"title": "ssl",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
}
},
"title": "nplus-component-sharepoint",
"type": "object"
},
"toolbox": {
"description": "Installs the environment toolbox with git and nstore downloader installed, also serving as target for pool copy actions in the pipeline",
"properties": {
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "toolbox2",
"description": "the name of the image to use",
"title": "name"
},
"pullPolicy": {
"default": "IfNotPresent",
"title": "pullPolicy",
"type": "string"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "cr.nplus.cloud/subscription",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "1.2.1300",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"meta": {
"additionalProperties": false,
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "envtoolbox",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta",
"type": "object"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"nstoreDownloader": {
"additionalProperties": false,
"description": "yaml-language-server: $schema=values.schema.json",
"properties": {
"enabled": {
"default": "false",
"description": "enables the nstore downloader",
"title": "enabled"
},
"nstore": {
"default": "`https://nstore.ceyoniq.com...`",
"description": "set the nstore URL",
"title": "nstore"
},
"target": {
"default": "pool/nstore",
"description": "target directory in the conf pv",
"title": "target"
}
},
"title": "nstoreDownloader",
"type": "object"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "1",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "512Mi",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "1m",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "64Mi",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
}
},
"title": "nplus-environment-toolbox",
"type": "object"
},
"web": {
"description": "nscale Web, providing a modern Web UI to nscale users",
"properties": {
"authType": {
"default": "",
"description": "Set the authentication type login, basic, negotiate, implicit ntlmv2, kerberos",
"title": "authType"
},
"customizingMode": {
"default": "",
"description": "If this setting is enabled, layouts will update immediately when changes are made. It is no longer necessary to re-register or restart the service. If this setting is not activated, the automatic update of the metamodel is turned off. We recommend not using this setting in productive systems because it reduces system performance.",
"title": "customizingMode"
},
"disableUsernamePassword": {
"default": "",
"description": "surpresses the login dialog",
"title": "disableUsernamePassword"
},
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "application-layer-web",
"description": "the name of the image to use",
"title": "name"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.3.1300.2024121620",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"immediateFederatedLogin": {
"default": "",
"description": "directly log in via identity providers",
"title": "immediateFederatedLogin"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "/nscale_web",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "XtConLoadBalancerSession",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"default": "",
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "true",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"javaOpts": {
"additionalProperties": false,
"description": "Options for the Java VM",
"properties": {
"javaMaxMem": {
"default": "",
"description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed",
"title": "javaMaxMem"
},
"javaMaxRamPercentage": {
"default": "",
"description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.",
"title": "javaMaxRamPercentage"
},
"javaMinMem": {
"default": "",
"description": "set the minimum memory, java will consume",
"title": "javaMinMem"
},
"javaMisc": {
"default": "",
"description": "Any misc Java Options that need to be passed to the container",
"title": "javaMisc"
}
},
"title": "javaOpts"
},
"meta": {
"additionalProperties": false,
"description": "defines internal constants for nplus. do not change these values",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "java",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "8090",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "8453",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "web-client",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "web",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta"
},
"metamodelMode": {
"default": "",
"description": "Refreshes the metamodel mode",
"title": "metamodelMode"
},
"minReplicaCount": {
"default": "",
"description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.",
"title": "minReplicaCount"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-server/application-layer-web/conf",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"defaultConfig": {
"default": "{{ .component.fullName }}-defaultconfig",
"description": "Sets a configMap with default configuration files that get copied to a new and empty container just before the template folder gets copied. Existing files are not overwritten.",
"title": "defaultConfig"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"medium": {
"default": "",
"description": "the medium for the emptyDisk volume if you unset it, it drops it from the manifest",
"title": "medium"
},
"path": {
"default": "/opt/ceyoniq/nscale-server/application-layer-web/apache/logs/",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "5Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nappl": {
"additionalProperties": false,
"description": "The nscale Application Layer, this component should talk to",
"properties": {
"account": {
"default": "",
"description": "The technical account to login with",
"title": "account"
},
"domain": {
"default": "",
"description": "The domain of the technical account",
"title": "domain"
},
"host": {
"default": "",
"description": "nappl host name",
"title": "host"
},
"instance": {
"default": "",
"description": "instance of the Application Layer, likely `instance1`",
"title": "instance"
},
"password": {
"default": "",
"description": "The password of the technical accunt (if not set by secret)",
"title": "password"
},
"port": {
"default": "",
"description": "nappl port (http 8080 or https 8443)",
"title": "port"
},
"secret": {
"default": "",
"description": "An optional secret that holds the credentials (the keys must be `account` and `password`)",
"title": "secret"
},
"ssl": {
"default": "",
"description": "sets the Advanced Connect to tls",
"title": "ssl"
}
},
"title": "nappl"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"oauthDomains": {
"default": "",
"description": "OAuth nscale domains",
"title": "oauthDomains"
},
"replicaCount": {
"default": "1",
"description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"sameSite": {
"default": "",
"description": "nscale SameSite Cookie Header",
"title": "sameSite"
},
"samlDomains": {
"default": "",
"description": "SAML nscale domains",
"title": "samlDomains"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"smartCrossgrade": {
"default": "",
"description": "Enable Crossgrade for Smart Layouts",
"title": "smartCrossgrade"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"updateStrategy": {
"default": "",
"description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.",
"title": "updateStrategy"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
}
},
"title": "nplus-component-web",
"type": "object"
},
"webdav": {
"description": "nscale WebDAV Connector, providing a standard WebDAV interface to the Instance",
"properties": {
"env": {
"default": "",
"description": "Sets additional environment variables for the configuration.",
"title": "env"
},
"envMap": {
"default": "",
"description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.",
"title": "envMap"
},
"envSecret": {
"default": "",
"description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.",
"title": "envSecret"
},
"fullnameOverride": {
"default": "",
"description": "This overrides the output of the internal fullname function",
"title": "fullnameOverride"
},
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
},
"globals": {
"description": "nplus Global Functions Library Chart",
"properties": {
"global": {
"description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.",
"title": "global",
"type": "object"
}
},
"title": "nplus-globals",
"type": "object"
},
"image": {
"additionalProperties": false,
"description": "provide the image to be used for this component",
"properties": {
"name": {
"default": "webdav-connector",
"description": "the name of the image to use",
"title": "name"
},
"pullPolicy": {
"default": "IfNotPresent",
"title": "pullPolicy",
"type": "string"
},
"pullSecrets": {
"description": "you can provide your own pullSecrets, in case you use a private repo.",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "pullSecrets"
},
"repo": {
"default": "ceyoniq.azurecr.io/release/nscale",
"description": "if you use a private repo, feel free to set it here",
"title": "repo"
},
"tag": {
"default": "ubi.9.3.1000.2024091609",
"description": "the tag of the image to use",
"title": "tag"
}
},
"title": "image"
},
"ingress": {
"additionalProperties": false,
"description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)",
"properties": {
"annotations": {
"default": "",
"description": "Adds extra Annotations to the ingress",
"title": "annotations"
},
"backendProtocol": {
"default": "`http` <br> `https` in zero trust mode",
"description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.",
"title": "backendProtocol"
},
"class": {
"default": "`public`",
"description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one",
"title": "class"
},
"contextPath": {
"default": "/dav",
"description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.",
"title": "contextPath"
},
"cookie": {
"default": "",
"description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web",
"title": "cookie"
},
"deny": {
"default": "",
"description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.",
"title": "deny"
},
"domain": {
"default": "",
"description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here",
"title": "domain"
},
"enabled": {
"default": "true",
"description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.",
"title": "enabled"
},
"inputPath": {
"default": "",
"description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.",
"title": "inputPath"
},
"namespace": {
"default": "\"ingress, kube-system, ingress-nginx\"",
"description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list",
"title": "namespace"
},
"proxyReadTimeout": {
"default": "",
"description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.",
"title": "proxyReadTimeout"
},
"rewriteTarget": {
"default": "",
"description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.",
"title": "rewriteTarget"
},
"secret": {
"default": "`{{ .this.ingress.domain }}-tls`",
"description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance",
"title": "secret"
},
"whitelist": {
"default": "",
"description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers",
"title": "whitelist"
}
},
"title": "ingress"
},
"javaOpts": {
"additionalProperties": false,
"description": "Options for the Java VM",
"properties": {
"javaMaxMem": {
"default": "",
"description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed",
"title": "javaMaxMem"
},
"javaMaxRamPercentage": {
"default": "",
"description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.",
"title": "javaMaxRamPercentage"
},
"javaMinMem": {
"default": "",
"description": "set the minimum memory, java will consume",
"title": "javaMinMem"
},
"javaMisc": {
"default": "",
"description": "Any misc Java Options that need to be passed to the container",
"title": "javaMisc"
}
},
"title": "javaOpts"
},
"meta": {
"additionalProperties": false,
"description": "defines internal constants for nplus. do not change these values",
"properties": {
"componentVersion": {
"default": "",
"description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify",
"title": "componentVersion"
},
"language": {
"default": "java",
"description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.",
"title": "language"
},
"ports": {
"additionalProperties": false,
"description": "lists the ports this component exposes. This is important for zero trust mode and others.",
"properties": {
"http": {
"default": "8088",
"description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.",
"title": "http"
},
"https": {
"default": "8488",
"description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "https"
},
"rmi": {
"default": "",
"description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "rmi"
},
"tcp": {
"default": "",
"description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcp"
},
"tcps": {
"default": "",
"description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.",
"title": "tcps"
}
},
"title": "ports"
},
"provider": {
"default": "",
"description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment",
"title": "provider"
},
"serviceContainer": {
"default": "webdav-connector",
"description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any",
"title": "serviceContainer"
},
"stage": {
"default": "",
"description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)",
"title": "stage"
},
"tenant": {
"default": "",
"description": "sets tenant information to be able to invoice per use in a cloud environment",
"title": "tenant"
},
"type": {
"default": "webdav",
"description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.",
"title": "type"
},
"wave": {
"default": "",
"description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation",
"title": "wave"
}
},
"title": "meta"
},
"minReplicaCount": {
"default": "",
"description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.",
"title": "minReplicaCount"
},
"minReplicaCountType": {
"default": "",
"description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer",
"title": "minReplicaCountType"
},
"mounts": {
"additionalProperties": false,
"properties": {
"caCerts": {
"additionalProperties": false,
"description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the certs folder. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "caCerts"
},
"componentCerts": {
"additionalProperties": false,
"description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here",
"properties": {
"configMap": {
"default": "",
"description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting",
"title": "configMap"
},
"paths": {
"default": "",
"description": "Sets the path to the component certs. @internal -- do not change this value",
"title": "paths"
},
"secret": {
"default": "",
"description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting",
"title": "secret"
}
},
"title": "componentCerts"
},
"conf": {
"additionalProperties": false,
"description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-webdav/conf",
"description": "Sets the path to the conf files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the conf files @internal -- do not change this value",
"title": "paths"
}
},
"title": "conf"
},
"data": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the data disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the data files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the data disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "data",
"type": "object"
},
"disk": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the disk",
"title": "class"
},
"enabled": {
"default": "false",
"description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.",
"title": "enabled"
},
"migration": {
"default": "false",
"description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!",
"title": "migration"
},
"path": {
"default": "",
"description": "Sets the path to the disk files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the data files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "disk",
"type": "object"
},
"file": {
"additionalProperties": false,
"properties": {
"class": {
"default": "",
"description": "Sets the class of the shared disk",
"title": "class"
},
"path": {
"default": "",
"description": "Sets the path to the shared files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the shared files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "",
"description": "Sets the size of the shared disk",
"title": "size"
},
"volumeName": {
"default": "",
"description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one",
"title": "volumeName"
}
},
"title": "file",
"type": "object"
},
"fonts": {
"additionalProperties": false,
"description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the fonts folder. @internal -- do not change this value",
"title": "path"
}
},
"title": "fonts"
},
"generic": {
"default": "",
"description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.",
"title": "generic"
},
"license": {
"additionalProperties": false,
"description": "some nscale Components require a license file and this defines it's location",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the license files @internal -- do not change this value",
"title": "path"
}
},
"title": "license"
},
"logs": {
"additionalProperties": false,
"description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable",
"properties": {
"path": {
"default": "/opt/ceyoniq/nscale-webdav/logs",
"description": "Sets the path to the log files @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths to the log files @internal -- do not change this value",
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the log disk (all paths)",
"title": "size"
}
},
"title": "logs"
},
"pool": {
"additionalProperties": false,
"properties": {
"path": {
"default": "",
"description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value",
"title": "path"
}
},
"title": "pool",
"type": "object"
},
"ptemp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path for temporary files that are persisted @internal -- do not change this value",
"title": "path"
},
"paths": {
"default": "",
"description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value",
"title": "paths"
}
},
"title": "ptemp"
},
"temp": {
"additionalProperties": false,
"description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only",
"properties": {
"path": {
"default": "",
"description": "Sets the path to the temporary files @internal -- do not change this value",
"title": "path"
},
"paths": {
"description": "Sets a list of paths to the temporary files @internal -- do not change this value",
"items": {
"anyOf": [
{
"type": "string"
},
{
"type": "string"
},
{
"type": "string"
}
]
},
"title": "paths"
},
"size": {
"default": "1Gi",
"description": "Sets the size of the temporary disk (all paths)",
"title": "size"
}
},
"title": "temp"
}
},
"title": "mounts",
"type": "object"
},
"nameOverride": {
"default": "",
"description": "This overrides the output of the internal name function",
"title": "nameOverride"
},
"nappl": {
"additionalProperties": false,
"description": "The nscale Application Layer, this component should talk to",
"properties": {
"account": {
"default": "",
"description": "The technical account to login with",
"title": "account"
},
"domain": {
"default": "",
"description": "The domain of the technical account",
"title": "domain"
},
"host": {
"default": "",
"description": "nappl host name",
"title": "host"
},
"instance": {
"default": "",
"description": "instance of the Application Layer, likely `instance1`",
"title": "instance"
},
"password": {
"default": "",
"description": "The password of the technical accunt (if not set by secret)",
"title": "password"
},
"port": {
"default": "",
"description": "nappl port (http 8080 or https 8443)",
"title": "port"
},
"secret": {
"default": "",
"description": "An optional secret that holds the credentials (the keys must be `account` and `password`)",
"title": "secret"
},
"ssl": {
"default": "",
"description": "sets the Advanced Connect to tls",
"title": "ssl"
}
},
"title": "nappl"
},
"nodeSelector": {
"default": "",
"description": "select specific nodes for this component",
"title": "nodeSelector"
},
"replicaCount": {
"default": "1",
"description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.",
"title": "replicaCount"
},
"resources": {
"additionalProperties": false,
"description": "Assigns hardware resources to container",
"properties": {
"limits": {
"additionalProperties": false,
"description": "Limits the maximum resources",
"properties": {
"cpu": {
"default": "",
"description": "The maximum allowed CPU for the container",
"title": "cpu"
},
"memory": {
"default": "",
"description": "The maximum allowed RAM for the container",
"title": "memory"
}
},
"title": "limits"
},
"requests": {
"additionalProperties": false,
"description": "Requests are used to assign a minimum to a container. This is the guaranteed amount",
"properties": {
"cpu": {
"default": "",
"description": "Set the share of guaranteed CPU to the container.",
"title": "cpu"
},
"memory": {
"default": "",
"description": "Set the share of guaranteed RAM to the container",
"title": "memory"
}
},
"title": "requests"
}
},
"title": "resources"
},
"security": {
"additionalProperties": false,
"description": "Security Section defining default runtime environment for your container",
"properties": {
"containerSecurityContext": {
"additionalProperties": false,
"properties": {
"allowPrivilegeEscalation": {
"default": "false",
"description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this",
"title": "allowPrivilegeEscalation"
},
"capabilities": {
"additionalProperties": false,
"description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this",
"properties": {
"drop": {
"items": {
"anyOf": [
{
"type": "string"
}
]
},
"title": "drop",
"type": "array"
}
},
"title": "capabilities"
},
"readOnlyRootFilesystem": {
"default": "true",
"description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this",
"title": "readOnlyRootFilesystem"
}
},
"title": "containerSecurityContext",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": false,
"properties": {
"fsGroup": {
"default": "1001",
"description": "The file system group as which new files are created @internal -- there is normally no need to change this",
"title": "fsGroup"
},
"fsGroupChangePolicy": {
"default": "OnRootMismatch",
"description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this",
"title": "fsGroupChangePolicy"
},
"runAsUser": {
"default": "1001",
"description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this",
"title": "runAsUser"
}
},
"title": "podSecurityContext",
"type": "object"
},
"zeroTrust": {
"default": "`false`",
"description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes",
"title": "zeroTrust"
}
},
"title": "security"
},
"service": {
"additionalProperties": false,
"properties": {
"annotations": {
"default": "",
"description": "adds extra Annotations to the service",
"title": "annotations"
},
"enabled": {
"default": "true",
"description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.",
"title": "enabled"
},
"selector": {
"default": "component",
"description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type",
"title": "selector"
}
},
"title": "service",
"type": "object"
},
"telemetry": {
"additionalProperties": false,
"description": "Settings for telemetry tools",
"properties": {
"openTelemetry": {
"default": "",
"description": "turns Open Telemetry on",
"title": "openTelemetry"
},
"serviceName": {
"default": "",
"description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"",
"title": "serviceName"
}
},
"title": "telemetry"
},
"template": {
"additionalProperties": false,
"description": "provide extra settings for pod templates",
"properties": {
"annotations": {
"default": "",
"description": "set additional annotations for pods",
"title": "annotations"
},
"labels": {
"default": "",
"description": "set additional labels for pods",
"title": "labels"
}
},
"title": "template"
},
"terminationGracePeriodSeconds": {
"default": "",
"description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults",
"title": "terminationGracePeriodSeconds"
},
"timezone": {
"default": "`Europe/Berlin`",
"description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.",
"title": "timezone"
},
"tolerations": {
"default": "",
"description": "Set tolerations for this component",
"title": "tolerations"
},
"updateStrategy": {
"default": "",
"description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.",
"title": "updateStrategy"
},
"utils": {
"additionalProperties": false,
"properties": {
"debug": {
"default": "`false`",
"description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide",
"title": "debug"
},
"disableWait": {
"default": "`false`",
"description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.",
"title": "disableWait"
},
"disableWave": {
"default": "`false`",
"description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.",
"title": "disableWave"
},
"includeNamespace": {
"default": "`true`",
"description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later",
"title": "includeNamespace"
},
"maintenance": {
"default": "`false`",
"description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.",
"title": "maintenance"
},
"renderComments": {
"default": "`true`",
"description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD",
"title": "renderComments"
}
},
"title": "utils",
"type": "object"
},
"waitFor": {
"default": "",
"description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.",
"title": "waitFor"
}
},
"title": "nplus-component-webdav",
"type": "object"
}
},
"title": "nplus-instance",
"type": "object"
}
},
"type": "object"
}
Reference in New Issue View Git Blame Copy Permalink