charts/keys/values.yaml

# @section Docker Registry settings

# @param dgctlDockerRegistry Docker Registry endpoint where On-Premise services' images reside. Format: `host:port`.

dgctlDockerRegistry: ''


# @section Common settings

# @param imagePullSecrets Kubernetes image pull secrets.
# @param imagePullPolicy Pull policy.
# @param backend.image.repository Backend service image repository.
# @param backend.image.tag Backend service image tag.
# @param admin.image.repository Admin service image repository.
# @param admin.image.tag Admin service image tag.
# @param redis.image.repository Redis image repository.
# @param redis.image.tag Redis image tag.

imagePullSecrets: []
imagePullPolicy: IfNotPresent

# @section Flags for enabling/disabling certain features.

featureFlags:
  # @param featureFlags.enableAudit Enable audit logging.

  enableAudit: false

backend:
  image:
    repository: 2gis-on-premise/keys-backend
    tag: 1.79.0

# @section Admin service settings

admin:
  image:
    repository: 2gis-on-premise/keys-ui
    tag: 0.7.0

  # @param admin.replicas A replica count for the pod.

  replicas: 1

  # @param admin.strategy.type Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`.
  # @param admin.strategy.rollingUpdate.maxUnavailable Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment).
  # @param admin.strategy.rollingUpdate.maxSurge Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process.

  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 0
      maxSurge: 1

  resources:
    requests:
      cpu: 300m
      memory: 256Mi
    limits:
      cpu: 1
      memory: 384Mi

  # @skip admin.apiOverride
  # @param admin.host Base URL for the admin web interface, ex: https://keys-ui.ingress.host
  # @param admin.badge.title A name to describe an application installation.
  # @param admin.badge.titleColor A font color for admin.badge.title. Any css color value is valid, e.g. "#000".
  # @param admin.badge.backgroundColor A background color for admin.badge.title. Any css color value is valid, e.g. "#00F018".

  apiOverride: ''
  host: ''
  badge:
    title: ''
    titleColor: ''
    backgroundColor: ''

  # @param admin.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
  # @param admin.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).

  annotations: {}
  labels: {}

  # @param admin.podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
  # @param admin.podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).

  podAnnotations: {}
  podLabels: {}

  # @param admin.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector).
  # @param admin.affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity).
  # @param admin.tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings.

  nodeSelector: {}
  affinity: {}
  tolerations: {}

  # @param admin.service.annotations Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
  # @param admin.service.labels Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).
  # @param admin.service.type Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types).
  # @param admin.service.port Service port.

  service:
    annotations: {}
    labels: {}
    type: ClusterIP
    port: 80

  # @section Kubernetes [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) settings

  # @param admin.ingress.enabled If Ingress is enabled for the service.
  # @param admin.ingress.className Name of the Ingress controller class.
  # @param admin.ingress.hosts[0].host Hostname for the Ingress service.
  # @param admin.ingress.hosts[0].paths[0].path Path of the host for the Ingress service.
  # @param admin.ingress.hosts[0].paths[0].pathType Type of the path for the Ingress service.
  # @param admin.ingress.tls TLS configuration

  ingress:
    enabled: false
    className: nginx
    hosts:
    - host: keys-ui.example.com
      paths:
      - path: /
        pathType: Prefix
    tls: []
    # - hosts:
    #   - keys-ui.example.com
    #   secretName: secret.tls


# @section API service settings

api:

  # @param api.adminUsers Usernames and passwords of admin users. Format: `username1:password1,username2:password2`.

  adminUsers: ''

  # @param api.adminSessionTTL TTL of the admin users sessions. Duration string is a sequence of decimal numbers with optional fraction and unit suffix, like `100ms`, `2.3h` or `4h35m`. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`.

  adminSessionTTL: 336h

  # @param api.logLevel Log level for the service. Can be: `trace`, `debug`, `info`, `warning`, `error`, `fatal`.
  logLevel: warning

  # @param api.replicas A replica count for the pod.

  replicas: 1

  # @param api.strategy.type Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`.
  # @param api.strategy.rollingUpdate.maxUnavailable Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment).
  # @param api.strategy.rollingUpdate.maxSurge Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process.

  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 0
      maxSurge: 1

  resources:
    requests:
      cpu: 50m
      memory: 128Mi
    limits:
      cpu: 1
      memory: 256Mi

  # @param api.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
  # @param api.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).

  annotations: {}
  labels: {}

  # @param api.podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
  # @param api.podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).

  podAnnotations: {}
  podLabels: {}

  # @param api.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector).
  # @param api.affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity).
  # @param api.tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings.

  nodeSelector: {}
  affinity: {}
  tolerations: {}

  # @param api.service.annotations Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
  # @param api.service.labels Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).
  # @param api.service.type Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types).
  # @param api.service.port Service port.

  service:
    annotations: {}
    labels: {}
    type: ClusterIP
    port: 80

  # @section Kubernetes [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) settings

  # @param api.ingress.enabled If Ingress is enabled for the service.
  # @param api.ingress.hosts[0].host Hostname for the Ingress service.

  ingress:
    enabled: false
    hosts:
    - host: keys-api.host


  # @section Kubernetes [Horizontal Pod Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) settings

  # @param api.hpa.enabled If HPA is enabled for the service.
  # @param api.hpa.minReplicas Lower limit for the number of replicas to which the autoscaler can scale down.
  # @param api.hpa.maxReplicas Upper limit for the number of replicas to which the autoscaler can scale up.
  # @param api.hpa.scaleDownStabilizationWindowSeconds Scale-down window.
  # @param api.hpa.scaleUpStabilizationWindowSeconds Scale-up window.
  # @param api.hpa.targetCPUUtilizationPercentage Target average CPU utilization (represented as a percentage of requested CPU) over all the pods; if not specified the default autoscaling policy will be used.
  # @param api.hpa.targetMemoryUtilizationPercentage Target average memory utilization (represented as a percentage of requested memory) over all the pods; if not specified the default autoscaling policy will be used.

  hpa:
    enabled: false
    minReplicas: 1
    maxReplicas: 2
    scaleDownStabilizationWindowSeconds: ''
    scaleUpStabilizationWindowSeconds: ''
    targetCPUUtilizationPercentage: 80
    targetMemoryUtilizationPercentage: ''


# @section Import service settings

import:

  # @param import.logLevel Log level for the service. Can be: `trace`, `debug`, `info`, `warning`, `error`, `fatal`.
  logLevel: warning

  resources:
    requests:
      cpu: 10m
      memory: 32Mi
    limits:
      cpu: 100m
      memory: 64Mi

  # @param import.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector).

  nodeSelector: {}


# @section Migrate service settings

migrate:

  # @param migrate.logLevel Log level for the service. Can be: `trace`, `debug`, `info`, `warning`, `error`, `fatal`.
  logLevel: warning

  # @param migrate.initialDelaySeconds Delay in seconds at the service startup.

  initialDelaySeconds: 0

  resources:
    requests:
      cpu: 10m
      memory: 32Mi
    limits:
      cpu: 100m
      memory: 64Mi

  # @param migrate.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector).

  nodeSelector: {}


# @section Tasker service settings

tasker:

  # @param tasker.logLevel Log level for the service. Can be: `trace`, `debug`, `info`, `warning`, `error`, `fatal`.
  logLevel: warning

  resources:
    requests:
      cpu: 10m
      memory: 32Mi
    limits:
      cpu: 100m
      memory: 64Mi

  # @param tasker.delay Delay in seconds at the service startup.

  delay: 30s

  # @param tasker.strategy.type Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`.
  # @param tasker.strategy.rollingUpdate.maxUnavailable Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment).
  # @param tasker.strategy.rollingUpdate.maxSurge Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process.

  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 0
      maxSurge: 1

  # @param tasker.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
  # @param tasker.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).

  annotations: {}
  labels: {}

  # @param tasker.podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
  # @param tasker.podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).

  podAnnotations: {}
  podLabels: {}

  # @param tasker.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector).
  # @param tasker.affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity).
  # @param tasker.tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings.

  nodeSelector: {}
  affinity: {}
  tolerations: {}


# @section Redis settings

redis:
  image:
    repository: 2gis-on-premise/keys-redis
    tag: 6.2.6-alpine3.15

  resources:
    requests:
      cpu: 50m
      memory: 32Mi
    limits:
      cpu: 1
      memory: 256Mi

  # @param redis.port HTTP port for Redis to listen.
  # @param redis.configPath Path to Redis configuration file.

  port: 6379
  configPath: /opt/redis.conf

  # @param redis.password Redis password. Empty string if no authentication is required.

  password: ''

  # @param redis.useExternalRedis If true, external Redis server will be used.
  # @param redis.host External Redis hostname or IP.
  # @param redis.db External Redis database number.

  useExternalRedis: false
  host: ''
  db: 1

  # @param redis.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
  # @param redis.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).

  annotations: {}
  labels: {}

  # @param redis.podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
  # @param redis.podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).

  podAnnotations: {}
  podLabels: {}

  # @param redis.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector).
  # @param redis.affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity).
  # @param redis.tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings.

  nodeSelector: {}
  affinity: {}
  tolerations: {}


# @section Database access settings

postgres:

  # @extra postgres.ro **Settings for the read-only access**

  # @param postgres.ro.host PostgreSQL hostname or IP. **Required**
  # @param postgres.ro.port PostgreSQL port.
  # @param postgres.ro.timeout PostgreSQL client connection timeout.
  # @param postgres.ro.name PostgreSQL database name. **Required**
  # @param postgres.ro.schema PostgreSQL database schema. If not specified, schema from SEARCH_PATH will be used.
  # @param postgres.ro.username PostgreSQL username. **Required**
  # @param postgres.ro.password PostgreSQL password. **Required**

  ro:
    host: ''
    port: 5432
    timeout: 3s
    name: ''
    schema: ''
    username: ''
    password: ''

  # @extra postgres.rw **Settings for the read-write access**

  # @param postgres.rw.host PostgreSQL hostname or IP. **Required**
  # @param postgres.rw.port PostgreSQL port.
  # @param postgres.rw.timeout PostgreSQL client connection timeout.
  # @param postgres.rw.name PostgreSQL database name. **Required**
  # @param postgres.rw.schema PostgreSQL database schema. If not specified, schema from SEARCH_PATH will be used.
  # @param postgres.rw.username PostgreSQL username. **Required**
  # @param postgres.rw.password PostgreSQL password. **Required**

  rw:
    host: ''
    port: 5432
    timeout: 3s
    name: ''
    schema: ''
    username: ''
    password: ''


# @section Kafka settings

kafka:

  # @extra kafka.audit **Settings for sending audit messages.**

  # @param kafka.audit.bootstrapServers Comma-separated list of host and port pairs that are the addresses of the Kafka brokers (e.g. 'localhost:9092,localhost:9093').
  # @param kafka.audit.username Username for authorization (SASL/PLAINTEXT SHA-512).
  # @param kafka.audit.password Password for authorization (SASL/PLAINTEXT SHA-512).
  # @param kafka.audit.topic Topic to produce audit messages.
  # @param kafka.audit.produce.retryCount Number of retries to produce a message.
  # @param kafka.audit.produce.idempotentWrite Flag to enable/disable [idempotent write](https://docs.confluent.io/platform/current/installation/configuration/producer-configs.html#enable-idempotence).

  audit:
    bootstrapServers: ''
    username: ''
    password: ''
    topic: ''
    produce:
      retryCount: 5
      idempotentWrite: true

# @section LDAP connection settings

# @param ldap.host LDAP host.
# @param ldap.port LDAP port.
# @param ldap.useStartTLS If LDAP should use TLS.
# @param ldap.useLDAPS Use LDAPS instead of LDAP.
# @param ldap.skipServerCertificateVerify Trust the server certificate without verification.
# @param ldap.serverName Server name.
# @param ldap.clientCertificatePath Path to client certificate for authentication.
# @param ldap.clientKeyPath Path to client key for authentication.
# @param ldap.rootCertificateAuthoritiesPath Path to the Root CA certificate.

ldap:
  host: ''
  port: 3268

  useStartTLS: false
  useLDAPS: false
  skipServerCertificateVerify: false
  serverName: ''
  clientCertificatePath: ''
  clientKeyPath: ''
  rootCertificateAuthoritiesPath: ''

  # @extra ldap.bind **LDAP bind settings**
  # @param ldap.bind.dn LDAP distinguished name.
  # @param ldap.bind.password LDAP password.

  bind:
    dn: user
    password: secret

  # @extra ldap.search **LDAP search settings**
  # @param ldap.search.baseDN LDAP base distinguished name.
  # @param ldap.search.filter LDAP search filter.

  search:
    baseDN: dc=2gis
    filter: (&(objectClass=user)(sAMAccountName=%s))


# @section Predefined keys

predefined:

  # @extra predefined.service Predefined service keys.

  # @param predefined.service.keys Keys map as: service -> key.
  # @param predefined.service.aliases Aliases map as: service -> key.

  service:
    keys: {}
    aliases: {}

# @section Deployment Artifacts Storage settings

# @param dgctlStorage.host S3 endpoint. Format: `host:port`. **Required**
# @param dgctlStorage.region S3 region name.
# @param dgctlStorage.secure Set to `true` if dgctlStorage.host must be accessed via https. **Required**
# @param dgctlStorage.verifySsl Set to `false` if dgctlStorage.host must be accessed via https without certificate validation. **Required**
# @param dgctlStorage.bucket S3 bucket name.
# @param dgctlStorage.accessKey S3 access key for accessing the bucket. **Required**
# @param dgctlStorage.secretKey S3 secret key for accessing the bucket. **Required**
# @param dgctlStorage.manifest The path to the [manifest file](https://docs.2gis.com/en/on-premise/overview#nav-lvl2@paramCommon_deployment_steps). Format: `manifests/0000000000.json` <br> This file contains the description of pieces of data that the service requires to operate.

dgctlStorage:
  host: ''
  region: ''
  secure: false
  verifySsl: true
  bucket: keys
  accessKey: ''
  secretKey: ''
  manifest: manifest.json

# @section Limits

# @extra admin.resources **Limits for the Admin service**
# @param admin.resources.requests.cpu A CPU request.
# @param admin.resources.requests.memory A memory request.
# @param admin.resources.limits.cpu A CPU limit.
# @param admin.resources.limits.memory A memory limit.

# @extra api.resources **Limits for the API service**
# @param api.resources.requests.cpu A CPU request.
# @param api.resources.requests.memory A memory request.
# @param api.resources.limits.cpu A CPU limit.
# @param api.resources.limits.memory A memory limit.

# @extra import.resources **Limits for the Import service**
# @param import.resources.requests.cpu A CPU request.
# @param import.resources.requests.memory A memory request.
# @param import.resources.limits.cpu A CPU limit.
# @param import.resources.limits.memory A memory limit.

# @extra migrate.resources **Limits for the Migrate service**
# @param migrate.resources.requests.cpu A CPU request.
# @param migrate.resources.requests.memory A memory request.
# @param migrate.resources.limits.cpu A CPU limit.
# @param migrate.resources.limits.memory A memory limit.

# @extra tasker.resources **Limits for the Tasker service**
# @param tasker.resources.requests.cpu A CPU request.
# @param tasker.resources.requests.memory A memory request.
# @param tasker.resources.limits.cpu A CPU limit.
# @param tasker.resources.limits.memory A memory limit.

# @extra redis.resources **Limits for Redis**
# @param redis.resources.requests.cpu A CPU request.
# @param redis.resources.requests.memory A memory request.
# @param redis.resources.limits.cpu A CPU limit.
# @param redis.resources.limits.memory A memory limit.

# @section customCAs **Custom Certificate Authority**

# @param customCAs.bundle Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1)
# @param customCAs.certsPath Custom CA bundle mount directory in the container.

customCAs:
  bundle: ''
# bundle: |
    # -----BEGIN CERTIFICATE-----
    # ...
    # -----END CERTIFICATE-----
  certsPath: ''