-
Notifications
You must be signed in to change notification settings - Fork 10
/
values.yaml
566 lines (419 loc) · 20.9 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
# @section Docker Registry settings
# @param dgctlDockerRegistry Docker Registry endpoint where On-Premise services' images reside. Format: `host:port`.
dgctlDockerRegistry: ''
# @section Common settings
# @param imagePullSecrets Kubernetes image pull secrets.
# @param imagePullPolicy Pull policy.
# @param backend.image.repository Backend service image repository.
# @param backend.image.tag Backend service image tag.
# @param admin.image.repository Admin service image repository.
# @param admin.image.tag Admin service image tag.
# @param redis.image.repository Redis image repository.
# @param redis.image.tag Redis image tag.
imagePullSecrets: []
imagePullPolicy: IfNotPresent
# @section Flags for enabling/disabling certain features.
featureFlags:
# @param featureFlags.enableAudit Enable audit logging.
enableAudit: false
backend:
image:
repository: 2gis-on-premise/keys-backend
tag: 1.79.0
# @section Admin service settings
admin:
image:
repository: 2gis-on-premise/keys-ui
tag: 0.7.0
# @param admin.replicas A replica count for the pod.
replicas: 1
# @param admin.strategy.type Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`.
# @param admin.strategy.rollingUpdate.maxUnavailable Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment).
# @param admin.strategy.rollingUpdate.maxSurge Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process.
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1
resources:
requests:
cpu: 300m
memory: 256Mi
limits:
cpu: 1
memory: 384Mi
# @skip admin.apiOverride
# @param admin.host Base URL for the admin web interface, ex: https://keys-ui.ingress.host
# @param admin.badge.title A name to describe an application installation.
# @param admin.badge.titleColor A font color for admin.badge.title. Any css color value is valid, e.g. "#000".
# @param admin.badge.backgroundColor A background color for admin.badge.title. Any css color value is valid, e.g. "#00F018".
apiOverride: ''
host: ''
badge:
title: ''
titleColor: ''
backgroundColor: ''
# @param admin.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
# @param admin.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).
annotations: {}
labels: {}
# @param admin.podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
# @param admin.podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).
podAnnotations: {}
podLabels: {}
# @param admin.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector).
# @param admin.affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity).
# @param admin.tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings.
nodeSelector: {}
affinity: {}
tolerations: {}
# @param admin.service.annotations Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
# @param admin.service.labels Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).
# @param admin.service.type Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types).
# @param admin.service.port Service port.
service:
annotations: {}
labels: {}
type: ClusterIP
port: 80
# @section Kubernetes [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) settings
# @param admin.ingress.enabled If Ingress is enabled for the service.
# @param admin.ingress.className Name of the Ingress controller class.
# @param admin.ingress.hosts[0].host Hostname for the Ingress service.
# @param admin.ingress.hosts[0].paths[0].path Path of the host for the Ingress service.
# @param admin.ingress.hosts[0].paths[0].pathType Type of the path for the Ingress service.
# @param admin.ingress.tls TLS configuration
ingress:
enabled: false
className: nginx
hosts:
- host: keys-ui.example.com
paths:
- path: /
pathType: Prefix
tls: []
# - hosts:
# - keys-ui.example.com
# secretName: secret.tls
# @section API service settings
api:
# @param api.adminUsers Usernames and passwords of admin users. Format: `username1:password1,username2:password2`.
adminUsers: ''
# @param api.adminSessionTTL TTL of the admin users sessions. Duration string is a sequence of decimal numbers with optional fraction and unit suffix, like `100ms`, `2.3h` or `4h35m`. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`.
adminSessionTTL: 336h
# @param api.logLevel Log level for the service. Can be: `trace`, `debug`, `info`, `warning`, `error`, `fatal`.
logLevel: warning
# @param api.replicas A replica count for the pod.
replicas: 1
# @param api.strategy.type Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`.
# @param api.strategy.rollingUpdate.maxUnavailable Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment).
# @param api.strategy.rollingUpdate.maxSurge Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process.
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 1
memory: 256Mi
# @param api.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
# @param api.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).
annotations: {}
labels: {}
# @param api.podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
# @param api.podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).
podAnnotations: {}
podLabels: {}
# @param api.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector).
# @param api.affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity).
# @param api.tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings.
nodeSelector: {}
affinity: {}
tolerations: {}
# @param api.service.annotations Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
# @param api.service.labels Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).
# @param api.service.type Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types).
# @param api.service.port Service port.
service:
annotations: {}
labels: {}
type: ClusterIP
port: 80
# @section Kubernetes [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) settings
# @param api.ingress.enabled If Ingress is enabled for the service.
# @param api.ingress.hosts[0].host Hostname for the Ingress service.
ingress:
enabled: false
hosts:
- host: keys-api.host
# @section Kubernetes [Horizontal Pod Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) settings
# @param api.hpa.enabled If HPA is enabled for the service.
# @param api.hpa.minReplicas Lower limit for the number of replicas to which the autoscaler can scale down.
# @param api.hpa.maxReplicas Upper limit for the number of replicas to which the autoscaler can scale up.
# @param api.hpa.scaleDownStabilizationWindowSeconds Scale-down window.
# @param api.hpa.scaleUpStabilizationWindowSeconds Scale-up window.
# @param api.hpa.targetCPUUtilizationPercentage Target average CPU utilization (represented as a percentage of requested CPU) over all the pods; if not specified the default autoscaling policy will be used.
# @param api.hpa.targetMemoryUtilizationPercentage Target average memory utilization (represented as a percentage of requested memory) over all the pods; if not specified the default autoscaling policy will be used.
hpa:
enabled: false
minReplicas: 1
maxReplicas: 2
scaleDownStabilizationWindowSeconds: ''
scaleUpStabilizationWindowSeconds: ''
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: ''
# @section Import service settings
import:
# @param import.logLevel Log level for the service. Can be: `trace`, `debug`, `info`, `warning`, `error`, `fatal`.
logLevel: warning
resources:
requests:
cpu: 10m
memory: 32Mi
limits:
cpu: 100m
memory: 64Mi
# @param import.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector).
nodeSelector: {}
# @section Migrate service settings
migrate:
# @param migrate.logLevel Log level for the service. Can be: `trace`, `debug`, `info`, `warning`, `error`, `fatal`.
logLevel: warning
# @param migrate.initialDelaySeconds Delay in seconds at the service startup.
initialDelaySeconds: 0
resources:
requests:
cpu: 10m
memory: 32Mi
limits:
cpu: 100m
memory: 64Mi
# @param migrate.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector).
nodeSelector: {}
# @section Tasker service settings
tasker:
# @param tasker.logLevel Log level for the service. Can be: `trace`, `debug`, `info`, `warning`, `error`, `fatal`.
logLevel: warning
resources:
requests:
cpu: 10m
memory: 32Mi
limits:
cpu: 100m
memory: 64Mi
# @param tasker.delay Delay in seconds at the service startup.
delay: 30s
# @param tasker.strategy.type Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`.
# @param tasker.strategy.rollingUpdate.maxUnavailable Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment).
# @param tasker.strategy.rollingUpdate.maxSurge Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process.
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1
# @param tasker.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
# @param tasker.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).
annotations: {}
labels: {}
# @param tasker.podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
# @param tasker.podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).
podAnnotations: {}
podLabels: {}
# @param tasker.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector).
# @param tasker.affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity).
# @param tasker.tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings.
nodeSelector: {}
affinity: {}
tolerations: {}
# @section Redis settings
redis:
image:
repository: 2gis-on-premise/keys-redis
tag: 6.2.6-alpine3.15
resources:
requests:
cpu: 50m
memory: 32Mi
limits:
cpu: 1
memory: 256Mi
# @param redis.port HTTP port for Redis to listen.
# @param redis.configPath Path to Redis configuration file.
port: 6379
configPath: /opt/redis.conf
# @param redis.password Redis password. Empty string if no authentication is required.
password: ''
# @param redis.useExternalRedis If true, external Redis server will be used.
# @param redis.host External Redis hostname or IP.
# @param redis.db External Redis database number.
useExternalRedis: false
host: ''
db: 1
# @param redis.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
# @param redis.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).
annotations: {}
labels: {}
# @param redis.podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
# @param redis.podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).
podAnnotations: {}
podLabels: {}
# @param redis.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector).
# @param redis.affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity).
# @param redis.tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings.
nodeSelector: {}
affinity: {}
tolerations: {}
# @section Database access settings
postgres:
# @extra postgres.ro **Settings for the read-only access**
# @param postgres.ro.host PostgreSQL hostname or IP. **Required**
# @param postgres.ro.port PostgreSQL port.
# @param postgres.ro.timeout PostgreSQL client connection timeout.
# @param postgres.ro.name PostgreSQL database name. **Required**
# @param postgres.ro.schema PostgreSQL database schema. If not specified, schema from SEARCH_PATH will be used.
# @param postgres.ro.username PostgreSQL username. **Required**
# @param postgres.ro.password PostgreSQL password. **Required**
ro:
host: ''
port: 5432
timeout: 3s
name: ''
schema: ''
username: ''
password: ''
# @extra postgres.rw **Settings for the read-write access**
# @param postgres.rw.host PostgreSQL hostname or IP. **Required**
# @param postgres.rw.port PostgreSQL port.
# @param postgres.rw.timeout PostgreSQL client connection timeout.
# @param postgres.rw.name PostgreSQL database name. **Required**
# @param postgres.rw.schema PostgreSQL database schema. If not specified, schema from SEARCH_PATH will be used.
# @param postgres.rw.username PostgreSQL username. **Required**
# @param postgres.rw.password PostgreSQL password. **Required**
rw:
host: ''
port: 5432
timeout: 3s
name: ''
schema: ''
username: ''
password: ''
# @section Kafka settings
kafka:
# @extra kafka.audit **Settings for sending audit messages.**
# @param kafka.audit.bootstrapServers Comma-separated list of host and port pairs that are the addresses of the Kafka brokers (e.g. 'localhost:9092,localhost:9093').
# @param kafka.audit.username Username for authorization (SASL/PLAINTEXT SHA-512).
# @param kafka.audit.password Password for authorization (SASL/PLAINTEXT SHA-512).
# @param kafka.audit.topic Topic to produce audit messages.
# @param kafka.audit.produce.retryCount Number of retries to produce a message.
# @param kafka.audit.produce.idempotentWrite Flag to enable/disable [idempotent write](https://docs.confluent.io/platform/current/installation/configuration/producer-configs.html#enable-idempotence).
audit:
bootstrapServers: ''
username: ''
password: ''
topic: ''
produce:
retryCount: 5
idempotentWrite: true
# @section LDAP connection settings
# @param ldap.host LDAP host.
# @param ldap.port LDAP port.
# @param ldap.useStartTLS If LDAP should use TLS.
# @param ldap.useLDAPS Use LDAPS instead of LDAP.
# @param ldap.skipServerCertificateVerify Trust the server certificate without verification.
# @param ldap.serverName Server name.
# @param ldap.clientCertificatePath Path to client certificate for authentication.
# @param ldap.clientKeyPath Path to client key for authentication.
# @param ldap.rootCertificateAuthoritiesPath Path to the Root CA certificate.
ldap:
host: ''
port: 3268
useStartTLS: false
useLDAPS: false
skipServerCertificateVerify: false
serverName: ''
clientCertificatePath: ''
clientKeyPath: ''
rootCertificateAuthoritiesPath: ''
# @extra ldap.bind **LDAP bind settings**
# @param ldap.bind.dn LDAP distinguished name.
# @param ldap.bind.password LDAP password.
bind:
dn: user
password: secret
# @extra ldap.search **LDAP search settings**
# @param ldap.search.baseDN LDAP base distinguished name.
# @param ldap.search.filter LDAP search filter.
search:
baseDN: dc=2gis
filter: (&(objectClass=user)(sAMAccountName=%s))
# @section Predefined keys
predefined:
# @extra predefined.service Predefined service keys.
# @param predefined.service.keys Keys map as: service -> key.
# @param predefined.service.aliases Aliases map as: service -> key.
service:
keys: {}
aliases: {}
# @section Deployment Artifacts Storage settings
# @param dgctlStorage.host S3 endpoint. Format: `host:port`. **Required**
# @param dgctlStorage.region S3 region name.
# @param dgctlStorage.secure Set to `true` if dgctlStorage.host must be accessed via https. **Required**
# @param dgctlStorage.verifySsl Set to `false` if dgctlStorage.host must be accessed via https without certificate validation. **Required**
# @param dgctlStorage.bucket S3 bucket name.
# @param dgctlStorage.accessKey S3 access key for accessing the bucket. **Required**
# @param dgctlStorage.secretKey S3 secret key for accessing the bucket. **Required**
# @param dgctlStorage.manifest The path to the [manifest file](https://docs.2gis.com/en/on-premise/overview#nav-lvl2@paramCommon_deployment_steps). Format: `manifests/0000000000.json` <br> This file contains the description of pieces of data that the service requires to operate.
dgctlStorage:
host: ''
region: ''
secure: false
verifySsl: true
bucket: keys
accessKey: ''
secretKey: ''
manifest: manifest.json
# @section Limits
# @extra admin.resources **Limits for the Admin service**
# @param admin.resources.requests.cpu A CPU request.
# @param admin.resources.requests.memory A memory request.
# @param admin.resources.limits.cpu A CPU limit.
# @param admin.resources.limits.memory A memory limit.
# @extra api.resources **Limits for the API service**
# @param api.resources.requests.cpu A CPU request.
# @param api.resources.requests.memory A memory request.
# @param api.resources.limits.cpu A CPU limit.
# @param api.resources.limits.memory A memory limit.
# @extra import.resources **Limits for the Import service**
# @param import.resources.requests.cpu A CPU request.
# @param import.resources.requests.memory A memory request.
# @param import.resources.limits.cpu A CPU limit.
# @param import.resources.limits.memory A memory limit.
# @extra migrate.resources **Limits for the Migrate service**
# @param migrate.resources.requests.cpu A CPU request.
# @param migrate.resources.requests.memory A memory request.
# @param migrate.resources.limits.cpu A CPU limit.
# @param migrate.resources.limits.memory A memory limit.
# @extra tasker.resources **Limits for the Tasker service**
# @param tasker.resources.requests.cpu A CPU request.
# @param tasker.resources.requests.memory A memory request.
# @param tasker.resources.limits.cpu A CPU limit.
# @param tasker.resources.limits.memory A memory limit.
# @extra redis.resources **Limits for Redis**
# @param redis.resources.requests.cpu A CPU request.
# @param redis.resources.requests.memory A memory request.
# @param redis.resources.limits.cpu A CPU limit.
# @param redis.resources.limits.memory A memory limit.
# @section customCAs **Custom Certificate Authority**
# @param customCAs.bundle Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1)
# @param customCAs.certsPath Custom CA bundle mount directory in the container.
customCAs:
bundle: ''
# bundle: |
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
certsPath: ''