From c541872588491ce80dc90789d44c53b15735ab11 Mon Sep 17 00:00:00 2001 From: antoninguyot Date: Thu, 9 Apr 2026 12:39:18 +0200 Subject: [PATCH] chore: helm values formatting for doc generation --- values.yaml | 589 ++++++++++++++++++++++++---------------------------- 1 file changed, 269 insertions(+), 320 deletions(-) diff --git a/values.yaml b/values.yaml index f55abef..a5e3f6d 100644 --- a/values.yaml +++ b/values.yaml @@ -1,71 +1,61 @@ -## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry, imagePullSecrets ## -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array ## global: + ## Global Docker image registry imageRegistry: "" - ## E.g. + ## @example ## imagePullSecrets: ## - myRegistryKeySecretName ## imagePullSecrets: [] - -## @section Common parameters ## -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## Force target Kubernetes version (using Helm capabilities if not set) ## kubeVersion: "" -## @param nameOverride String to partially override stream.fullname +## String to partially override stream.fullname ## nameOverride: "" -## @param fullnameOverride String to fully override stream.fullname +## String to fully override stream.fullname ## fullnameOverride: "" -## @param imageRegistry String to override the image registry for all containers +## String to override the image registry for all containers ## imageRegistry: "" -## @param commonLabels Labels to add to all deployed objects +## Labels to add to all deployed objects ## commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects +## Annotations to add to all deployed objects ## commonAnnotations: {} - -## @section Stream deployment parameters - ## By default, we fetch the Stream image from the Evertrust registry. ## If the tag is null or unset, the default value will be set the to the chart appVersion. ## As the official Evertrust registry is not in open-access, ## you should specify an image pull secret that has ## access to Stream images. ## -## ref https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ -## @param image.registry Stream image registry -## @param image.repository Stream image repository -## @param image.tag Stream image tag (immutable tags are recommended) -## @param image.flavor Stream image flavor (for HSM compatible images) -## @param image.pullPolicy Stream image pull policy -## @param image.pullSecrets Stream image pull secrets +## @ref https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## image: + ## Stream image registry registry: registry.evertrust.io + ## Stream image repository repository: stream + ## Stream image tag (immutable tags are recommended) tag: 2.1.7 + ## Stream image flavor (for HSM compatible images) flavor: "" + ## Stream image pull policy pullPolicy: IfNotPresent + ## Stream image pull secrets pullSecrets: [] - -## @param updateStrategy.type Stream deployment strategy type -## @param updateStrategy.rollingUpdate [object] Rolling update spec -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +## @ref https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods -## e.g: +## @example ## updateStrategy: ## type: RollingUpdate ## rollingUpdate: @@ -73,40 +63,38 @@ image: ## maxUnavailable: 25% ## updateStrategy: + ## Stream deployment strategy type type: Recreate - -## @param deploymentAnnotations Annotations to add to the deployment object +## Annotations to add to the deployment object ## deploymentAnnotations: {} - -## @param deploymentAnnotations Annotations to add to the deployment object +## Annotations to add to the deployment object ## deploymentLabels: {} - -## @param priorityClassName Stream pod priority class name +## Stream pod priority class name ## priorityClassName: "" -## @param hostAliases Stream pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## Stream pod host aliases +## @ref https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] -## @param extraVolumes Optionally specify extra list of additional volumes for Stream pods -## e.g: +## Optionally specify extra list of additional volumes for Stream pods +## @example ## extraVolumes: ## - name: extra-volume-name ## configMap: ## name: example-configmap ## extraVolumes: [] -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for Stream container(s) -## e.g: +## Optionally specify extra list of additional volumeMounts for Stream container(s) +## @example ## extraVolumeMounts: ## - name: extra-volume-name ## mountPath: /mnt/extra-volume ## extraVolumeMounts: [] -## @param sidecars Add additional sidecar containers to the Stream pod -## e.g: +## Add additional sidecar containers to the Stream pod +## @example ## sidecars: ## - name: your-image-name ## image: your-image @@ -116,64 +104,63 @@ extraVolumeMounts: [] ## containerPort: 1234 ## sidecars: [] -## @param initContainers Add additional init containers to the Stream pod +## Add additional init containers to the Stream pod initContainers: [] -## @param lifecycleHooks Add lifecycle hooks to the Stream deployment +## Add lifecycle hooks to the Stream deployment ## lifecycleHooks: {} -## @param podLabels Extra labels for Stream pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## Extra labels for Stream pods +## @ref https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} -## @param podAnnotations Annotations for Stream pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## Annotations for Stream pods +## @ref https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## @ref https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## @ref https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## @ref https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## type: "" - ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set + ## Node label key to match. Ignored if `affinity` is set ## key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set - ## E.g. + ## Node label values to match. Ignored if `affinity` is set + ## @example ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] -## @param revisionHistoryLimit Number of controller revisions to keep +## Number of controller revisions to keep revisionHistoryLimit: 3 -## @param replicas Replica count when no autoscaler is configured +## Replica count when no autoscaler is configured replicas: 1 -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## @ref https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} -## @param nodeSelector Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## Node labels for pod assignment +## @ref https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} -## @param tolerations Tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## Tolerations for pod assignment +## @ref https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] -## @param topologySpreadConstraints Spread Constraints for pod assignment -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -## E.g. +## Spread Constraints for pod assignment +## @ref https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +## @example ## topologySpreadConstraints: ## - maxSkew: 1 ## topologyKey: node @@ -181,118 +168,113 @@ tolerations: [] ## topologySpreadConstraints: [] ## Stream containers' resource requests and limits -## ref: https://kubernetes.io/docs/user-guide/compute-resources/ -## @param resources.limits [object] The resources limits for the Stream container -## @param resources.requests [object] The requested resources for the Stream container +## @ref https://kubernetes.io/docs/user-guide/compute-resources/ ## -## **Notes** : The JVM will automatically adapt the memory allocation pool +## The JVM will automatically adapt the memory allocation pool ## to the container allocated resources. ## resources: + ## The resources limits for the Stream container limits: {} + ## The requested resources for the Stream container requests: memory: 512Mi cpu: 300m ## Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enabled Stream pods' Security Context -## @param podSecurityContext.fsGroup Set Stream pod's Security Context fsGroup +## @ref https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## podSecurityContext: + ## Enabled Stream pods' Security Context enabled: true + ## Set Stream pod's Security Context fsGroup fsGroup: 1001 ## Configure Container Security Context (only main container) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enabled Stream containers' Security Context -## @param containerSecurityContext.runAsUser Set Stream container's Security Context runAsUser -## @param containerSecurityContext.runAsNonRoot Set Stream container's Security Context runAsNonRoot +## @ref https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## containerSecurityContext: + ## Enabled Stream containers' Security Context enabled: true + ## Set Stream container's Security Context runAsUser runAsUser: 1001 + ## Set Stream container's Security Context runAsNonRoot runAsNonRoot: true ## Configure extra options for Stream containers probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe +## @ref https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## livenessProbe: + ## Enable livenessProbe enabled: true + ## Initial delay seconds for livenessProbe initialDelaySeconds: 0 + ## Period seconds for livenessProbe periodSeconds: 10 + ## Timeout seconds for livenessProbe timeoutSeconds: 5 + ## Success threshold for livenessProbe successThreshold: 1 + ## Failure threshold for livenessProbe failureThreshold: 3 ## A startup probe allows us to define a shorter period to improve Stream time-to-liveliness time while preserving the Stream pod from a restart loop when it is slow to start. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes -## @param startupProbe.enabled Enable startupProbe. Since Stream is slow to start, this is highly recommended. -## @param startupProbe.periodSeconds Period seconds for startupProbe -## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @ref https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes ## startupProbe: + ## Enable startupProbe. Since Stream is slow to start, this is highly recommended. enabled: true + ## Failure threshold for startupProbe failureThreshold: 60 + ## Period seconds for startupProbe periodSeconds: 3 -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: + ## Enable readinessProbe enabled: true + ## Initial delay seconds for readinessProbe initialDelaySeconds: 0 + ## Period seconds for readinessProbe periodSeconds: 5 + ## Timeout seconds for readinessProbe timeoutSeconds: 3 + ## Success threshold for readinessProbe successThreshold: 1 + ## Failure threshold for readinessProbe failureThreshold: 3 - ## Stream Autoscaling configuration -## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ -## @param horizontalAutoscaler.enabled Enable Horizontal POD autoscaling for Stream -## @param horizontalAutoscaler.minReplicas Minimum number of Stream replicas -## @param horizontalAutoscaler.maxReplicas Maximum number of Stream replicas -## @param horizontalAutoscaler.targetCPU Target CPU utilization percentage -## @param horizontalAutoscaler.targetMemory Target Memory utilization percentage +## @ref https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## horizontalAutoscaler: + ## Enable Horizontal POD autoscaling for Stream enabled: false + ## Minimum number of Stream replicas minReplicas: 1 + ## Maximum number of Stream replicas maxReplicas: 3 + ## Target CPU utilization percentage targetCPU: 50 + ## Target Memory utilization percentage targetMemory: 50 - ## Pod Disruption Budget configuration -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## @ref https://kubernetes.io/docs/tasks/run-application/configure-pdb/ ## disruptionBudget: - ## @param disruptionBudget.enabled Created a PodDisruptionBudget + ## Created a PodDisruptionBudget ## enabled: false - ## @param disruptionBudget.minAvailable Min number of pods that must still be available after the eviction + ## Min number of pods that must still be available after the eviction ## minAvailable: 1 - ## @param disruptionBudget.maxUnavailable Max number of pods that can be unavailable after the eviction + ## Max number of pods that can be unavailable after the eviction ## maxUnavailable: 0 - ## Configure environment variable injections into Stream's pods. ## This is the way you should inject secrets into the app if you wish ## to use the Kubernetes secrets implementation. ## -## ref: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/ -## @param environment [array] Extra env vars passed to the Stream pods +## @ref https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/ environment: [] - ## Pod's DNS Configuration -## https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config +## @ref https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config ## This value is useful if you need to resolve your custom domain for ACME challenges -## Example: +## @example ## nameservers: ## - 1.2.3.4 ## searches: @@ -302,85 +284,80 @@ environment: [] ## - name: ndots ## value: "2" dnsConfig: {} - -# Pod's DNS Policy -# https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy +## Pod's DNS Policy +## @ref https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy dnsPolicy: ClusterFirst - -## @section Stream Service configuration -## +## Service configuration service: - ## @param service.type Kubernetes service type + ## Kubernetes service type ## type: ClusterIP - ## @param service.clusterIP Stream service clusterIP IP - ## e.g: + ## Stream service clusterIP IP + ## @example ## clusterIP: None ## clusterIP: "" - ## @param service.loadBalancerIP for the Stream Service (optional, cloud specific) - ## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## Load balancer IP for the Stream Service (optional, cloud specific) + ## @ref https://kubernetes.io/docs/user-guide/services/#type-loadbalancer ## loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## Example: + ## Address that are allowed when service is LoadBalancer + ## @ref https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## @example ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## Enable client source IP preservation + ## @ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip ## externalTrafficPolicy: Cluster - ## @param service.extraPorts Extra port to expose on Stream service + ## Extra port to expose on Stream service ## extraPorts: [] - ## @param service.annotations Annotations for Stream service + ## Annotations for Stream service ## annotations: {} - -## @section Stream Ingress configuration -## -## ref https://kubernetes.io/docs/concepts/services-networking/ingress/ +## Ingress configuration +## @ref https://kubernetes.io/docs/concepts/services-networking/ingress/ ingress: - ## @param ingress.enabled Set to true to enable ingress record generation + ## Set to true to enable ingress record generation ## enabled: false - ## @param ingress.ingressClassName IngressClass that will be used to implement the Ingress (Kubernetes 1.18+) + ## IngressClass that will be used to implement the Ingress (Kubernetes 1.18+) ingressClassName: "" - ## @param ingress.hostname Default host for the ingress resource + ## Default host for the ingress resource ## hostname: "" - ## @param ingress.path Default path for the ingress record + ## Default path for the ingress record ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers ## path: / - ## @param ingress.pathType Ingress path type + ## Ingress path type ## pathType: Prefix - ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. - ## e.g: + ## Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## @example ## annotations: ## cert-manager.io/cluster-issuer: cluster-issuer-name ## annotations: {} - ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter + ## Enable TLS configuration for the hostname defined at ingress.hostname ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} ## You can use the ingress.secrets parameter to create this TLS secret, relay on cert-manager to create it, or ## let the chart create self-signed certificates for you ## tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Additional hostnames to be covered with this ingress record ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## Example: + ## @example ## extraHosts: ## - name: stream.local ## path: / ## extraHosts: [] - ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host - ## e.g: + ## An array with additional arbitrary paths that may need to be added to the ingress under the main host + ## @example ## extraPaths: ## - path: /* ## backend: @@ -388,18 +365,18 @@ ingress: ## servicePort: use-annotation ## extraPaths: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## Example: + ## The tls configuration for additional hostnames to be covered with this ingress record. + ## @ref https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## @example ## extraTls: ## - hosts: ## - stream.local ## secretName: stream.local-tls ## extraTls: [] - ## @param ingress.extraRules Additional rules to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules - ## e.g: + ## Additional rules to be covered with this ingress record + ## @ref https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## @example ## extraRules: ## - host: stream.local ## http: @@ -411,16 +388,12 @@ ingress: ## name: http ## extraRules: [] - -## @section Stream application parameters - ## Configure the Play secret for the Stream instance. ## As this is used for cryptographic purposes, it should be fetched ## from the environment. ## -## ref https://www.playframework.com/documentation/2.8.x/ApplicationSecret -## @param appSecret [object] Application secret used for encrypting session data and cookies -## E.g. +## @ref https://www.playframework.com/documentation/2.8.x/ApplicationSecret +## @example ## appSecret: ## valueFrom: ## secretKeyRef: @@ -430,31 +403,27 @@ ingress: appSecret: secretName: "" secretKey: "" - ## A valid Stream license is required for the software to run. ## You should store it (base64-encoded) in a Kubernetes secret and specify ## the secret details here. -## ref: README.md -## @param license.secretName Existing secret name where the Stream license is stored -## @param license.secretKey Existing secret key where the Stream license is stored +## @ref README.md license: + ## Existing secret name where the Stream license is stored secretName: "" + ## Existing secret key where the Stream license is stored secretKey: "" - ## Set up initial admin user. -## @param initialAdminHashPassword.enabled Whether to enable the initial admin user -## @param initialAdminHashPassword.secretName Existing secret name where the initial admin password is stored -## @param initialAdminHashPassword.secretKey Existing secret key where the initial admin password is stored initialAdminHashPassword: + ## Whether to enable the initial admin user enabled: false + ## Existing secret name where the initial admin password is stored secretName: "" + ## Existing secret key where the initial admin password is stored secretKey: "" - ## Additional allowed hosts that are whitelisted to access the Stream UI. ## Configured ingresses will automatically be added to the list, this should ## only be used when port forwarding or when an ingress is created manually. -## @param allowedHosts [array] Additional allowed hosts. -## E.g. +## @example ## allowedHosts: ## - localhost:9000 ## - demo.example.org @@ -462,10 +431,8 @@ initialAdminHashPassword: allowedHosts: - localhost:9000 - localhost:9443 - ## Depending on your Kubernetes environment, Ingress IPs may be unpredictable. In that case, you should trust whitelist every IP in your local addressing space. -## @param trustedProxies [array] Trusted proxies. -## E.g. +## @example ## trustedProxies: ## - 0.0.0.0/0 ## - ::/0 @@ -473,249 +440,230 @@ allowedHosts: trustedProxies: - 0.0.0.0/0 - ::/0 - ## Configuration for Stream events -## @param events.chainsign Whether Stream events should be signed and chained using the event seal secret. -## @param events.secret [object] Secret used to sign and chain events. -## @param events.ttl Duration during which events are kept in database. -## @param events.discoveryTtl Duration during which discovery events are kept in database. events: + ## Whether Stream events should be signed and chained using the event seal secret. chainsign: true + ## Duration during which events are kept in database. ttl: 90 days secretName: "" secretKey: "" - -## @param keyset.secretName Existing secret name where the Tink keyset is stored -## @param keyset.secretKey Existing secret key where the Tink keyset is stored keyset: + ## Existing secret name where the Tink keyset is stored secretName: "" + ## Existing secret key where the Tink keyset is stored secretKey: "" - -## @param logFormat Format in which logs will be outputted. Can be set either to "console" or "json" for structured logging. +## Format in which logs will be outputted. Can be set either to "console" or "json" for structured logging. logFormat: console - -## @param tls.enabled Whether to use the HTTPS port by default on ingresses and other services -## @param tls.secretName Existing secret name where a PKCS12 certificate is stored -## @param tls.secretKey Existing secret key where the PKCS12 certificate is stored tls: + ## Whether to use the HTTPS port by default on ingresses and other services enabled: false + ## Existing secret name where a PKCS12 certificate is stored secretName: "" + ## Existing secret key where the PKCS12 certificate is stored secretKey: "" - -## @param rbac.create Whether to create RBAC resources rbac: + ## Whether to create RBAC resources create: true - ## Stream pods ServiceAccount -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## @ref https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## serviceAccount: - ## @param serviceAccount.create Enable the creation of a ServiceAccount for Horizon pods + ## Enable the creation of a ServiceAccount for Stream pods ## create: true - ## @param serviceAccount.name Name of the created ServiceAccount - ## If not set and create is true, a name is generated using the horizon.fullname template + ## Name of the created ServiceAccount + ## + ## If not set and create is true, a name is generated using the stream.fullname template ## name: "" - ## @param serviceAccount.annotations Annotations for Horizon Service Account + ## Annotations for Stream Service Account ## annotations: {} - ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account + ## Automount service account token for the server service account ## automountServiceAccountToken: true - -## @param leases.enabled Whether leases should be used when launching multiple replicas of Stream pods. This requires the leases.akka.io CRD to be installed. leases: + ## Whether leases should be used when launching multiple replicas of Stream pods. This requires the leases.akka.io CRD to be installed. enabled: true - -## @param clientCertificateHeader Indicates to Stream in which header the client certificate will be passed by the Ingress controller. +## Indicates to Stream in which header the client certificate will be passed by the Ingress controller. clientCertificateHeader: "" - -## @param podsDirectConnect Whether Stream pods should connect to each other directly via IP, or through a DNS record generated by a Kubernetes DNS server. +## Whether Stream pods should connect to each other directly via IP, or through a DNS record generated by a Kubernetes DNS server. ## Useful if the kube-dns server is configured with "pods disabled" or if you use GKE Cloud DNS ## NOTE: This is not support by Istio podsDirectConnect: false - -## @param extraConfig Additional configuration for Stream +## Additional configuration for Stream. ## Injecting arbitrary config could result in unexpected behavior. Proceed with caution. -## ref: https://docs.evertrust.fr/stream/admin-guide/-/parameters +## @ref https://docs.evertrust.fr/stream/admin-guide/-/parameters ## -## Eg. +## @example ## extraConfig: | ## stream { ## notification.mail.attachment.extension.der = "der" ## } extraConfig: "" - -## @section Database parameters - temporaryDatabase: - ## @param temporaryDatabase.enabled Whether to enable the deployment of a temporary MongoDB instance + ## Whether to enable the deployment of a temporary MongoDB instance enabled: true - - ## @param temporaryDatabase.image.registry MongoDB image registry - ## @param temporaryDatabase.image.repository MongoDB image repository - ## @param temporaryDatabase.image.tag MongoDB image tag (immutable tags are recommended) - ## @param temporaryDatabase.image.pullPolicy MongoDB image pull policy - ## @param temporaryDatabase.image.pullSecrets MongoDB image pull secrets - ## + ## MongoDB image image: + ## MongoDB image registry registry: ~ + ## MongoDB image repository repository: mongo + ## MongoDB image tag (immutable tags are recommended) tag: 7 + ## MongoDB image pull policy pullPolicy: IfNotPresent + ## MongoDB image pull secrets pullSecrets: [] persistence: - ## @param temporaryDatabase.persistence.enabled Whether to enable persistence on the temporary MongoDB + ## Whether to enable persistence on the temporary MongoDB enabled: true - ## @param temporaryDatabase.persistence.annotations Extra annotations to add to the PVC + ## Extra annotations to add to the PVC annotations: {} - ## @param temporaryDatabase.persistence.storageClass Storage class of backing PVC + ## Storage class of backing PVC storageClass: "" - ## @param temporaryDatabase.persistence.accessModes Access modes of the PVC + ## Access modes of the PVC accessModes: - ReadWriteOnce - ## @param temporaryDatabase.persistence.size Size of data volume for MongoDB + ## Size of data volume for MongoDB size: "1Gi" - ## MongoDB container resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param temporaryDatabase.resources.limits [object] The resources limits for the MongoDB container - ## @param temporaryDatabase.resources.requests [object] The requested resources for the MongoDB container + ## @ref https://kubernetes.io/docs/user-guide/compute-resources/ ## resources: + ## The resources limits for the MongoDB container limits: memory: 512Mi cpu: 500m + ## The requested resources for the MongoDB container requests: memory: 512Mi cpu: 500m - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param temporaryDatabase.podSecurityContext.enabled Enabled MongoDB pods' Security Context - ## @param temporaryDatabase.podSecurityContext.fsGroup Set MongoDB pod's Security Context fsGroup + ## @ref https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## podSecurityContext: + ## Enabled MongoDB pods' Security Context enabled: true + ## Set MongoDB pod's Security Context fsGroup fsGroup: 1001 ## Configure Container Security Context (only main container) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param temporaryDatabase.containerSecurityContext.enabled Enabled MongoDB containers' Security Context - ## @param temporaryDatabase.containerSecurityContext.runAsUser Set MongoDB container's Security Context runAsUser - ## @param temporaryDatabase.containerSecurityContext.runAsNonRoot Set MongoDB container's Security Context runAsNonRoot + ## @ref https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## containerSecurityContext: + ## Enabled MongoDB containers' Security Context enabled: true + ## Set MongoDB container's Security Context runAsUser runAsUser: 1001 + ## Set MongoDB container's Security Context runAsNonRoot runAsNonRoot: true - -## @section Upgrade parameters upgrade: - ## @param upgrade.enabled If true, an upgrade job will be run when upgrading the release, modifying your database schema. This works even if `mongodb.enabled` is set to false. + ## If true, an upgrade job will be run when upgrading the release, modifying your database schema. This works even if `mongodb.enabled` is set to false. ## enabled: true - ## @param upgrade.enabled If true, an upgrade job will be run everytime the Chart is installed or upgraded. + ## If true, an upgrade job will be run every time the Chart is installed or upgraded. ## force: false - ## @param upgrade.image.registry Stream image registry - ## @param upgrade.image.repository Stream image repository - ## @param upgrade.image.tag Stream image tag (immutable tags are recommended) - ## @param upgrade.image.pullPolicy Stream image pull policy - ## @param upgrade.image.pullSecrets Stream image pull secrets - ## + ## Upgrade image image: + ## Stream image registry registry: registry.evertrust.io + ## Stream image repository repository: stream-upgrade + ## Stream image tag (immutable tags are recommended) tag: 2.1.7 + ## Stream image pull policy pullPolicy: IfNotPresent + ## Stream image pull secrets pullSecrets: [] ## stream-upgrade container resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param upgrade.resources.limits [object] The resources limits for the Stream container - ## @param upgrade.resources.requests [object] The requested resources for the Stream container + ## @ref https://kubernetes.io/docs/user-guide/compute-resources/ ## resources: + ## The resources limits for the Stream container limits: memory: 512Mi cpu: 500m + ## The requested resources for the Stream container requests: memory: 512Mi cpu: 500m ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param upgrade.podSecurityContext.enabled Enabled Stream pods' Security Context - ## @param upgrade.podSecurityContext.fsGroup Set Stream pod's Security Context fsGroup + ## @ref https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## podSecurityContext: + ## Enabled Stream pods' Security Context enabled: true + ## Set Stream pod's Security Context fsGroup fsGroup: 1001 ## Configure Container Security Context (only main container) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param upgrade.containerSecurityContext.enabled Enabled Stream containers' Security Context - ## @param upgrade.containerSecurityContext.runAsUser Set Stream container's Security Context runAsUser - ## @param upgrade.containerSecurityContext.runAsNonRoot Set Stream container's Security Context runAsNonRoot + ## @ref https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## containerSecurityContext: + ## Enabled Stream containers' Security Context enabled: true + ## Set Stream container's Security Context runAsUser runAsUser: 1001 + ## Set Stream container's Security Context runAsNonRoot runAsNonRoot: true - ## @param upgrade.from Sets to the version you're upgrading from. If empty, the chart will try to infer the version from the database. + ## Sets to the version you're upgrading from. If empty, the chart will try to infer the version from the database. ## from: "" - ## @param upgrade.to Sets the version you're upgrading to. If empty, the chart will use Chart.AppVersion. + ## Sets the version you're upgrading to. If empty, the chart will use Chart.AppVersion. ## to: "" - ## @param upgrade.extraVolumes Optionally specify extra list of additional volumes for upgrade pods + ## Optionally specify extra list of additional volumes for upgrade pods + ## @example ## extraVolumes: ## - name: certificates ## secret: ## secretName: mongodb-x509 ## extraVolumes: [] - ## @param upgrade.extraVolumeMounts Optionally specify extra list of additional volumeMounts for upgrade containers + ## Optionally specify extra list of additional volumeMounts for upgrade containers + ## @example ## extraVolumeMounts: ## - name: certificates ## mountPath: /certs ## readOnly: true ## extraVolumeMounts: [] - ## @param upgrade.nodeSelector [object] Node labels for upgrade pod assignment - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## Node labels for upgrade pod assignment + ## @ref https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} - ## @param upgrade.tolerations [array] Tolerations for upgrade pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## Tolerations for upgrade pod assignment + ## @ref https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] - ## Configuration for a Stream external database ## Refer to the Stream installation guide to configure the installation correctly ## -## @param externalDatabase.uri [object] External MongoDB URI. For an external database to be used, `mongodb.enabled` must be set to `false`. externalDatabase: + ## Existing secret name where the external MongoDB URI is stored secretName: "" + ## Existing secret key where the external MongoDB URI is stored secretKey: "" - ## Configuration for the Stream mailer. ## You should configure this if you want your Stream instance to be able ## to send emails. ## You should fetch credentials from the environment if they are required. -## @param mailer.host SMTP host -## @param mailer.port SMTP host port -## @param mailer.tls Enable TLS for this SMTP host -## @param mailer.ssl Enable SSL for this SMTP host -## @param mailer.user Authentication username for this SMTP host -## @param mailer.password [object] Authentication password for this SMTP host mailer: + ## SMTP host host: "" + ## SMTP host port port: "" + ## Enable TLS for this SMTP host tls: "" + ## Enable SSL for this SMTP host ssl: "" + ## Authentication username for this SMTP host user: "" ## The password field can be a reference to a secret. - ## E.g. + ## @example ## password: ## valueFrom: ## secretKeyRef: @@ -723,61 +671,60 @@ mailer: ## key: mailerPassword ## password: {} - -## @section Backup parameters backup: - ## @param backup.enabled Whether to enable backup + ## Whether to enable backup enabled: false - ## @param backup.annotations Extra annotations to add to the backup job + ## Extra annotations to add to the backup job annotations: {} - ## @param backup.labels Extra labels to add to the backup job + ## Extra labels to add to the backup job labels: {} - ## @param backup.suspended Whether to suspend backup scheduling + ## Whether to suspend backup scheduling suspended: false - ## @param backup.schedule Cron expression for the backup job + ## Cron expression for the backup job schedule: "0 * * * *" - ## @param backup.schedule Cron expression for the backup job + ## Successful jobs history limit successfulJobsHistoryLimit: 1 - ##@ param backup.failedJobsHistoryLimit Cron expression for the backup job + ## Failed jobs history limit failedJobsHistoryLimit: 3 - ## @param backup.backoffLimit Cron expression for the backup job + ## Backoff limit for the backup job backoffLimit: 3 - ## @param backup.image.repository toolbox image repository - ## @param backup.image.tag toolbox image tag (immutable tags are recommended) - ## @param backup.image.pullPolicy toolbox image pull policy - ## @param backup.image.pullSecrets toolbox image pull secrets + ## Toolbox image image: registry: quay.io/evertrust + ## Toolbox image repository repository: toolbox + ## Toolbox image tag (immutable tags are recommended) tag: v0.6.1 + ## Toolbox image pull policy pullPolicy: IfNotPresent + ## Toolbox image pull secrets pullSecrets: [] ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param backup.podSecurityContext.enabled Enabled Horizon pods' Security Context - ## @param backup.podSecurityContext.fsGroup Set Horizon pod's Security Context fsGroup + ## @ref https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## podSecurityContext: + ## Enabled Stream pods' Security Context enabled: true + ## Set Stream pod's Security Context fsGroup fsGroup: 1001 ## Configure Container Security Context (only main container) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param backup.containerSecurityContext.enabled Enabled Horizon containers' Security Context - ## @param backup.containerSecurityContext.runAsUser Set Horizon container's Security Context runAsUser - ## @param backup.containerSecurityContext.runAsNonRoot Set Horizon container's Security Context runAsNonRoot + ## @ref https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## containerSecurityContext: + ## Enabled Stream containers' Security Context enabled: true + ## Set Stream container's Security Context runAsUser runAsUser: 1001 + ## Set Stream container's Security Context runAsNonRoot runAsNonRoot: true ## backup container resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param backup.resources.limits [object] The resources limits for the backup container - ## @param backup.resources.requests [object] The requested resources for the backup container + ## @ref https://kubernetes.io/docs/user-guide/compute-resources/ resources: + ## The resources limits for the backup container limits: cpu: 500m memory: 512Mi + ## The requested resources for the backup container requests: cpu: 500m memory: 512Mi @@ -785,53 +732,55 @@ backup: ## This is the way you should inject secrets into the app if you wish ## to use the Kubernetes secrets implementation. ## - ## ref: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/ - ## @param backup.environment [array] Extra env vars passed to the backup pods + ## @ref https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/ environment: [] - ## @param backup.envFrom [array] Extra env vars passed to the backup pods + ## Extra env vars passed to the backup pods envFrom: [] - ## @param backup.extraVolumes Optionally specify extra list of additional volumes for backup pods + ## Optionally specify extra list of additional volumes for backup pods + ## @example ## extraVolumes: ## - name: certificates ## secret: ## secretName: mongodb-x509 ## extraVolumes: [] - ## @param backup.extraVolumeMounts Optionally specify extra list of additional volumeMounts for backup containers + ## Optionally specify extra list of additional volumeMounts for backup containers + ## @example ## extraVolumeMounts: ## - name: certificates ## mountPath: /certs ## readOnly: true ## extraVolumeMounts: [] - ## @param backup.nodeSelector [object] Node labels for backup pod assignment - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## Node labels for backup pod assignment + ## @ref https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} - ## @param backup.tolerations [array] Tolerations for backup pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## Tolerations for backup pod assignment + ## @ref https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] - ## @param backup.affinity [object] Affinity for the backup job (e.g., nodeAffinity, podAffinity, podAntiAffinity) - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + ## Affinity for the backup job (e.g., nodeAffinity, podAffinity, podAntiAffinity) + ## @ref https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity ## affinity: {} - -## @param extraObjects [array] Create a dynamic manifests via values: +## Create dynamic manifests via values +## +## @example +## - apiVersion: "kubernetes-client.io/v1" +## kind: ExternalSecret +## metadata: +## name: stream-secrets +## spec: +## backendType: gcpSecretsManager +## data: +## - key: stream-secret-key +## name: stream-secret-name extraObjects: [] - ## - apiVersion: "kubernetes-client.io/v1" - ## kind: ExternalSecret - ## metadata: - ## name: stream-secrets - ## spec: - ## backendType: gcpSecretsManager - ## data: - ## - key: stream-secret-key - ## name: stream-secret-name ## Enable Prometheus metrics metrics: - ## @param metrics.enabled Whether to enable Prometheus metrics + ## Whether to enable Prometheus metrics enabled: false - ## @param metrics.port Prometheus metrics port + ## Prometheus metrics port port: 9095