diff --git a/.github/workflows/chart-update-readme-and-golden-files.yaml b/.github/workflows/chart-chores.yaml similarity index 92% rename from .github/workflows/chart-update-readme-and-golden-files.yaml rename to .github/workflows/chart-chores.yaml index f618f2b10a..7e707b33be 100644 --- a/.github/workflows/chart-update-readme-and-golden-files.yaml +++ b/.github/workflows/chart-chores.yaml @@ -1,11 +1,11 @@ -name: "Chart - Update Golden Files and README" +name: "Chart - Chores" on: pull_request: branches: - main paths: - - ".github/workflows/chart-update-readme-and-golden-files.yaml" + - ".github/workflows/chart-chores.yaml" - "charts/**" permissions: @@ -34,11 +34,10 @@ jobs: echo "should-run=${SHOULD_RUN}" | tee -a ${GITHUB_OUTPUT} outputs: should-run: ${{ steps.conditions.outputs.should-run }} - chores: needs: [init] if: needs.init.outputs.should-run == 'true' - name: Update README And Golden Files + name: Chart chores runs-on: ubuntu-latest steps: # @@ -91,10 +90,14 @@ jobs: run: | chartPath="${CHANGED_CHARTS}" \ make helm.readme-update + - name: Update Schema + run: | + chartPath="${CHANGED_CHARTS}" \ + make helm.schema-update - name: Git pull run: git pull --rebase --autostash . - uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4 with: author_name: "distro-ci[bot]" author_email: "122795778+distro-ci[bot]@users.noreply.github.com" - message: "chore: Update golden files" + message: "chore: chart chores" diff --git a/Makefile b/Makefile index f091650664..b81ab5aba9 100644 --- a/Makefile +++ b/Makefile @@ -158,6 +158,19 @@ helm.readme-update: --readme "$${chart_dir}/README.md";\ done +# helm.schema-update: generate schema from values file +.PHONY: helm.schema-update +helm.schema-update: + for chart_dir in $(chartPath); do \ + if echo "$${chart_dir}" | grep -qE "camunda-platform-8\.(2|3|4|5|6)$$"; then \ + continue; \ + fi; \ + echo "\n[$@] Chart dir: $${chart_dir}"; \ + readme-generator \ + --values "$${chart_dir}/values.yaml" \ + --schema "$${chart_dir}/values.schema.json";\ + done + ######################################################### ######### Release ######################################################### diff --git a/charts/camunda-platform-alpha/README.md b/charts/camunda-platform-alpha/README.md index 69319058b5..56f710fed9 100644 --- a/charts/camunda-platform-alpha/README.md +++ b/charts/camunda-platform-alpha/README.md @@ -407,9 +407,9 @@ Please see the corresponding [release guide](../../docs/release.md) to find out | `global.secrets.name` | defines the name of the secret object that has the auto-generated passwords. | `camunda-credentials` | | `global.secrets.annotations` | defines the secret object annotations that utilize Helm hooks to keep that object out of the Helm deployment. | `{}` | | `global.license` | | | -| `global.license.key` | if set, it will be exposed as "CAMUNDA_LICENSE_KEY" in the apps. | `nil` | -| `global.license.existingSecret` | you can provide an existing secret name for Camunda license secret. | `nil` | -| `global.license.existingSecretKey` | you can provide the key within the existing secret object for Camunda license key. | `nil` | +| `global.license.key` | if set, it will be exposed as "CAMUNDA_LICENSE_KEY" in the apps. | `""` | +| `global.license.existingSecret` | you can provide an existing secret name for Camunda license secret. | `""` | +| `global.license.existingSecretKey` | you can provide the key within the existing secret object for Camunda license key. | `""` | | `global.compatibility` | Compatibility adaptations for Kubernetes platforms | | | `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` | | `global.multitenancy` | | | @@ -420,7 +420,7 @@ Please see the corresponding [release guide](../../docs/release.md) to find out | `global.annotations` | Annotations can be used to define common annotations, which should be applied to all deployments | `{}` | | `global.labels.app` | Name of the application | `camunda-platform` | | `global.image.registry` | Can be used to set container image registry. | `""` | -| `global.image.tag` | defines the tag / version which should be used in the most of the apps. | `nil` | +| `global.image.tag` | defines the tag / version which should be used in the most of the apps. | `""` | | `global.image.pullPolicy` | defines the image pull policy which should be used https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy | `Always` | | `global.image.pullSecrets` | can be used to configure image pull secrets https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod | `[]` | | `global.ingress` | | | @@ -437,11 +437,11 @@ Please see the corresponding [release guide](../../docs/release.md) to find out | `global.elasticsearch.external` | if true, tries to connect to an external elasticsearch | `false` | | `global.elasticsearch.tls` | | | | `global.elasticsearch.tls.enabled` | enable tls for external elasticsearch | `false` | -| `global.elasticsearch.tls.existingSecret` | provide an already existing tls secret for connecting to external elasticsearch | `nil` | +| `global.elasticsearch.tls.existingSecret` | provide an already existing tls secret for connecting to external elasticsearch | `""` | | `global.elasticsearch.auth` | | | -| `global.elasticsearch.auth.username` | the username for external elasticsearch | `nil` | -| `global.elasticsearch.auth.password` | the password for external elasticsearch | `nil` | -| `global.elasticsearch.auth.existingSecret` | you can provide an existing secret for the external elasticsearch password | `nil` | +| `global.elasticsearch.auth.username` | the username for external elasticsearch | `""` | +| `global.elasticsearch.auth.password` | the password for external elasticsearch | `""` | +| `global.elasticsearch.auth.existingSecret` | you can provide an existing secret for the external elasticsearch password | `""` | | `global.elasticsearch.auth.existingSecretKey` | you can provide an existing secret key for the external elasticsearch password | `password` | | `global.elasticsearch.disableExporter` | DEPRECATED: this value is not needed anymore. Use global.elasticsearch.enabled | `false` | | `global.elasticsearch.url` | Configuration to configure elasticsearch url | | @@ -455,18 +455,18 @@ Please see the corresponding [release guide](../../docs/release.md) to find out | `global.opensearch.aws.enabled` | Enabling AWS IRSA | `false` | | `global.opensearch.tls` | | | | `global.opensearch.tls.enabled` | enable tls for external opensearch | `false` | -| `global.opensearch.tls.existingSecret` | provide an already existing tls secret for connecting to external opensearch | `nil` | +| `global.opensearch.tls.existingSecret` | provide an already existing tls secret for connecting to external opensearch | `""` | | `global.opensearch.auth` | | | -| `global.opensearch.auth.username` | the username for external opensearch | `nil` | -| `global.opensearch.auth.password` | the password for external opensearch | `nil` | -| `global.opensearch.auth.existingSecret` | you can provide an existing secret for the external opensearch password | `nil` | +| `global.opensearch.auth.username` | the username for external opensearch | `""` | +| `global.opensearch.auth.password` | the password for external opensearch | `""` | +| `global.opensearch.auth.existingSecret` | you can provide an existing secret for the external opensearch password | `""` | | `global.opensearch.auth.existingSecretKey` | you can provide an existing secret key for the external opensearch password | `password` | | `global.opensearch.url` | Configuration to configure opensearch url | | | `global.opensearch.url.protocol` | defines the external opensearch access protocol | `https` | -| `global.opensearch.url.host` | defines the external opensearch host, ideally the service name inside the namespace | `nil` | +| `global.opensearch.url.host` | defines the external opensearch host, ideally the service name inside the namespace | `""` | | `global.opensearch.url.port` | defines the external opensearch port, under which opensearch can be accessed | `443` | | `global.zeebeClusterName` | ZeebeClusterName defines the cluster name for the Zeebe cluster. All Zeebe pods get this prefix in their name and the brokers uses that as cluster name. | `{{ .Release.Name }}-zeebe` | -| `global.identity.service.url` | | `nil` | +| `global.identity.service.url` | | `""` | | `global.identity.keycloak.internal` | It's useful for using existing Keycloak in another namespace with and access it with the combined Ingress. | `false` | | `global.identity.keycloak.url` | can be used incorporate with "identityKeycloak.enabled: false" to use your own Keycloak instead of the one comes with Camunda Helm chart. | `{}` | | `global.identity.keycloak.contextPath` | In Keycloak v16.x.x it's hard-coded as '/auth', but in v19.x.x it's '/'. | `/auth` | @@ -488,11 +488,11 @@ Please see the corresponding [release guide](../../docs/release.md) to find out | `global.identity.auth.identity` | configuration to configure Identity authentication specifics on global level, which can be accessed by other components | | | `global.identity.auth.identity.clientId` | defines the client id, which is used by Identity in authentication flows. | `camunda-identity` | | `global.identity.auth.identity.audience` | defines the audience, which is used by Identity. | `camunda-identity-resource-server` | -| `global.identity.auth.identity.existingSecret` | can be used to reference an existing secret. This should ONLY be used for an external OIDC provider. If not set, a random secret is generated. | `nil` | +| `global.identity.auth.identity.existingSecret` | can be used to reference an existing secret. This should ONLY be used for an external OIDC provider. If not set, a random secret is generated. | `""` | | `global.identity.auth.identity.existingSecretKey` | defines the key within the existing secret object. | `identity-oidc-client-token` | | `global.identity.auth.identity.redirectUrl` | defines the redirect URL, which is used by the auth platform to access Identity. | `http://localhost:8085` | | `global.identity.auth.identity.initialClaimName` | defines the initial claim name, which is used by Identity to configure initial mapping rules, | `oid` | -| `global.identity.auth.identity.initialClaimValue` | defines the initial claim value, which is used by Identity to configure initial mapping rules. | `nil` | +| `global.identity.auth.identity.initialClaimValue` | defines the initial claim value, which is used by Identity to configure initial mapping rules. | `""` | | `global.identity.auth.console` | configuration to configure Console authentication specifics on global level, which can be accessed by other components | | | `global.identity.auth.console.clientId` | defines the client id, which is used by Console in authentication flows. | `console` | | `global.identity.auth.console.audience` | defines the audience which is used by Console's client API. | `console-api` | @@ -515,7 +515,7 @@ Please see the corresponding [release guide](../../docs/release.md) to find out | `global.identity.auth.core.existingSecret.name` | can be used to use an own existing secret. If not set a random secret is generated. | `camunda-credentials` | | `global.identity.auth.core.existingSecretKey` | defines the key within the existing secret object. | `identity-core-client-token` | | `global.identity.auth.core.redirectUrl` | defines the root (or redirect) URL, which is used by Keycloak to access Tasklist. | `http://localhost:8082` | -| `global.identity.auth.core.tokenScope` | defines the token scope, which is used by Core. | `nil` | +| `global.identity.auth.core.tokenScope` | defines the token scope, which is used by Core. | `""` | | `global.identity.auth.optimize` | configuration to configure Optimize authentication specifics on global level, which can be accessed by other components | | | `global.identity.auth.optimize.audience` | defines the audience, which is used by Optimize. | `optimize-api` | | `global.identity.auth.optimize.clientId` | defines the client id, which is used by Optimize in authentication flows. | `optimize` | @@ -620,13 +620,13 @@ Please see the corresponding [release guide](../../docs/release.md) to find out | `identity.serviceAccount.annotations` | can be used to set the annotations of the identity service account | `{}` | | `identity.serviceAccount.automountServiceAccountToken` | can be used to control whether the service account token should be automatically mounted | `true` | | `identity.externalDatabase.enabled` | | `false` | -| `identity.externalDatabase.host` | Database host | `nil` | -| `identity.externalDatabase.port` | Database port number | `nil` | -| `identity.externalDatabase.username` | Non-root username | `nil` | -| `identity.externalDatabase.password` | Password for the non-root username | `nil` | -| `identity.externalDatabase.database` | The database name | `nil` | -| `identity.externalDatabase.existingSecret` | Name of an existing secret resource containing the database credentials | `nil` | -| `identity.externalDatabase.existingSecretPasswordKey` | Name of an existing secret key containing the database credentials | `nil` | +| `identity.externalDatabase.host` | Database host | `""` | +| `identity.externalDatabase.port` | Database port number | `5432` | +| `identity.externalDatabase.username` | Non-root username | `""` | +| `identity.externalDatabase.password` | Password for the non-root username | `""` | +| `identity.externalDatabase.database` | The database name | `""` | +| `identity.externalDatabase.existingSecret` | Name of an existing secret resource containing the database credentials | `""` | +| `identity.externalDatabase.existingSecretPasswordKey` | Name of an existing secret key containing the database credentials | `""` | | `identity.configuration` | if specified, contents will be used as the application.yaml | `""` | | `identity.extraConfiguration` | if specified, contents will be used for any extra configuration files such as the log4j2.xml | `{}` | | `identity.dnsPolicy` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy | `""` | @@ -645,8 +645,8 @@ Please see the corresponding [release guide](../../docs/release.md) to find out | `identityPostgresql.nameOverride` | the name used for Identity PostgreSQL. | `identity-postgresql` | | `identityPostgresql.auth.username` | Non-root username | `identity` | | `identityPostgresql.auth.database` | The database name | `identity` | -| `identityPostgresql.auth.password` | Password for the non-root username | `nil` | -| `identityPostgresql.auth.existingSecret` | Name of an existing secret resource containing the database credentials | `nil` | +| `identityPostgresql.auth.password` | Password for the non-root username | `""` | +| `identityPostgresql.auth.existingSecret` | Name of an existing secret resource containing the database credentials | `""` | | `identityPostgresql.auth.secretKeys.adminPasswordKey` | defines the key within the existing secret object for PostgreSQL admin. | `postgres-password` | | `identityPostgresql.auth.secretKeys.userPasswordKey` | defines the key within the existing secret object for PostgreSQL user. | `password` | @@ -819,7 +819,7 @@ Please see the corresponding [release guide](../../docs/release.md) to find out | `webModeler.restapi.externalDatabase.url` | defines the JDBC url of the database instance | `""` | | `webModeler.restapi.externalDatabase.user` | defines the database user | `""` | | `webModeler.restapi.externalDatabase.password` | can be used to provide the database user's password; ignored if `webModeler.restapi.externalDatabase.existingSecret` is set | `""` | -| `webModeler.restapi.externalDatabase.existingSecret` | can be used to provide the name of an existing secret resource containing the database password | `nil` | +| `webModeler.restapi.externalDatabase.existingSecret` | can be used to provide the name of an existing secret resource containing the database password | `""` | | `webModeler.restapi.externalDatabase.existingSecretPasswordKey` | can be used to provide the name of an existing secret key containing the database password | `database-password` | | `webModeler.restapi.mail` | configuration for emails sent by WebModeler | | | `webModeler.restapi.mail.smtpHost` | defines the host name of the SMTP server to be used by WebModeler | `""` | @@ -827,7 +827,7 @@ Please see the corresponding [release guide](../../docs/release.md) to find out | `webModeler.restapi.mail.smtpUser` | can be used to provide a user for the SMTP server | `""` | | `webModeler.restapi.mail.smtpPassword` | can be used to provide a password for the SMTP server; ignored if `webModeler.restapi.mail.existingSecret` is set | `""` | | `webModeler.restapi.mail.smtpTlsEnabled` | if true, enforces TLS encryption for SMTP connections (using STARTTLS) | `true` | -| `webModeler.restapi.mail.existingSecret` | can be used to provide the name of an existing secret resource containing the SMTP password | `nil` | +| `webModeler.restapi.mail.existingSecret` | can be used to provide the name of an existing secret resource containing the SMTP password | `""` | | `webModeler.restapi.mail.existingSecretPasswordKey` | can be used to provide the name of an existing secret key containing the SMTP password | `smtp-password` | | `webModeler.restapi.mail.fromAddress` | defines the email address that will be displayed as the sender of emails sent by WebModeler | `""` | | `webModeler.restapi.mail.fromName` | defines the name that will be displayed as the sender of emails sent by WebModeler | `Camunda 8` | @@ -1249,7 +1249,7 @@ Please see the corresponding [release guide](../../docs/release.md) to find out | `core.podLabels` | can be used to define extra broker pod labels | `{}` | | `core.podDisruptionBudget` | configuration to configure a pod disruption budget for the broker pods https://kubernetes.io/docs/tasks/run-application/configure-pdb/ | | | `core.podDisruptionBudget.enabled` | if true a pod disruption budget is defined for the brokers | `false` | -| `core.podDisruptionBudget.minAvailable` | can be used to set how many pods should be available. Be aware that if minAvailable is set, maxUnavailable will not be set (they are mutually exclusive). | `nil` | +| `core.podDisruptionBudget.minAvailable` | can be used to set how many pods should be available. Be aware that if minAvailable is set, maxUnavailable will not be set (they are mutually exclusive). | `0` | | `core.podDisruptionBudget.maxUnavailable` | can be used to set how many pods should be at max. unavailable | `1` | | `core.podSecurityContext` | defines the security options the pod should be run with | | | `core.podSecurityContext.runAsNonRoot` | run as non root | `true` | @@ -1296,7 +1296,7 @@ Please see the corresponding [release guide](../../docs/release.md) to find out | `core.tolerations` | can be used to define pod toleration's https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | `[]` | | `global.core.Affinity` | can be used to define pod affinity or anti-affinity https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | | | `core.priorityClassName` | can be used to define the broker pods priority https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass | `""` | -| `core.index.prefix` | if specified, defines web apps index prefix in Elasticsearch/OpenSearch. Note, for Zeebe index prefix, use "global.elasticsearch.prefix". | `nil` | +| `core.index.prefix` | if specified, defines web apps index prefix in Elasticsearch/OpenSearch. Note, for Zeebe index prefix, use "global.elasticsearch.prefix". | `""` | | `core.retention.enabled` | if true, the ILM Policy is created and applied to the index templates. | `false` | | `core.retention.minimumAge` | defines how old the data must be, before the data is deleted as a duration. | `30d` | | `core.retention.policyName` | defines the name of the created and applied ILM policy. | `core-record-retention-policy` | diff --git a/charts/camunda-platform-alpha/templates/web-modeler/_helpers.tpl b/charts/camunda-platform-alpha/templates/web-modeler/_helpers.tpl index 534cf6e315..094dfe0e16 100644 --- a/charts/camunda-platform-alpha/templates/web-modeler/_helpers.tpl +++ b/charts/camunda-platform-alpha/templates/web-modeler/_helpers.tpl @@ -235,7 +235,7 @@ Define match labels for Web Modeler websockets to be used in matchLabels selecto [web-modeler] Get the name of the secret resource that contains the SMTP password. */}} {{- define "webModeler.restapi.smtpSecretName" -}} - {{- if or (typeIs "string" .Values.webModeler.restapi.mail.existingSecret) .Values.webModeler.restapi.mail.smtpPassword }} + {{- if or (and (typeIs "string" .Values.webModeler.restapi.mail.existingSecret) (ne .Values.webModeler.restapi.mail.existingSecret "")) .Values.webModeler.restapi.mail.smtpPassword }} {{- (include "webModeler.restapi.fullname" .) }} {{- else if and (typeIs "map[string]interface {}" .Values.webModeler.restapi.mail.existingSecret) .Values.webModeler.restapi.mail.existingSecret.name }} {{- .Values.webModeler.restapi.mail.existingSecret.name }} diff --git a/charts/camunda-platform-alpha/values.schema.json b/charts/camunda-platform-alpha/values.schema.json new file mode 100644 index 0000000000..abc13aeb0e --- /dev/null +++ b/charts/camunda-platform-alpha/values.schema.json @@ -0,0 +1,5384 @@ +{ + "title": "Chart Values", + "type": "object", + "properties": { + "global": { + "type": "object", + "properties": { + "secrets": { + "type": "object", + "properties": { + "autoGenerated": { + "type": "boolean", + "description": "if true, a secret object will be generated with auto-generated passwords. This secret object is NOT managed with corresponding releases and NOR part of Helm deployment/upgrade! It's generated once, and if it's deleted, you will lose the secrets.", + "default": false + }, + "name": { + "type": "string", + "description": "defines the name of the secret object that has the auto-generated passwords.", + "default": "camunda-credentials" + } + } + }, + "license": { + "type": "object", + "properties": { + "key": { + "type": "string", + "description": "if set, it will be exposed as \"CAMUNDA_LICENSE_KEY\" in the apps.", + "default": "" + }, + "existingSecret": { + "type": "string", + "description": "you can provide an existing secret name for Camunda license secret.", + "default": "" + }, + "existingSecretKey": { + "type": "string", + "description": "you can provide the key within the existing secret object for Camunda license key.", + "default": "" + } + } + }, + "compatibility": { + "type": "object", + "properties": { + "openshift": { + "type": "object", + "properties": { + "adaptSecurityContext": { + "type": "string", + "description": "Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: force (perform the adaptation always), disabled (do not perform adaptation)", + "default": "disabled" + } + } + } + } + }, + "multitenancy": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, then enable multitenancy in all applicable components.", + "default": false + } + } + }, + "authorizations": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, then enable authorizations checks in all applicable components.", + "default": false + } + } + }, + "createReleaseInfo": { + "type": "boolean", + "description": "Create config that will be used in Camunda Console.", + "default": true + }, + "annotations": { + "type": "object", + "description": "Annotations can be used to define common annotations, which should be applied to all deployments", + "default": {} + }, + "labels": { + "type": "object", + "properties": { + "app": { + "type": "string", + "description": "Name of the application", + "default": "camunda-platform" + } + } + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string", + "description": "Can be used to set container image registry.", + "default": "" + }, + "tag": { + "type": "string", + "description": "defines the tag / version which should be used in the most of the apps.", + "default": "" + }, + "pullPolicy": { + "type": "string", + "description": "defines the image pull policy which should be used https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy", + "default": "Always" + }, + "pullSecrets": { + "type": "array", + "description": "can be used to configure image pull secrets https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod", + "default": [], + "items": {} + } + } + }, + "ingress": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, an ingress resource is deployed. Only useful if an ingress controller is available, like Ingress-NGINX.", + "default": false + }, + "className": { + "type": "string", + "description": "Ingress.className defines the class or configuration of ingress which should be used by the controller", + "default": "nginx" + }, + "host": { + "type": "string", + "description": "If not specified the rules applies to all inbound http traffic, if specified the rule applies to that host.", + "default": "" + }, + "pathType": { + "type": "string", + "description": "can be used to define the Ingress path type. https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types", + "default": "Prefix" + }, + "tls": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, then tls is configured on the ingress resource. If enabled the Ingress.host need to be defined.", + "default": false + }, + "secretName": { + "type": "string", + "description": "defines the secret name which contains the TLS private key and certificate", + "default": "camunda-platform" + } + } + } + } + }, + "elasticsearch": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, enables elasticsearch for all components", + "default": true + }, + "external": { + "type": "boolean", + "description": "if true, tries to connect to an external elasticsearch", + "default": false + }, + "tls": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "enable tls for external elasticsearch", + "default": false + }, + "existingSecret": { + "type": "string", + "description": "provide an already existing tls secret for connecting to external elasticsearch", + "default": "" + } + } + }, + "auth": { + "type": "object", + "properties": { + "username": { + "type": "string", + "description": "the username for external elasticsearch", + "default": "" + }, + "password": { + "type": "string", + "description": "the password for external elasticsearch", + "default": "" + }, + "existingSecret": { + "type": "string", + "description": "you can provide an existing secret for the external elasticsearch password", + "default": "" + }, + "existingSecretKey": { + "type": "string", + "description": "you can provide an existing secret key for the external elasticsearch password", + "default": "password" + } + } + }, + "disableExporter": { + "type": "boolean", + "description": "DEPRECATED: this value is not needed anymore. Use global.elasticsearch.enabled", + "default": false + }, + "url": { + "type": "object", + "properties": { + "protocol": { + "type": "string", + "description": "defines the elasticsearch access protocol.", + "default": "http" + }, + "host": { + "type": "string", + "description": "Elasticsearch.host defines the elasticsearch host, ideally the service name inside the namespace", + "default": "{{ .Release.Name }}-elasticsearch" + }, + "port": { + "type": "number", + "description": "Elasticsearch.port defines the elasticsearch port, under which elasticsearch can be accessed", + "default": 9200 + } + } + }, + "clusterName": { + "type": "string", + "description": "Elasticsearch.clusterName defines the cluster name which is used by Elasticsearch", + "default": "elasticsearch" + }, + "prefix": { + "type": "string", + "description": "Elasticsearch.prefix defines the prefix which is used by the Zeebe Elasticsearch Exporter to create Elasticsearch indexes", + "default": "zeebe-record" + } + } + }, + "opensearch": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "enabled external opensearch", + "default": false + }, + "aws": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enabling AWS IRSA", + "default": false + } + } + }, + "tls": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "enable tls for external opensearch", + "default": false + }, + "existingSecret": { + "type": "string", + "description": "provide an already existing tls secret for connecting to external opensearch", + "default": "" + } + } + }, + "auth": { + "type": "object", + "properties": { + "username": { + "type": "string", + "description": "the username for external opensearch", + "default": "" + }, + "password": { + "type": "string", + "description": "the password for external opensearch", + "default": "" + }, + "existingSecret": { + "type": "string", + "description": "you can provide an existing secret for the external opensearch password", + "default": "" + }, + "existingSecretKey": { + "type": "string", + "description": "you can provide an existing secret key for the external opensearch password", + "default": "password" + } + } + }, + "url": { + "type": "object", + "properties": { + "protocol": { + "type": "string", + "description": "defines the external opensearch access protocol", + "default": "https" + }, + "host": { + "type": "string", + "description": "defines the external opensearch host, ideally the service name inside the namespace", + "default": "" + }, + "port": { + "type": "number", + "description": "defines the external opensearch port, under which opensearch can be accessed", + "default": 443 + } + } + } + } + }, + "zeebeClusterName": { + "type": "string", + "description": "ZeebeClusterName defines the cluster name for the Zeebe cluster. All Zeebe pods get this prefix in their name and the brokers uses that as cluster name.", + "default": "{{ .Release.Name }}-zeebe" + }, + "identity": { + "type": "object", + "properties": { + "service": { + "type": "object", + "properties": { + "url": { + "type": "string", + "description": "", + "default": "" + } + } + }, + "keycloak": { + "type": "object", + "properties": { + "internal": { + "type": "boolean", + "description": "It's useful for using existing Keycloak in another namespace with and access it with the combined Ingress.", + "default": false + }, + "url": { + "type": "object", + "description": "can be used incorporate with \"identityKeycloak.enabled: false\" to use your own Keycloak instead of the one comes with Camunda Helm chart.", + "default": {} + }, + "contextPath": { + "type": "string", + "description": "In Keycloak v16.x.x it's hard-coded as '/auth', but in v19.x.x it's '/'.", + "default": "/auth" + }, + "realm": { + "type": "string", + "description": "defines Keycloak realm path used for Camunda.", + "default": "/realms/camunda-platform" + }, + "auth": { + "type": "object", + "description": "same as \"identityKeycloak.auth\" but it's used for existing Keycloak.", + "default": {} + } + } + }, + "auth": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, enables the identity authentication otherwise basic-auth will be used on all services.", + "default": true + }, + "issuer": { + "type": "string", + "description": "defines the issuer name, which is used by the services to validate the JWT tokens.", + "default": "" + }, + "issuerBackendUrl": { + "type": "string", + "description": "defines the issuer backend URL, which is used by the services to validate the JWT tokens in a container to container context.", + "default": "" + }, + "tokenUrl": { + "type": "string", + "description": "defines the token URL, which is used by the services to request JWT tokens.", + "default": "" + }, + "jwksUrl": { + "type": "string", + "description": "defines the JWKS URL, which is used by the services to validate the JWT tokens.", + "default": "" + }, + "type": { + "type": "string", + "description": "defines the type of authentication which should be used. Defaults to Keycloak", + "default": "KEYCLOAK" + }, + "publicIssuerUrl": { + "type": "string", + "description": "Can be overwritten if ingress is in use and an external IP is available.", + "default": "http://localhost:18080/auth/realms/camunda-platform" + }, + "admin": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, creates the admin client which is used in administration operations if needed.", + "default": false + }, + "clientId": { + "type": "string", + "description": "defines the client id.", + "default": "admin" + }, + "existingSecret": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "can be used to use an own existing secret. If not set a random secret is generated.", + "default": "camunda-credentials" + } + } + }, + "existingSecretKey": { + "type": "string", + "description": "defines the key within the existing secret object.", + "default": "identity-admin-client-token" + } + } + }, + "identity": { + "type": "object", + "properties": { + "clientId": { + "type": "string", + "description": "defines the client id, which is used by Identity in authentication flows.", + "default": "camunda-identity" + }, + "audience": { + "type": "string", + "description": "defines the audience, which is used by Identity.", + "default": "camunda-identity-resource-server" + }, + "existingSecret": { + "type": "string", + "description": "can be used to reference an existing secret. This should ONLY be used for an external OIDC provider. If not set, a random secret is generated.", + "default": "" + }, + "existingSecretKey": { + "type": "string", + "description": "defines the key within the existing secret object.", + "default": "identity-oidc-client-token" + }, + "redirectUrl": { + "type": "string", + "description": "defines the redirect URL, which is used by the auth platform to access Identity.", + "default": "http://localhost:8085" + }, + "initialClaimName": { + "type": "string", + "description": "defines the initial claim name, which is used by Identity to configure initial mapping rules,", + "default": "oid" + }, + "initialClaimValue": { + "type": "string", + "description": "defines the initial claim value, which is used by Identity to configure initial mapping rules.", + "default": "" + } + } + }, + "console": { + "type": "object", + "properties": { + "clientId": { + "type": "string", + "description": "defines the client id, which is used by Console in authentication flows.", + "default": "console" + }, + "audience": { + "type": "string", + "description": "defines the audience which is used by Console's client API.", + "default": "console-api" + }, + "wellKnown": { + "type": "string", + "description": "defines the uri for the well known config which is used by Console (optional).", + "default": "https://well-known-uri" + }, + "existingSecret": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "can be used to use an own existing secret. If not set a random secret is generated.", + "default": "camunda-credentials" + } + } + }, + "existingSecretKey": { + "type": "string", + "description": "defines the key within the existing secret object.", + "default": "identity-console-client-token" + }, + "redirectUrl": { + "type": "string", + "description": "defines the root URL which is used by Keycloak to access WebModeler.", + "default": "http://localhost:8080" + } + } + }, + "webModeler": { + "type": "object", + "properties": { + "clientId": { + "type": "string", + "description": "defines the client id, which is used by WebModeler in authentication flows.", + "default": "web-modeler" + }, + "clientApiAudience": { + "type": "string", + "description": "defines the audience which is used by WebModeler's client API.", + "default": "web-modeler-api" + }, + "publicApiAudience": { + "type": "string", + "description": "defines the audience which is used by WebModeler's public API.", + "default": "web-modeler-public-api" + }, + "redirectUrl": { + "type": "string", + "description": "defines the root URL which is used by Keycloak to access WebModeler.", + "default": "http://localhost:8084" + } + } + }, + "connectors": { + "type": "object", + "properties": { + "clientId": { + "type": "string", + "description": "defines the client id, which is used by Connectors in authentication flows.", + "default": "connectors" + }, + "existingSecret": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "can be used to use an own existing secret. If not set a random secret is generated.", + "default": "camunda-credentials" + } + } + }, + "existingSecretKey": { + "type": "string", + "description": "defines the key within the existing secret object.", + "default": "identity-connectors-client-token" + } + } + }, + "core": { + "type": "object", + "properties": { + "audience": { + "type": "string", + "description": "defines the audience, which is used by Core.", + "default": "core-api" + }, + "clientId": { + "type": "string", + "description": "defines the client id, which is used by Core in authentication flows.", + "default": "core" + }, + "existingSecret": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "can be used to use an own existing secret. If not set a random secret is generated.", + "default": "camunda-credentials" + } + } + }, + "existingSecretKey": { + "type": "string", + "description": "defines the key within the existing secret object.", + "default": "identity-core-client-token" + }, + "redirectUrl": { + "type": "string", + "description": "defines the root (or redirect) URL, which is used by Keycloak to access Tasklist.", + "default": "http://localhost:8082" + }, + "tokenScope": { + "type": "string", + "description": "defines the token scope, which is used by Core.", + "default": "" + } + } + }, + "optimize": { + "type": "object", + "properties": { + "audience": { + "type": "string", + "description": "defines the audience, which is used by Optimize.", + "default": "optimize-api" + }, + "clientId": { + "type": "string", + "description": "defines the client id, which is used by Optimize in authentication flows.", + "default": "optimize" + }, + "existingSecret": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "can be used to use an own existing secret. If not set a random secret is generated.", + "default": "camunda-credentials" + } + } + }, + "existingSecretKey": { + "type": "string", + "description": "defines the key within the existing secret object.", + "default": "identity-optimize-client-token" + }, + "redirectUrl": { + "type": "string", + "description": "defines the root (or redirect) URL, which is used by Keycloak to access Optimize.", + "default": "http://localhost:8083" + } + } + } + } + } + } + } + } + }, + "identity": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the identity deployment and its related resources are deployed via a helm release", + "default": true + }, + "fullnameOverride": { + "type": "string", + "description": "can be used to override the full name of the Identity resources", + "default": "" + }, + "nameOverride": { + "type": "string", + "description": "can be used to partly override the name of the Identity resources (names will still be prefixed with the release name)", + "default": "" + }, + "firstUser": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, Identity will seed the first user in Keycloak.", + "default": true + }, + "username": { + "type": "string", + "description": "defines the username of the first user, needed to log in into the web applications", + "default": "demo" + }, + "password": { + "type": "string", + "description": "defines the password of the first user, needed to log in into the web applications", + "default": "demo" + }, + "email": { + "type": "string", + "description": "defines the email address of the first user; a valid email address is required to use WebModeler", + "default": "demo@example.org" + }, + "firstName": { + "type": "string", + "description": "defines the first name of the first user; a name is required to use WebModeler", + "default": "Demo" + }, + "lastName": { + "type": "string", + "description": "defines the last name of the first user; a name is required to use WebModeler", + "default": "User" + }, + "existingSecret": { + "type": "string", + "description": "can be used to use an own existing secret for Identity first user.", + "default": "camunda-credentials" + }, + "existingSecretKey": { + "type": "string", + "description": "defines the key within the existing secret object.", + "default": "identity-firstuser-password" + } + } + }, + "users": { + "type": "array", + "description": "configuration to configure properties of the Identity users, which can be used to access web applications.", + "default": [], + "items": {} + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string", + "description": "can be used to set container image registry.", + "default": "" + }, + "repository": { + "type": "string", + "description": "defines which image repository to use", + "default": "camunda/identity" + }, + "tag": { + "type": "string", + "description": "can be set to overwrite the global tag, which should be used in that chart", + "default": "8.7.0-alpha2" + }, + "pullSecrets": { + "type": "array", + "description": "can be used to configure image pull secrets https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod", + "default": [], + "items": {} + } + } + }, + "sidecars": { + "type": "array", + "description": "can be used to attach extra containers to the identity deployment", + "default": [], + "items": {} + }, + "initContainers": { + "type": "array", + "description": "can be used to set up extra init containers for the application Pod", + "default": [], + "items": {} + }, + "fullURL": { + "type": "string", + "description": "can be used when Ingress is configured (for both multi and single domain setup).", + "default": "" + }, + "contextPath": { + "type": "string", + "description": "can be used to make Identity web application works on a custom sub-path. This is mainly used to run Camunda web applications under a single domain.", + "default": "" + }, + "podAnnotations": { + "type": "object", + "description": "can be used to define extra Identity pod annotations", + "default": {} + }, + "podLabels": { + "type": "object", + "description": "can be used to define extra Identity pod labels", + "default": {} + }, + "logging": { + "type": "object", + "properties": { + "level": { + "type": "object", + "properties": { + "ROOT": { + "type": "string", + "description": "", + "default": "DEBUG" + } + } + } + } + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "description": "can be used to define annotations, which will be applied to the identity service", + "default": {} + }, + "type": { + "type": "string", + "description": "defines the type of the service https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", + "default": "ClusterIP" + }, + "port": { + "type": "number", + "description": "defines the port of the service on which the identity application will be available", + "default": 80 + }, + "metricsPort": { + "type": "number", + "description": "defines the port of the service on which the identity metrics will be available", + "default": 82 + }, + "metricsName": { + "type": "string", + "description": "defines the name of the service on which the identity metrics will be available", + "default": "metrics" + } + } + }, + "podSecurityContext": { + "type": "object", + "properties": { + "runAsNonRoot": { + "type": "boolean", + "description": "", + "default": true + }, + "fsGroup": { + "type": "number", + "description": "", + "default": 1001 + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "", + "default": "RuntimeDefault" + } + } + } + } + }, + "containerSecurityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean", + "description": "", + "default": false + }, + "privileged": { + "type": "boolean", + "description": "", + "default": false + }, + "readOnlyRootFilesystem": { + "type": "boolean", + "description": "", + "default": true + }, + "runAsNonRoot": { + "type": "boolean", + "description": "", + "default": true + }, + "runAsUser": { + "type": "number", + "description": "", + "default": 1001 + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "", + "default": "RuntimeDefault" + } + } + } + } + }, + "startupProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the startup probe is enabled in app container", + "default": false + }, + "scheme": { + "type": "string", + "description": "defines the startup probe schema used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the startup probe route used on the app", + "default": "/actuator/health" + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before the probe is initiated.", + "default": 30 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often it needs to be true to be marked as ready, after failure", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered as failed so the Pod will be marked Unready", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the seconds after the probe times out", + "default": 1 + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the readiness probe is enabled in app container", + "default": true + }, + "scheme": { + "type": "string", + "description": "defines the startup probe schema used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the readiness probe route used on the app", + "default": "/actuator/health" + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before the probe is initiated.", + "default": 30 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often it needs to be true to be marked as ready, after failure", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered as failed so the Pod will be marked Unready", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the seconds after the probe times out", + "default": 1 + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the liveness probe is enabled in app container", + "default": false + }, + "scheme": { + "type": "string", + "description": "defines the startup probe schema used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the liveness probe route used on the app", + "default": "/actuator/health" + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before", + "default": 30 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often it needs to be true to be considered successful after having failed", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered as failed so the container will be restarted", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the seconds after the probe times out", + "default": 1 + } + } + }, + "metrics": { + "type": "object", + "properties": { + "prometheus": { + "type": "string", + "description": "Prometheus metrics endpoint", + "default": "/actuator/prometheus" + } + } + }, + "nodeSelector": { + "type": "object", + "description": "can be used to define on which nodes the Identity pods should run", + "default": {} + }, + "tolerations": { + "type": "array", + "description": "can be used to define pod toleration's https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", + "default": [], + "items": {} + }, + "affinity": { + "type": "object", + "description": "can be used to define pod affinity or anti-affinity https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", + "default": {} + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "description": "", + "default": "400Mi" + }, + "cpu": { + "type": "string", + "description": "", + "default": "600m" + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "description": "", + "default": "2000m" + }, + "memory": { + "type": "string", + "description": "", + "default": "2Gi" + } + } + } + } + }, + "env": { + "type": "array", + "description": "can be used to set extra environment variables in each identity container. See the documentation https://docs.camunda.io/docs/self-managed/identity/deployment/configuration-variables/ for more details.", + "default": [], + "items": {} + }, + "envFrom": { + "type": "array", + "description": "list of environment variables to import from configMapRef and secretRef", + "default": [], + "items": {} + }, + "command": { + "type": "array", + "description": "can be used to override the default command provided by the container image. See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", + "default": [], + "items": {} + }, + "extraVolumes": { + "type": "array", + "description": "can be used to define extra volumes for the identity pods, useful for tls and self-signed certificates", + "default": [], + "items": {} + }, + "extraVolumeMounts": { + "type": "array", + "description": "can be used to mount extra volumes for the identity pods, useful for tls and self-signed certificates", + "default": [], + "items": {} + }, + "serviceAccount": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, enables the identity service account", + "default": true + }, + "name": { + "type": "string", + "description": "can be used to set the name of the identity service account", + "default": "" + }, + "annotations": { + "type": "object", + "description": "can be used to set the annotations of the identity service account", + "default": {} + }, + "automountServiceAccountToken": { + "type": "boolean", + "description": "can be used to control whether the service account token should be automatically mounted", + "default": true + } + } + }, + "externalDatabase": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "", + "default": false + }, + "host": { + "type": "string", + "description": "Database host", + "default": "" + }, + "port": { + "type": "number", + "description": "Database port number", + "default": 5432 + }, + "username": { + "type": "string", + "description": "Non-root username", + "default": "" + }, + "password": { + "type": "string", + "description": "Password for the non-root username", + "default": "" + }, + "database": { + "type": "string", + "description": "The database name", + "default": "" + }, + "existingSecret": { + "type": "string", + "description": "Name of an existing secret resource containing the database credentials", + "default": "" + }, + "existingSecretPasswordKey": { + "type": "string", + "description": "Name of an existing secret key containing the database credentials", + "default": "" + } + } + }, + "configuration": { + "type": "string", + "description": "if specified, contents will be used as the application.yaml", + "default": "" + }, + "extraConfiguration": { + "type": "object", + "description": "if specified, contents will be used for any extra configuration files such as the log4j2.xml", + "default": {} + }, + "dnsPolicy": { + "type": "string", + "description": "https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy", + "default": "" + }, + "dnsConfig": { + "type": "object", + "description": "https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config", + "default": {} + } + } + }, + "identityPostgresql": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable Identity PostgreSQL Helm chart. Required for Multi-Tenancy.", + "default": false + }, + "global": { + "type": "object", + "properties": { + "compatibility": { + "type": "object", + "properties": { + "openshift": { + "type": "object", + "properties": { + "adaptSecurityContext": { + "type": "string", + "description": "Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: force (perform the adaptation always), disabled (do not perform adaptation)", + "default": "{{ .Values.global.compatibility.openshift.adaptSecurityContext | default \"disabled\" }}" + } + } + } + } + } + } + }, + "image": { + "type": "object", + "properties": { + "repository": { + "type": "string", + "description": "PostgreSQL repo", + "default": "bitnami/postgresql" + }, + "tag": { + "type": "string", + "description": "PostgreSQL image tag", + "default": "15.10.0-debian-12-r2" + } + } + }, + "nameOverride": { + "type": "string", + "description": "the name used for Identity PostgreSQL.", + "default": "identity-postgresql" + }, + "auth": { + "type": "object", + "properties": { + "username": { + "type": "string", + "description": "Non-root username", + "default": "identity" + }, + "database": { + "type": "string", + "description": "The database name", + "default": "identity" + }, + "password": { + "type": "string", + "description": "Password for the non-root username", + "default": "" + }, + "existingSecret": { + "type": "string", + "description": "Name of an existing secret resource containing the database credentials", + "default": "" + }, + "secretKeys": { + "type": "object", + "properties": { + "adminPasswordKey": { + "type": "string", + "description": "defines the key within the existing secret object for PostgreSQL admin.", + "default": "postgres-password" + }, + "userPasswordKey": { + "type": "string", + "description": "defines the key within the existing secret object for PostgreSQL user.", + "default": "password" + } + } + } + } + } + } + }, + "identityKeycloak": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable Identity Keycloak Helm chart. It is used incorporate with \"global.identity.keycloak\" to use your own Keycloak instead of the one comes with Camunda Helm chart", + "default": true + }, + "global": { + "type": "object", + "properties": { + "compatibility": { + "type": "object", + "properties": { + "openshift": { + "type": "object", + "properties": { + "adaptSecurityContext": { + "type": "string", + "description": "Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: force (perform the adaptation always), disabled (do not perform adaptation)", + "default": "{{ .Values.global.compatibility.openshift.adaptSecurityContext | default \"disabled\" }}" + } + } + } + } + } + } + }, + "nameOverride": { + "type": "string", + "description": "the name used for Keycloak.", + "default": "keycloak" + }, + "image": { + "type": "object", + "properties": { + "repository": { + "type": "string", + "description": "image repo", + "default": "camunda/keycloak" + }, + "tag": { + "type": "string", + "description": "image tag", + "default": "25.0.4" + } + } + }, + "postgresql": { + "type": "object", + "properties": { + "image": { + "type": "object", + "properties": { + "repository": { + "type": "string", + "description": "image repo", + "default": "bitnami/postgresql" + }, + "tag": { + "type": "string", + "description": "image tag", + "default": "15.10.0-debian-12-r2" + } + } + }, + "auth": { + "type": "object", + "properties": { + "existingSecret": { + "type": "string", + "description": "defines the existing secret resource containing the database credentials", + "default": "camunda-credentials" + }, + "secretKeys": { + "type": "object", + "properties": { + "adminPasswordKey": { + "type": "string", + "description": "defines the key within the existing secret object for PostgreSQL admin.", + "default": "identity-keycloak-postgresql-admin-password" + }, + "userPasswordKey": { + "type": "string", + "description": "defines the key within the existing secret object for PostgreSQL user.", + "default": "identity-keycloak-postgresql-user-password" + } + } + } + } + }, + "primary": { + "type": "object", + "properties": { + "containerSecurityContext": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "", + "default": true + }, + "privileged": { + "type": "boolean", + "description": "", + "default": false + }, + "readOnlyRootFilesystem": { + "type": "boolean", + "description": "", + "default": true + }, + "allowPrivilegeEscalation": { + "type": "boolean", + "description": "", + "default": false + }, + "runAsNonRoot": { + "type": "boolean", + "description": "", + "default": true + }, + "runAsUser": { + "type": "number", + "description": "", + "default": 1001 + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "description": "", + "default": [ + "ALL" + ], + "items": { + "type": "string" + } + } + } + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "", + "default": "RuntimeDefault" + } + } + } + } + }, + "podSecurityContext": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "", + "default": true + }, + "runAsNonRoot": { + "type": "boolean", + "description": "", + "default": true + }, + "fsGroup": { + "type": "number", + "description": "", + "default": 1001 + } + } + } + } + } + } + }, + "proxy": { + "type": "string", + "description": "keycloak proxy", + "default": "edge" + }, + "tls": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "enabling tls", + "default": false + } + } + }, + "extraVolumeMounts": { + "type": "array", + "description": "", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "" + }, + "mountPath": { + "type": "string", + "description": "" + } + } + } + }, + "containerSecurityContext": { + "type": "object", + "properties": { + "privileged": { + "type": "boolean", + "description": "", + "default": false + }, + "readOnlyRootFilesystem": { + "type": "boolean", + "description": "", + "default": true + }, + "allowPrivilegeEscalation": { + "type": "boolean", + "description": "", + "default": false + }, + "runAsNonRoot": { + "type": "boolean", + "description": "", + "default": true + }, + "runAsUser": { + "type": "number", + "description": "", + "default": 1001 + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "description": "", + "default": [ + "ALL" + ], + "items": { + "type": "string" + } + } + } + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "", + "default": "RuntimeDefault" + } + } + } + } + }, + "podSecurityContext": { + "type": "object", + "properties": { + "runAsNonRoot": { + "type": "boolean", + "description": "", + "default": true + }, + "fsGroup": { + "type": "number", + "description": "", + "default": 1001 + } + } + }, + "httpRelativePath": { + "type": "string", + "description": "defines the context for Keycloak. This config is valid for Keycloak v19.x.x only", + "default": "/auth/" + }, + "extraEnvVars": { + "type": "array", + "description": "", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "" + }, + "value": { + "type": "string", + "description": "" + } + } + } + }, + "ingress": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "can be used enable ingress record generation for Keycloak.", + "default": false + }, + "tls": { + "type": "boolean", + "description": "can be used to enable TLS configuration for the host defined at ingress.hostname parameter.", + "default": false + }, + "extraTls": { + "type": "array", + "description": "configuration for additional hostnames to be covered with this ingress record.", + "default": [], + "items": {} + }, + "pathType": { + "type": "string", + "description": "defines Ingress path type.", + "default": "Prefix" + } + } + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "can be set to change the service type.", + "default": "ClusterIP" + } + } + }, + "auth": { + "type": "object", + "properties": { + "adminUser": { + "type": "string", + "description": "defines the keycloak administrator user", + "default": "admin" + }, + "existingSecret": { + "type": "string", + "description": "can be used to reuse an existing secret containing authentication information.", + "default": "camunda-credentials" + }, + "passwordSecretKey": { + "type": "string", + "description": "defines the key within the existing secret object.", + "default": "identity-keycloak-admin-password" + } + } + } + } + }, + "console": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the Console deployment and its related resources are deployed via a helm release", + "default": false + }, + "configuration": { + "type": "string", + "description": "Configuration passed directly to Console as YAML file. More details on [Console official documenations](https://docs.camunda.io/docs/self-managed/console-deployment/configuration/)", + "default": "" + }, + "overrideConfiguration": { + "type": "string", + "description": "When populated, it will override the configuration passed to Console, either auto-generated configuration or passed via `console.configuration`", + "default": "" + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string", + "description": "can be used to set container image registry.", + "default": "" + }, + "repository": { + "type": "string", + "description": "defines which image repository to use", + "default": "camunda/console" + }, + "tag": { + "type": "string", + "description": "can be used to set the Docker image tag for the Console image (overwrites global.image.tag)", + "default": "8.7.0-alpha2" + }, + "pullSecrets": { + "type": "array", + "description": "can be used to configure image pull secrets https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod", + "default": [], + "items": {} + } + } + }, + "sidecars": { + "type": "array", + "description": "can be used to attach extra containers to the console deployment", + "default": [], + "items": {} + }, + "replicas": { + "type": "number", + "description": "Number of Console replicas", + "default": 1 + }, + "tls": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable TLS traffic for console", + "default": false + }, + "existingSecret": { + "type": "string", + "description": "The name of the existing secret that contains the TLS certificates. Each key of the secret corresponds to a certificate filename, and each value of a key corresponds to the content of the certificate file.", + "default": "" + }, + "certKeyFilename": { + "type": "string", + "description": "Certificate Key filename", + "default": "" + } + } + }, + "keycloak": { + "type": "object", + "properties": { + "realm": { + "type": "string", + "description": "Specifies the Keycloak realm used for authentication.", + "default": "camunda-platform" + } + } + }, + "contextPath": { + "type": "string", + "description": "can be used to make Console web application works on a custom sub-path. This is mainly used to run Camunda web applications under a single domain.", + "default": "" + }, + "initContainers": { + "type": "array", + "description": "can be used to set up extra init containers for the application Pod", + "default": [], + "items": {} + }, + "podAnnotations": { + "type": "object", + "description": "can be used to define extra Console pod annotations", + "default": {} + }, + "podLabels": { + "type": "object", + "description": "can be used to define extra Console pod labels", + "default": {} + }, + "logging": { + "type": "object", + "description": "configuration for the Console logging. This template will be directly included in the configuration YAML file", + "default": {} + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "description": "can be used to define annotations, which will be applied to the Console service", + "default": {} + }, + "type": { + "type": "string", + "description": "defines the type of the service https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", + "default": "ClusterIP" + }, + "port": { + "type": "number", + "description": "defines the port number where the web application will be available", + "default": 80 + }, + "serverName": { + "type": "string", + "description": "defines the port name where the web application will be available", + "default": "http" + }, + "managementPort": { + "type": "number", + "description": "defines the management port used to access metrics and app status", + "default": 9100 + } + } + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "description": "", + "default": "1Gi" + }, + "cpu": { + "type": "number", + "description": "", + "default": 1 + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "number", + "description": "", + "default": 2 + }, + "memory": { + "type": "string", + "description": "", + "default": "2Gi" + } + } + } + } + }, + "env": { + "type": "array", + "description": "can be used to set extra environment variables in each app container", + "default": [], + "items": {} + }, + "envFrom": { + "type": "array", + "description": "list of environment variables to import from configMapRef and secretRef", + "default": [], + "items": {} + }, + "command": { + "type": "array", + "description": "can be used to override the default command provided by the container image. See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", + "default": [], + "items": {} + }, + "extraVolumes": { + "type": "array", + "description": "can be used to define extra volumes for the Console pods, useful for TLS and self-signed certificates", + "default": [], + "items": {} + }, + "extraVolumeMounts": { + "type": "array", + "description": "can be used to mount extra volumes for the Console pods, useful for TLS and self-signed certificates", + "default": [], + "items": {} + }, + "startupProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the startup probe is enabled in app container", + "default": false + }, + "scheme": { + "type": "string", + "description": "defines the startup probe scheme used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the startup probe route used on the app", + "default": "/health/readiness" + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before", + "default": 30 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often it needs to be true to be marked as ready, after failure", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered as failed so the Pod will be marked Unready", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the seconds after the probe times out", + "default": 1 + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the readiness probe is enabled in app container", + "default": true + }, + "scheme": { + "type": "string", + "description": "defines the startup probe scheme used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the readiness probe route used on the app", + "default": "/health/readiness" + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before", + "default": 30 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often it needs to be true to be marked as ready, after failure", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered as failed so the Pod will be marked Unready", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the seconds after the probe times out", + "default": 1 + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the liveness probe is enabled in app container", + "default": false + }, + "scheme": { + "type": "string", + "description": "defines the startup probe scheme used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the liveness probe route used on the app", + "default": "/health/liveness" + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before", + "default": 30 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often it needs to be true to be considered successful after having failed", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered as failed so the container will be restarted", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the seconds after the probe times out", + "default": 1 + } + } + }, + "metrics": { + "type": "object", + "properties": { + "prometheus": { + "type": "string", + "description": "Prometheus metrics endpoint", + "default": "/prometheus" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, enables the Console service account", + "default": true + }, + "name": { + "type": "string", + "description": "can be used to set the name of the Console service account", + "default": "" + }, + "annotations": { + "type": "object", + "description": "can be used to set the annotations of the service account", + "default": {} + }, + "automountServiceAccountToken": { + "type": "boolean", + "description": "can be used to control whether the service account token should be automatically mounted", + "default": false + } + } + }, + "podSecurityContext": { + "type": "object", + "properties": { + "runAsNonRoot": { + "type": "boolean", + "description": "run as non root", + "default": true + }, + "fsGroup": { + "type": "number", + "description": "", + "default": 1001 + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "", + "default": "RuntimeDefault" + } + } + } + } + }, + "containerSecurityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean", + "description": "", + "default": false + }, + "privileged": { + "type": "boolean", + "description": "", + "default": false + }, + "readOnlyRootFilesystem": { + "type": "boolean", + "description": "", + "default": true + }, + "runAsNonRoot": { + "type": "boolean", + "description": "", + "default": true + }, + "runAsUser": { + "type": "number", + "description": "", + "default": 1001 + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "", + "default": "RuntimeDefault" + } + } + } + } + }, + "nodeSelector": { + "type": "object", + "description": "can be used to define on which nodes the Console pods should run", + "default": {} + }, + "tolerations": { + "type": "array", + "description": "can be used to define pod toleration's https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", + "default": [], + "items": {} + }, + "affinity": { + "type": "object", + "description": "can be used to define pod affinity or anti-affinity https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", + "default": {} + }, + "dnsPolicy": { + "type": "string", + "description": "https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy", + "default": "" + }, + "dnsConfig": { + "type": "object", + "description": "https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config", + "default": {} + } + } + }, + "webModeler": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the WebModeler deployment and its related resources are deployed via a helm release", + "default": false + }, + "fullnameOverride": { + "type": "string", + "description": "can be used to override the full name of the WebModeler resources", + "default": "" + }, + "nameOverride": { + "type": "string", + "description": "can be used to partly override the name of the WebModeler resources (names will still be prefixed with the release name)", + "default": "" + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string", + "description": "can be used to set the Docker registry for the WebModeler images (overwrites global.image.registry)", + "default": "" + }, + "tag": { + "type": "string", + "description": "can be used to set the Docker image tag for the WebModeler images (overwrites global.image.tag)", + "default": "8.7.0-alpha2" + }, + "pullSecrets": { + "type": "array", + "description": "can be used to configure image pull secrets, see https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod", + "default": [], + "items": {} + } + } + }, + "contextPath": { + "type": "string", + "description": "can be used to make WebModeler available on a custom sub-path. This is mainly used to run the Camunda web applications under a single domain.", + "default": "" + }, + "restapi": { + "type": "object", + "properties": { + "image": { + "type": "object", + "properties": { + "repository": { + "type": "string", + "description": "defines which image repository to use for the restapi Docker image", + "default": "camunda/web-modeler-restapi" + } + } + }, + "sidecars": { + "type": "array", + "description": "can be used to attach extra containers to the restapi deployment", + "default": [], + "items": {} + }, + "initContainers": { + "type": "array", + "description": "can be used to set up extra init containers for the application Pod", + "default": [], + "items": {} + }, + "externalDatabase": { + "type": "object", + "properties": { + "url": { + "type": "string", + "description": "defines the JDBC url of the database instance", + "default": "" + }, + "user": { + "type": "string", + "description": "defines the database user", + "default": "" + }, + "password": { + "type": "string", + "description": "can be used to provide the database user's password; ignored if `webModeler.restapi.externalDatabase.existingSecret` is set", + "default": "" + }, + "existingSecret": { + "type": "string", + "description": "can be used to provide the name of an existing secret resource containing the database password", + "default": "" + }, + "existingSecretPasswordKey": { + "type": "string", + "description": "can be used to provide the name of an existing secret key containing the database password", + "default": "database-password" + } + } + }, + "mail": { + "type": "object", + "properties": { + "smtpHost": { + "type": "string", + "description": "defines the host name of the SMTP server to be used by WebModeler", + "default": "" + }, + "smtpPort": { + "type": "number", + "description": "defines the port number of the SMTP server", + "default": 587 + }, + "smtpUser": { + "type": "string", + "description": "can be used to provide a user for the SMTP server", + "default": "" + }, + "smtpPassword": { + "type": "string", + "description": "can be used to provide a password for the SMTP server; ignored if `webModeler.restapi.mail.existingSecret` is set", + "default": "" + }, + "smtpTlsEnabled": { + "type": "boolean", + "description": "if true, enforces TLS encryption for SMTP connections (using STARTTLS)", + "default": true + }, + "existingSecret": { + "type": "string", + "description": "can be used to provide the name of an existing secret resource containing the SMTP password", + "default": "" + }, + "existingSecretPasswordKey": { + "type": "string", + "description": "can be used to provide the name of an existing secret key containing the SMTP password", + "default": "smtp-password" + }, + "fromAddress": { + "type": "string", + "description": "defines the email address that will be displayed as the sender of emails sent by WebModeler", + "default": "" + }, + "fromName": { + "type": "string", + "description": "defines the name that will be displayed as the sender of emails sent by WebModeler", + "default": "Camunda 8" + } + } + }, + "clusters": { + "type": "array", + "description": "can be used to configure Camunda 8 clusters that will be available in Web Modeler (will override default cluster configuration that is used if `core.enabled=true`)", + "default": [], + "items": {} + }, + "podAnnotations": { + "type": "object", + "description": "can be used to define extra restapi pod annotations", + "default": {} + }, + "podLabels": { + "type": "object", + "description": "can be used to define extra restapi pod labels", + "default": {} + }, + "env": { + "type": "array", + "description": "can be used to set extra environment variables in each restapi container", + "default": [], + "items": {} + }, + "envFrom": { + "type": "array", + "description": "list of environment variables to import from configMapRef and secretRef", + "default": [], + "items": {} + }, + "command": { + "type": "array", + "description": "can be used to override the default command provided by the container image, see https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", + "default": [], + "items": {} + }, + "extraVolumes": { + "type": "array", + "description": "can be used to define extra volumes for the restapi pods, useful for TLS and self-signed certificates", + "default": [], + "items": {} + }, + "extraVolumeMounts": { + "type": "array", + "description": "can be used to mount extra volumes for the restapi pods, useful for TLS and self-signed certificates", + "default": [], + "items": {} + }, + "podSecurityContext": { + "type": "object", + "properties": { + "runAsNonRoot": { + "type": "boolean", + "description": "", + "default": true + }, + "fsGroup": { + "type": "number", + "description": "", + "default": 1001 + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "", + "default": "RuntimeDefault" + } + } + } + } + }, + "containerSecurityContext": { + "type": "object", + "properties": { + "privileged": { + "type": "boolean", + "description": "", + "default": false + }, + "readOnlyRootFilesystem": { + "type": "boolean", + "description": "", + "default": true + }, + "allowPrivilegeEscalation": { + "type": "boolean", + "description": "", + "default": false + }, + "runAsNonRoot": { + "type": "boolean", + "description": "", + "default": true + }, + "runAsUser": { + "type": "number", + "description": "", + "default": 1001 + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "", + "default": "RuntimeDefault" + } + } + } + } + }, + "startupProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the startup probe will be enabled for the restapi container", + "default": false + }, + "scheme": { + "type": "string", + "description": "defines the startup probe schema used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the HTTP endpoint used for the startup probe", + "default": "/health/liveness" + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before the probe is initiated", + "default": 30 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often the probe needs to succeed to be considered successful after having failed", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered failed so the container will be restarted", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the number of seconds after which the probe times out", + "default": 1 + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the readiness probe will be enabled for the restapi container", + "default": true + }, + "scheme": { + "type": "string", + "description": "defines the startup probe schema used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the HTTP endpoint used for the readiness probe", + "default": "/health/readiness" + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before the probe is initiated", + "default": 30 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often the probe needs to succeed to be considered successful after having failed", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered failed so the Pod will be marked unready", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the number of seconds after which the probe times out", + "default": 1 + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the liveness probe will be enabled for the restapi container", + "default": false + }, + "scheme": { + "type": "string", + "description": "defines the startup probe schema used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the HTTP endpoint used for the liveness probe", + "default": "/health/liveness" + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before the probe is initiated", + "default": 30 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often the probe needs to succeed to be considered successful after having failed", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered failed so the container will be restarted", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the number of seconds after which the probe times out", + "default": 1 + } + } + }, + "metrics": { + "type": "object", + "properties": { + "prometheus": { + "type": "string", + "description": "Prometheus metrics endpoint", + "default": "/metrics" + } + } + }, + "nodeSelector": { + "type": "object", + "description": "can be used to select the nodes the restapi pods should run on", + "default": {} + }, + "tolerations": { + "type": "array", + "description": "can be used to define pod tolerations, see https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", + "default": [], + "items": {} + }, + "affinity": { + "type": "object", + "description": "can be used to define pod affinity or anti-affinity, see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", + "default": {} + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "description": "", + "default": "500m" + }, + "memory": { + "type": "string", + "description": "", + "default": "1Gi" + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "description": "", + "default": "1000m" + }, + "memory": { + "type": "string", + "description": "", + "default": "2Gi" + } + } + } + } + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "description": "can be used to define annotations which will be applied to the service", + "default": {} + }, + "type": { + "type": "string", + "description": "defines the type of the service, see https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", + "default": "ClusterIP" + }, + "port": { + "type": "number", + "description": "defines the default port of the service", + "default": 80 + }, + "managementPort": { + "type": "number", + "description": "defines the management port of the service", + "default": 8091 + } + } + }, + "configuration": { + "type": "string", + "description": "if specified, contents will be used as the application.yaml", + "default": "" + }, + "extraConfiguration": { + "type": "object", + "description": "if specified, contents will be used for any extra configuration files such as log4j2.xml", + "default": {} + }, + "dnsPolicy": { + "type": "string", + "description": "https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy", + "default": "" + }, + "dnsConfig": { + "type": "object", + "description": "https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config", + "default": {} + } + } + }, + "webapp": { + "type": "object", + "properties": { + "image": { + "type": "object", + "properties": { + "repository": { + "type": "string", + "description": "defines which image repository to use for the webapp Docker image", + "default": "camunda/web-modeler-webapp" + } + } + }, + "sidecars": { + "type": "array", + "description": "can be used to attach extra containers to the modeler webapp deployment", + "default": [], + "items": {} + }, + "initContainers": { + "type": "array", + "description": "can be used to set up extra init containers for the application Pod", + "default": [], + "items": {} + }, + "podAnnotations": { + "type": "object", + "description": "can be used to define extra webapp pod annotations", + "default": {} + }, + "podLabels": { + "type": "object", + "description": "can be used to define extra webapp pod labels", + "default": {} + }, + "env": { + "type": "array", + "description": "can be used to set extra environment variables in each webapp container", + "default": [], + "items": {} + }, + "envFrom": { + "type": "array", + "description": "list of environment variables to import from configMapRef and secretRef", + "default": [], + "items": {} + }, + "command": { + "type": "array", + "description": "can be used to override the default command provided by the container image, see https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", + "default": [], + "items": {} + }, + "extraVolumes": { + "type": "array", + "description": "can be used to define extra volumes for the webapp pods, useful for TLS and self-signed certificates", + "default": [], + "items": {} + }, + "extraVolumeMounts": { + "type": "array", + "description": "can be used to mount extra volumes for the webapp pods, useful for TLS and self-signed certificates", + "default": [], + "items": {} + }, + "podSecurityContext": { + "type": "object", + "properties": { + "runAsNonRoot": { + "type": "boolean", + "description": "", + "default": true + }, + "fsGroup": { + "type": "number", + "description": "", + "default": 1001 + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "", + "default": "RuntimeDefault" + } + } + } + } + }, + "containerSecurityContext": { + "type": "object", + "properties": { + "privileged": { + "type": "boolean", + "description": "", + "default": false + }, + "readOnlyRootFilesystem": { + "type": "boolean", + "description": "", + "default": true + }, + "allowPrivilegeEscalation": { + "type": "boolean", + "description": "", + "default": false + }, + "runAsNonRoot": { + "type": "boolean", + "description": "", + "default": true + }, + "runAsUser": { + "type": "number", + "description": "", + "default": 1001 + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "", + "default": "RuntimeDefault" + } + } + } + } + }, + "startupProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the startup probe will be enabled for the webapp container", + "default": false + }, + "scheme": { + "type": "string", + "description": "defines the startup probe schema used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the HTTP endpoint used for the startup probe", + "default": "/health/liveness" + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before the probe is initiated", + "default": 15 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often the probe needs to succeed to be considered successful after having failed", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered failed so the container will be restarted", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the number of seconds after which the probe times out", + "default": 1 + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the readiness probe will be enabled for the webapp container", + "default": true + }, + "scheme": { + "type": "string", + "description": "defines the startup probe schema used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the HTTP endpoint used for the readiness probe", + "default": "/health/readiness" + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before the probe is initiated", + "default": 15 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often the probe needs to succeed to be considered successful after having failed", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered failed so the Pod will be marked unready", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the number of seconds after which the probe times out", + "default": 1 + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the liveness probe will be enabled for the webapp container", + "default": false + }, + "scheme": { + "type": "string", + "description": "defines the startup probe schema used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the HTTP endpoint used for the liveness probe", + "default": "/health/liveness" + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before the probe is initiated", + "default": 15 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often the probe needs to succeed to be considered successful after having failed", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered failed so the container will be restarted", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the number of seconds after which the probe times out", + "default": 1 + } + } + }, + "metrics": { + "type": "object", + "properties": { + "prometheus": { + "type": "string", + "description": "Prometheus metrics endpoint", + "default": "/metrics" + } + } + }, + "nodeSelector": { + "type": "object", + "description": "can be used to select the nodes the webapp pods should run on", + "default": {} + }, + "tolerations": { + "type": "array", + "description": "can be used to define pod tolerations, see https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", + "default": [], + "items": {} + }, + "affinity": { + "type": "object", + "description": "can be used to define pod affinity or anti-affinity, see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", + "default": {} + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "description": "", + "default": "400m" + }, + "memory": { + "type": "string", + "description": "", + "default": "256Mi" + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "description": "", + "default": "800m" + }, + "memory": { + "type": "string", + "description": "", + "default": "512Mi" + } + } + } + } + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "description": "can be used to define annotations which will be applied to the service", + "default": {} + }, + "type": { + "type": "string", + "description": "defines the type of the service, see https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", + "default": "ClusterIP" + }, + "port": { + "type": "number", + "description": "defines the port of the service", + "default": 80 + }, + "managementPort": { + "type": "number", + "description": "defines the management port of the service", + "default": 8071 + } + } + }, + "configuration": { + "type": "string", + "description": "if specified, contents will be used as the application.yaml", + "default": "" + }, + "extraConfiguration": { + "type": "object", + "description": "if specified, contents will be used for any extra configuration files such as log4j2.xml", + "default": {} + }, + "dnsPolicy": { + "type": "string", + "description": "https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy", + "default": "" + }, + "dnsConfig": { + "type": "object", + "description": "https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config", + "default": {} + } + } + }, + "websockets": { + "type": "object", + "properties": { + "image": { + "type": "object", + "properties": { + "repository": { + "type": "string", + "description": "defines which image repository to use for the websockets Docker image", + "default": "camunda/web-modeler-websockets" + } + } + }, + "sidecars": { + "type": "array", + "description": "can be used to attach extra containers to the modeler websockets deployment", + "default": [], + "items": {} + }, + "initContainers": { + "type": "array", + "description": "can be used to set up extra init containers for the application Pod", + "default": [], + "items": {} + }, + "publicHost": { + "type": "string", + "description": "can be used to define the host on which the WebSockets server can be reached from the WebModeler client in the browser.", + "default": "localhost" + }, + "publicPort": { + "type": "number", + "description": "can be used to define the port number on which the WebSockets server can be reached from the WebModeler client in the browser.", + "default": 8085 + }, + "podAnnotations": { + "type": "object", + "description": "can be used to define extra websockets pod annotations", + "default": {} + }, + "podLabels": { + "type": "object", + "description": "can be used to define extra websockets pod labels", + "default": {} + }, + "env": { + "type": "array", + "description": "can be used to set extra environment variables in each websockets container", + "default": [], + "items": {} + }, + "envFrom": { + "type": "array", + "description": "list of environment variables to import from configMapRef and secretRef", + "default": [], + "items": {} + }, + "command": { + "type": "array", + "description": "can be used to override the default command provided by the container image, see https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", + "default": [], + "items": {} + }, + "extraVolumes": { + "type": "array", + "description": "can be used to define extra volumes for the websockets pod; useful for logging to a file", + "default": [], + "items": {} + }, + "extraVolumeMounts": { + "type": "array", + "description": "can be used to mount extra volumes for the websockets pod; useful for logging to a file", + "default": [], + "items": {} + }, + "podSecurityContext": { + "type": "object", + "properties": { + "runAsNonRoot": { + "type": "boolean", + "description": "", + "default": true + }, + "fsGroup": { + "type": "number", + "description": "", + "default": 1001 + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "", + "default": "RuntimeDefault" + } + } + } + } + }, + "containerSecurityContext": { + "type": "object", + "properties": { + "privileged": { + "type": "boolean", + "description": "", + "default": false + }, + "readOnlyRootFilesystem": { + "type": "boolean", + "description": "", + "default": true + }, + "allowPrivilegeEscalation": { + "type": "boolean", + "description": "", + "default": false + }, + "runAsNonRoot": { + "type": "boolean", + "description": "", + "default": true + }, + "runAsUser": { + "type": "number", + "description": "", + "default": 1001 + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "", + "default": "RuntimeDefault" + } + } + } + } + }, + "startupProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the startup probe will be enabled for the websockets container", + "default": false + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before the probe is initiated", + "default": 10 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often the probe needs to succeed to be considered successful after having failed", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered failed so the container will be restarted", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the number of seconds after which the probe times out", + "default": 1 + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the readiness probe will be enabled for the websockets container", + "default": true + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before the probe is initiated", + "default": 10 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often the probe needs to succeed to be considered successful after having failed", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered failed so the Pod will be marked unready", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the number of seconds after which the probe times out", + "default": 1 + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the liveness probe will be enabled for the websockets container", + "default": false + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before the probe is initiated", + "default": 10 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often the probe needs to succeed to be considered successful after having failed", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered failed so the container will be restarted", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the number of seconds after which the probe times out", + "default": 1 + } + } + }, + "nodeSelector": { + "type": "object", + "description": "can be used to select the nodes the websockets pods should run on", + "default": {} + }, + "tolerations": { + "type": "array", + "description": "can be used to define pod tolerations, see https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", + "default": [], + "items": {} + }, + "affinity": { + "type": "object", + "description": "can be used to define pod affinity or anti-affinity, see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", + "default": {} + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "description": "", + "default": "100m" + }, + "memory": { + "type": "string", + "description": "", + "default": "64Mi" + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "description": "", + "default": "200m" + }, + "memory": { + "type": "string", + "description": "", + "default": "128Mi" + } + } + } + } + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "description": "can be used to define annotations which will be applied to the service", + "default": {} + }, + "type": { + "type": "string", + "description": "defines the type of the service, see https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", + "default": "ClusterIP" + }, + "port": { + "type": "number", + "description": "defines the port of the service", + "default": 80 + } + } + }, + "configuration": { + "type": "string", + "description": "if specified, contents will be used as the application.yaml", + "default": "" + }, + "extraConfiguration": { + "type": "object", + "description": "if specified, contents will be used for any extra configuration files such as log4j2.xml", + "default": {} + }, + "dnsPolicy": { + "type": "string", + "description": "https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy", + "default": "" + }, + "dnsConfig": { + "type": "object", + "description": "https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config", + "default": {} + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, enables the WebModeler service account", + "default": true + }, + "name": { + "type": "string", + "description": "can be used to set the name of the WebModeler service account", + "default": "" + }, + "annotations": { + "type": "object", + "description": "can be used to set the annotations of the WebModeler service account", + "default": {} + }, + "automountServiceAccountToken": { + "type": "boolean", + "description": "can be used to control whether the service account token should be automatically mounted", + "default": false + } + } + } + } + }, + "webModelerPostgresql": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, a PostgreSQL database will be deployed as part of the Helm release by using the dependency chart", + "default": false + }, + "global": { + "type": "object", + "properties": { + "compatibility": { + "type": "object", + "properties": { + "openshift": { + "type": "object", + "properties": { + "adaptSecurityContext": { + "type": "string", + "description": "Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: force (perform the adaptation always), disabled (do not perform adaptation)", + "default": "{{ .Values.global.compatibility.openshift.adaptSecurityContext | default \"disabled\" }}" + } + } + } + } + } + } + }, + "nameOverride": { + "type": "string", + "description": "defines the name of the Postgres resources (names will be prefixed with the release name), see https://github.com/bitnami/charts/tree/main/bitnami/postgresql#common-parameters", + "default": "postgresql-web-modeler" + }, + "image": { + "type": "object", + "properties": { + "repository": { + "type": "string", + "description": "PostgreSQL repo", + "default": "bitnami/postgresql" + }, + "tag": { + "type": "string", + "description": "PostgreSQL image tag", + "default": "14.15.0-debian-12-r3" + } + } + }, + "auth": { + "type": "object", + "properties": { + "username": { + "type": "string", + "description": "defines the name of the database user to be created for WebModeler", + "default": "web-modeler" + }, + "password": { + "type": "string", + "description": "can be used to provide the database user's password; a random password will be generated if left empty / ignored if `postgresql.auth.existingSecret` is set", + "default": "" + }, + "database": { + "type": "string", + "description": "defines the name of the database to be created for WebModeler", + "default": "web-modeler" + }, + "existingSecret": { + "type": "string", + "description": "can be used to provide the name of an existing secret resource containing the database password", + "default": "" + }, + "secretKeys": { + "type": "object", + "properties": { + "adminPasswordKey": { + "type": "string", + "description": "defines the key within the existing secret object for PostgreSQL admin.", + "default": "postgres-password" + }, + "userPasswordKey": { + "type": "string", + "description": "defines the key within the existing secret object for PostgreSQL user.", + "default": "password" + } + } + } + } + }, + "primary": { + "type": "object", + "properties": { + "containerSecurityContext": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "", + "default": true + }, + "allowPrivilegeEscalation": { + "type": "boolean", + "description": "", + "default": false + }, + "privileged": { + "type": "boolean", + "description": "", + "default": false + }, + "readOnlyRootFilesystem": { + "type": "boolean", + "description": "", + "default": true + }, + "runAsNonRoot": { + "type": "boolean", + "description": "", + "default": true + }, + "runAsUser": { + "type": "number", + "description": "", + "default": 1001 + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "description": "", + "default": [ + "ALL" + ], + "items": { + "type": "string" + } + } + } + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "", + "default": "RuntimeDefault" + } + } + } + } + }, + "podSecurityContext": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "", + "default": true + }, + "runAsNonRoot": { + "type": "boolean", + "description": "", + "default": true + }, + "fsGroup": { + "type": "number", + "description": "", + "default": 1001 + } + } + } + } + } + } + }, + "connectors": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the Connectors deployment and its related resources are deployed via a helm release", + "default": true + }, + "inbound": { + "type": "object", + "properties": { + "mode": { + "type": "string", + "description": "acceptable values: disabled, credentials, or oauth", + "default": "oauth" + }, + "auth": { + "type": "object", + "properties": { + "existingSecret": { + "type": "string", + "description": "can be used to configure Secret name that contains password (if inbound mode is credentials)", + "default": "" + }, + "existingSecretKey": { + "type": "string", + "description": "defines the key within the existing secret object.", + "default": "connectors-secret" + } + } + } + } + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string", + "description": "can be used to set container image registry.", + "default": "" + }, + "repository": { + "type": "string", + "description": "defines which image repository to use", + "default": "camunda/connectors-bundle" + }, + "tag": { + "type": "string", + "description": "can be set to overwrite the global tag, which should be used in that chart", + "default": "8.7.0-alpha2.1" + }, + "pullSecrets": { + "type": "array", + "description": "can be used to configure image pull secrets https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod", + "default": [], + "items": {} + } + } + }, + "sidecars": { + "type": "array", + "description": "can be used to attach extra containers to the connectors deployment", + "default": [], + "items": {} + }, + "initContainers": { + "type": "array", + "description": "can be used to set up extra init containers for the application Pod", + "default": [], + "items": {} + }, + "replicas": { + "type": "number", + "description": "number of Connectors replicas", + "default": 1 + }, + "contextPath": { + "type": "string", + "description": "can be used to make Connectors web application works on a custom sub-path. This is mainly used to run Camunda web applications under a single domain.", + "default": "" + }, + "podAnnotations": { + "type": "object", + "description": "can be used to define extra Connectors pod annotations", + "default": {} + }, + "podLabels": { + "type": "object", + "description": "can be used to define extra Connectors pod labels", + "default": {} + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "description": "can be used to define annotations, which will be applied to the Connectors service", + "default": {} + }, + "type": { + "type": "string", + "description": "defines the type of the service https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", + "default": "ClusterIP" + }, + "serverPort": { + "type": "number", + "description": "defines the port number where the Connector web application will be available", + "default": 8080 + }, + "serverName": { + "type": "string", + "description": "defines the port name where the Connector web application will be available", + "default": "http" + } + } + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "number", + "description": "", + "default": 1 + }, + "memory": { + "type": "string", + "description": "", + "default": "1Gi" + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "number", + "description": "", + "default": 2 + }, + "memory": { + "type": "string", + "description": "", + "default": "2Gi" + } + } + } + } + }, + "env": { + "type": "array", + "description": "can be used to set extra environment variables in each Connector container", + "default": [], + "items": {} + }, + "envFrom": { + "type": "array", + "description": "list of environment variables to import from configMapRef and secretRef", + "default": [], + "items": {} + }, + "command": { + "type": "array", + "description": "can be used to override the default command provided by the container image. See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", + "default": [], + "items": {} + }, + "extraVolumes": { + "type": "array", + "description": "can be used to define extra volumes for the Connectors pods, useful for TLS and self-signed certificates", + "default": [], + "items": {} + }, + "extraVolumeMounts": { + "type": "array", + "description": "can be used to mount extra volumes for the Connectors pods, useful for TLS and self-signed certificates", + "default": [], + "items": {} + }, + "startupProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the startup probe is enabled in app container", + "default": false + }, + "scheme": { + "type": "string", + "description": "defines the startup probe scheme used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the startup probe route used on the app", + "default": "/actuator/health/readiness" + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before", + "default": 30 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often it needs to be true to be marked as ready, after failure", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered as failed so the Pod will be marked Unready", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the seconds after the probe times out", + "default": 1 + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the readiness probe is enabled in app container", + "default": false + }, + "scheme": { + "type": "string", + "description": "defines the startup probe scheme used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the readiness probe route used on the app", + "default": "/actuator/health/readiness" + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before the probe is initiated.", + "default": 30 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often it needs to be true to be marked as ready, after failure", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered as failed so the Pod will be marked Unready", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the seconds after the probe times out", + "default": 1 + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the liveness probe is enabled in app container", + "default": false + }, + "scheme": { + "type": "string", + "description": "defines the startup probe scheme used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the liveness probe route used on the app", + "default": "/actuator/health/liveness" + }, + "initialDelaySeconds": { + "type": "number", + "description": "the probe is initiated.", + "default": 30 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often it needs to be true to be considered successful after having failed", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered as failed so the container will be restarted", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the seconds after the probe times out", + "default": 1 + } + } + }, + "metrics": { + "type": "object", + "properties": { + "prometheus": { + "type": "string", + "description": "Prometheus metrics endpoint", + "default": "/actuator/prometheus" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, enables the Connectors service account", + "default": true + }, + "name": { + "type": "string", + "description": "can be used to set the name of the Connectors service account", + "default": "" + }, + "annotations": { + "type": "object", + "description": "can be used to set the annotations of the service account", + "default": {} + }, + "automountServiceAccountToken": { + "type": "boolean", + "description": "can be used to control whether the service account token should be automatically mounted", + "default": false + } + } + }, + "podSecurityContext": { + "type": "object", + "properties": { + "runAsNonRoot": { + "type": "boolean", + "description": "run as non root", + "default": true + }, + "fsGroup": { + "type": "number", + "description": "", + "default": 1001 + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "", + "default": "RuntimeDefault" + } + } + } + } + }, + "containerSecurityContext": { + "type": "object", + "properties": { + "privileged": { + "type": "boolean", + "description": "", + "default": false + }, + "readOnlyRootFilesystem": { + "type": "boolean", + "description": "", + "default": true + }, + "allowPrivilegeEscalation": { + "type": "boolean", + "description": "", + "default": false + }, + "runAsNonRoot": { + "type": "boolean", + "description": "", + "default": true + }, + "runAsUser": { + "type": "number", + "description": "", + "default": 1001 + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "", + "default": "RuntimeDefault" + } + } + } + } + }, + "nodeSelector": { + "type": "object", + "description": "can be used to define on which nodes the Connectors pods should run", + "default": {} + }, + "tolerations": { + "type": "array", + "description": "can be used to define pod toleration's https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", + "default": [], + "items": {} + }, + "affinity": { + "type": "object", + "description": "can be used to define pod affinity or anti-affinity https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", + "default": {} + }, + "configuration": { + "type": "string", + "description": "if specified, contents will be used as the application.yaml", + "default": "" + }, + "extraConfiguration": { + "type": "object", + "description": "if specified, contents will be used for any extra configuration files such as the log4j2.xml", + "default": {} + }, + "dnsPolicy": { + "type": "string", + "description": "https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy", + "default": "" + }, + "dnsConfig": { + "type": "object", + "description": "https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config", + "default": {} + } + } + }, + "core": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, all related resources are deployed via the helm release", + "default": true + }, + "debug": { + "type": "boolean", + "description": "if true, extra info is printed.", + "default": false + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string", + "description": "can be used to set container image registry.", + "default": "" + }, + "repository": { + "type": "string", + "description": "defines which image repository to use", + "default": "camunda/camunda" + }, + "tag": { + "type": "string", + "description": "can be set to overwrite the global tag, which should be used in that chart", + "default": "8.7.0-alpha2" + }, + "pullSecrets": { + "type": "array", + "description": "can be used to configure image pull secrets https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod", + "default": [], + "items": {} + } + } + }, + "sidecars": { + "type": "array", + "description": "can be used to attach extra containers to the deployment", + "default": [], + "items": {} + }, + "clusterSize": { + "type": "string", + "description": "defines the amount of brokers (=replicas), which are deployed via helm", + "default": "3" + }, + "partitionCount": { + "type": "string", + "description": "defines how many partitions are set up in the cluster", + "default": "3" + }, + "replicationFactor": { + "type": "string", + "description": "defines how each partition is replicated, the value defines the number of nodes", + "default": "3" + }, + "env": { + "type": "array", + "description": "can be used to set extra environment variables in each broker container", + "default": [], + "items": {} + }, + "envFrom": { + "type": "array", + "description": "list of environment variables to import from configMapRef and secretRef", + "default": [], + "items": {} + }, + "configMap": { + "type": "object", + "properties": { + "defaultMode": { + "type": "number", + "description": "can be used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. see https://github.com/kubernetes/api/blob/master/core/v1/types.go#L1615-L1623", + "default": 754 + } + } + }, + "command": { + "type": "array", + "description": "can be used to override the default command provided by the container image. See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", + "default": [], + "items": {} + }, + "logLevel": { + "type": "string", + "description": "defines the log level which is used", + "default": "info" + }, + "log4j2": { + "type": "string", + "description": "can be used to overwrite the log4j2 configuration", + "default": "" + }, + "javaOpts": { + "type": "string", + "description": "can be used to set java options", + "default": "-XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/usr/local/camunda/data -XX:ErrorFile=/usr/local/camunda/data/zeebe_error%p.log -XX:+ExitOnOutOfMemoryError" + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "description": "can be used to define annotations, which will be applied to the service", + "default": {} + }, + "type": { + "type": "string", + "description": "defines the type of the service https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", + "default": "ClusterIP" + }, + "httpPort": { + "type": "number", + "description": "defines the port of the http endpoint, where for example metrics are provided", + "default": 8080 + }, + "httpName": { + "type": "string", + "description": "defines the name of the http endpoint, where for example metrics are provided", + "default": "http" + }, + "commandPort": { + "type": "number", + "description": "defines the port of the command api endpoint, where the broker commands are sent to", + "default": 26501 + }, + "commandName": { + "type": "string", + "description": "defines the name of the command api endpoint, where the broker commands are sent to", + "default": "command" + }, + "internalPort": { + "type": "number", + "description": "defines the port of the internal api endpoint, which is used for internal communication", + "default": 26502 + }, + "internalName": { + "type": "string", + "description": "defines the name of the internal api endpoint, which is used for internal communication", + "default": "internal" + }, + "extraPorts": { + "type": "array", + "description": "can be used to expose any other ports which are required. Can be useful for exporters", + "default": [], + "items": {} + }, + "grpcPort": { + "type": "number", + "description": "defines the port of the gateway gRPC endpoint, where client commands (grpc) are sent to", + "default": 26500 + }, + "grpcName": { + "type": "string", + "description": "defines the name of the gateway gRPC endpoint, where client commands (grpc) are sent to", + "default": "gateway" + }, + "managementPort": { + "type": "number", + "description": "", + "default": 9600 + }, + "managementName": { + "type": "string", + "description": "", + "default": "server" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, enables the broker service account", + "default": true + }, + "name": { + "type": "string", + "description": "can be used to set the name of the broker service account", + "default": "" + }, + "annotations": { + "type": "object", + "description": "can be used to set the annotations of the broker service account", + "default": {} + }, + "automountServiceAccountToken": { + "type": "boolean", + "description": "can be used to control whether the service account token should be automatically mounted", + "default": false + } + } + }, + "ingress": { + "type": "object", + "properties": { + "grpc": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, an ingress resource is deployed with the Zeebe gateway deployment. Only useful if an ingress controller is available, like nginx.", + "default": false + }, + "className": { + "type": "string", + "description": "defines the class or configuration of ingress which should be used by the controller", + "default": "nginx" + }, + "path": { + "type": "string", + "description": "defines the path which is associated with the Zeebe gateway's gRPC service and port https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules", + "default": "/" + }, + "pathType": { + "type": "string", + "description": "can be used to define the Ingress path type. https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types", + "default": "Prefix" + }, + "host": { + "type": "string", + "description": "can be used to define the host of the ingress rule. https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules", + "default": "" + }, + "tls": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, then tls is configured on the ingress resource. If enabled the Ingress.host need to be defined.", + "default": false + }, + "secretName": { + "type": "string", + "description": "defines the secret name which contains the TLS private key and certificate", + "default": "camunda-platform-core-grpc" + } + } + } + } + } + } + }, + "contextPath": { + "type": "string", + "description": "can be used to make Core web application works on a custom sub-path. This is mainly used to run Camunda web applications under a single domain.", + "default": "" + }, + "cpuThreadCount": { + "type": "string", + "description": "defines how many threads can be used for the processing on each broker pod", + "default": "3" + }, + "ioThreadCount": { + "type": "string", + "description": "defines how many threads can be used for the exporting on each broker pod", + "default": "3" + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "description": "", + "default": "1000m" + }, + "memory": { + "type": "string", + "description": "", + "default": "1500Mi" + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "description": "", + "default": "2000m" + }, + "memory": { + "type": "string", + "description": "", + "default": "3000Mi" + } + } + } + } + }, + "persistenceType": { + "type": "string", + "description": "defines the type of persistence which is used by core. Possible values are: disk, local and memory.", + "default": "disk" + }, + "pvcSize": { + "type": "string", + "description": "defines the persistent volume claim size, which is used by each broker pod https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims", + "default": "32Gi" + }, + "pvcAccessModes": { + "type": "array", + "description": "can be used to configure the persistent volume claim access mode https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes", + "default": [ + "ReadWriteOnce" + ], + "items": { + "type": "string" + } + }, + "pvcStorageClassName": { + "type": "string", + "description": "can be used to set the storage class name which should be used by the persistent volume claim.", + "default": "" + }, + "pvcAnnotations": { + "type": "object", + "description": "can be used to specify custom annotations for persistent volume claims, enhancing storage configuration flexibility.", + "default": {} + }, + "pvcSelector": { + "type": "object", + "description": "can be used to specify a label selector for persistent volume claims for further filtering of the set of persistent volumes to select.", + "default": {} + }, + "extraVolumes": { + "type": "array", + "description": "can be used to define extra volumes for the broker pods, useful for additional exporters", + "default": [], + "items": {} + }, + "extraVolumeMounts": { + "type": "array", + "description": "can be used to mount extra volumes for the broker pods, useful for additional exporters", + "default": [], + "items": {} + }, + "extraInitContainers": { + "type": "array", + "description": "(Deprecated - use `initContainers` instead) ExtraInitContainers can be used to set up extra init containers for the broker pods, useful for additional exporters", + "default": [], + "items": {} + }, + "initContainers": { + "type": "array", + "description": "can be used to set up extra init containers for the application Pod", + "default": [], + "items": {} + }, + "podAnnotations": { + "type": "object", + "description": "can be used to define extra broker pod annotations", + "default": {} + }, + "podLabels": { + "type": "object", + "description": "can be used to define extra broker pod labels", + "default": {} + }, + "podDisruptionBudget": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true a pod disruption budget is defined for the brokers", + "default": false + }, + "minAvailable": { + "type": "number", + "description": "can be used to set how many pods should be available. Be aware that if minAvailable is set, maxUnavailable will not be set (they are mutually exclusive).", + "default": 0 + }, + "maxUnavailable": { + "type": "number", + "description": "can be used to set how many pods should be at max. unavailable", + "default": 1 + } + } + }, + "podSecurityContext": { + "type": "object", + "properties": { + "runAsNonRoot": { + "type": "boolean", + "description": "run as non root", + "default": true + }, + "fsGroup": { + "type": "number", + "description": "", + "default": 1001 + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "", + "default": "RuntimeDefault" + } + } + } + } + }, + "containerSecurityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean", + "description": "", + "default": false + }, + "privileged": { + "type": "boolean", + "description": "", + "default": false + }, + "readOnlyRootFilesystem": { + "type": "boolean", + "description": "", + "default": true + }, + "runAsNonRoot": { + "type": "boolean", + "description": "", + "default": true + }, + "runAsUser": { + "type": "number", + "description": "", + "default": 1001 + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "", + "default": "RuntimeDefault" + } + } + } + } + }, + "startupProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the startup probe is enabled in app container", + "default": false + }, + "scheme": { + "type": "string", + "description": "defines the startup probe schema used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the startup probe route used on the app", + "default": "/actuator/health/startup" + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before the probe is initiated.", + "default": 30 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often it needs to be true to be marked as ready, after failure", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered as failed so the Pod will be marked Unready", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the seconds after the probe times out", + "default": 1 + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the readiness probe is enabled in app container", + "default": true + }, + "scheme": { + "type": "string", + "description": "defines the startup probe schema used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the readiness probe route used on the app", + "default": "/actuator/health/readiness" + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before", + "default": 30 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often it needs to be true to be marked as ready, after failure", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered as failed so the Pod will be marked Unready", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the seconds after the probe times out", + "default": 1 + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the liveness probe is enabled in app container", + "default": false + }, + "scheme": { + "type": "string", + "description": "defines the startup probe schema used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the liveness probe route used on the app. The path is intended to be the same as the readinessProbe. Refer to this issue for more details: https://github.com/camunda/camunda-platform-helm/issues/1849", + "default": "/actuator/health/readiness" + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before", + "default": 30 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often it needs to be true to be considered successful after having failed", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered as failed so the container will be restarted", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the seconds after the probe times out", + "default": 1 + } + } + }, + "metrics": { + "type": "object", + "properties": { + "prometheus": { + "type": "string", + "description": "Prometheus metrics endpoint", + "default": "/actuator/prometheus" + } + } + }, + "nodeSelector": { + "type": "object", + "description": "can be used to define on which nodes the broker pods should run", + "default": {} + }, + "tolerations": { + "type": "array", + "description": "can be used to define pod toleration's https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", + "default": [], + "items": {} + }, + "priorityClassName": { + "type": "string", + "description": "can be used to define the broker pods priority https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass", + "default": "" + }, + "index": { + "type": "object", + "properties": { + "prefix": { + "type": "string", + "description": "if specified, defines web apps index prefix in Elasticsearch/OpenSearch. Note, for Zeebe index prefix, use \"global.elasticsearch.prefix\".", + "default": "" + } + } + }, + "retention": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the ILM Policy is created and applied to the index templates.", + "default": false + }, + "minimumAge": { + "type": "string", + "description": "defines how old the data must be, before the data is deleted as a duration.", + "default": "30d" + }, + "policyName": { + "type": "string", + "description": "defines the name of the created and applied ILM policy.", + "default": "core-record-retention-policy" + } + } + }, + "configuration": { + "type": "string", + "description": "if specified, contents will be used as the application.yaml", + "default": "" + }, + "extraConfiguration": { + "type": "object", + "description": "if specified, contents will be used for any extra configuration files such as log4j2.xml", + "default": {} + }, + "dnsPolicy": { + "type": "string", + "description": "https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy", + "default": "" + }, + "dnsConfig": { + "type": "object", + "description": "https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config", + "default": {} + } + } + }, + "optimize": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the Optimize deployment and its related resources are deployed via a helm release", + "default": true + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string", + "description": "can be used to set container image registry", + "default": "" + }, + "repository": { + "type": "string", + "description": "defines which image repository to use", + "default": "camunda/optimize" + }, + "tag": { + "type": "string", + "description": "can be set to overwrite the global tag, which should be used in that chart", + "default": "8.7.0-alpha2" + }, + "pullSecrets": { + "type": "array", + "description": "can be used to configure image pull secrets https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod", + "default": [], + "items": {} + } + } + }, + "migration": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, run Optimize migration script as an init container", + "default": true + }, + "env": { + "type": "array", + "description": "can be used to set environment variables for Optimize migration init container", + "default": [], + "items": {} + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "description": "", + "default": "600m" + }, + "memory": { + "type": "string", + "description": "", + "default": "1Gi" + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "description": "", + "default": "2000m" + }, + "memory": { + "type": "string", + "description": "", + "default": "2Gi" + } + } + } + } + } + } + }, + "sidecars": { + "type": "array", + "description": "can be used to attach extra containers to the optimize deployment", + "default": [], + "items": {} + }, + "contextPath": { + "type": "string", + "description": "can be used to make Optimize web application works on a custom sub-path. This is mainly used to run Camunda web applications under a single domain.", + "default": "" + }, + "configMap": { + "type": "object", + "properties": { + "defaultMode": { + "type": "number", + "description": "can be used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.", + "default": 754 + } + } + }, + "podAnnotations": { + "type": "object", + "description": "can be used to define extra Optimize pod annotations", + "default": {} + }, + "podLabels": { + "type": "object", + "description": "can be used to define extra Optimize pod labels", + "default": {} + }, + "logLevel": { + "type": "string", + "description": "configuration for the optimize runtime environment. https://docs.camunda.io/optimize/next/self-managed/optimize-deployment/configuration/logging/", + "default": "info" + }, + "upgradeLogLevel": { + "type": "string", + "description": "sets the logging level for the Optimize update log. https://docs.camunda.io/optimize/next/self-managed/optimize-deployment/configuration/logging/", + "default": "info" + }, + "esLogLevel": { + "type": "string", + "description": "sets the logging level for Elasticsearch. https://docs.camunda.io/optimize/next/self-managed/optimize-deployment/configuration/logging/", + "default": "warn" + }, + "partitionCount": { + "type": "string", + "description": "defines how many Zeebe partitions are set up in the cluster and which should be imported by Optimize", + "default": "3" + }, + "env": { + "type": "array", + "description": "can be used to set extra environment variables in each Optimize container", + "default": [], + "items": {} + }, + "envFrom": { + "type": "array", + "description": "list of environment variables to import from configMapRef and secretRef", + "default": [], + "items": {} + }, + "command": { + "type": "array", + "description": "can be used to override the default command provided by the container image. See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/", + "default": [], + "items": {} + }, + "extraVolumes": { + "type": "array", + "description": "can be used to define extra volumes for the Optimize pods, useful for tls and self-signed certificates", + "default": [], + "items": {} + }, + "extraVolumeMounts": { + "type": "array", + "description": "can be used to mount extra volumes for the Optimize pods, useful for tls and self-signed certificates", + "default": [], + "items": {} + }, + "initContainers": { + "type": "array", + "description": "can be used to set up extra init containers for the application Pod", + "default": [], + "items": {} + }, + "serviceAccount": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, enables the Optimize service account", + "default": true + }, + "name": { + "type": "string", + "description": "can be used to set the name of the Optimize service account", + "default": "" + }, + "annotations": { + "type": "object", + "description": "can be used to set the annotations of the Optimize service account", + "default": {} + }, + "automountServiceAccountToken": { + "type": "boolean", + "description": "can be used to control whether the service account token should be automatically mounted", + "default": false + } + } + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "description": "can be used to define annotations, which will be applied to the Optimize service", + "default": {} + }, + "type": { + "type": "string", + "description": "defines the type of the service https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", + "default": "ClusterIP" + }, + "port": { + "type": "number", + "description": "defines the port of the service, where the Optimize web application will be available", + "default": 80 + }, + "managementPort": { + "type": "number", + "description": "defines the port where actuator will be available. Also required to reach backup API", + "default": 8092 + } + } + }, + "podSecurityContext": { + "type": "object", + "properties": { + "runAsNonRoot": { + "type": "boolean", + "description": "", + "default": true + }, + "fsGroup": { + "type": "number", + "description": "", + "default": 1001 + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "", + "default": "RuntimeDefault" + } + } + } + } + }, + "containerSecurityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean", + "description": "", + "default": false + }, + "privileged": { + "type": "boolean", + "description": "", + "default": false + }, + "readOnlyRootFilesystem": { + "type": "boolean", + "description": "", + "default": true + }, + "runAsNonRoot": { + "type": "boolean", + "description": "", + "default": true + }, + "runAsUser": { + "type": "number", + "description": "", + "default": 1001 + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "", + "default": "RuntimeDefault" + } + } + } + } + }, + "startupProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the startup probe is enabled in app container", + "default": false + }, + "scheme": { + "type": "string", + "description": "defines the startup probe schema used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the startup probe route used on the app", + "default": "/api/readyz" + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before", + "default": 30 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often it needs to be true to be marked as ready, after failure", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered as failed so the Pod will be marked Unready", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the seconds after the probe times out", + "default": 1 + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the readiness probe is enabled in app container", + "default": true + }, + "scheme": { + "type": "string", + "description": "defines the startup probe schema used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the readiness probe route used on the app", + "default": "/api/readyz" + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before", + "default": 30 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often it needs to be true to be marked as ready, after failure", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered as failed so the Pod will be marked Unready", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the seconds after the probe times out", + "default": 1 + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true, the liveness probe is enabled in app container", + "default": false + }, + "scheme": { + "type": "string", + "description": "defines the startup probe schema used on calling the probePath", + "default": "HTTP" + }, + "probePath": { + "type": "string", + "description": "defines the liveness probe route used on the app", + "default": "/api/readyz" + }, + "initialDelaySeconds": { + "type": "number", + "description": "defines the number of seconds after the container has started before", + "default": 30 + }, + "periodSeconds": { + "type": "number", + "description": "defines how often the probe is executed", + "default": 30 + }, + "successThreshold": { + "type": "number", + "description": "defines how often it needs to be true to be considered successful after having failed", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "defines when the probe is considered as failed so the container will be restarted", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "defines the seconds after the probe times out", + "default": 1 + } + } + }, + "metrics": { + "type": "object", + "properties": { + "prometheus": { + "type": "string", + "description": "Prometheus metrics endpoint", + "default": "/actuator/prometheus" + } + } + }, + "nodeSelector": { + "type": "object", + "description": "can be used to define on which nodes the Optimize pods should run", + "default": {} + }, + "tolerations": { + "type": "array", + "description": "can be used to define pod toleration's https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", + "default": [], + "items": {} + }, + "affinity": { + "type": "object", + "description": "can be used to define pod affinity or anti-affinity https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", + "default": {} + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "description": "", + "default": "600m" + }, + "memory": { + "type": "string", + "description": "", + "default": "1Gi" + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "description": "", + "default": "2000m" + }, + "memory": { + "type": "string", + "description": "", + "default": "2Gi" + } + } + } + } + }, + "configuration": { + "type": "string", + "description": "if specified, contents will be used as the environment-config.yaml", + "default": "" + }, + "extraConfiguration": { + "type": "object", + "description": "if specified, contents will be used for any extra configuration files such as environment-logback.xml", + "default": {} + }, + "dnsPolicy": { + "type": "string", + "description": "https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy", + "default": "" + }, + "dnsConfig": { + "type": "object", + "description": "https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config", + "default": {} + } + } + }, + "elasticsearch": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "", + "default": true + }, + "global": { + "type": "object", + "properties": { + "compatibility": { + "type": "object", + "properties": { + "openshift": { + "type": "object", + "properties": { + "adaptSecurityContext": { + "type": "string", + "description": "Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: force (perform the adaptation always), disabled (do not perform adaptation)", + "default": "{{ .Values.global.compatibility.openshift.adaptSecurityContext | default \"disabled\" }}" + } + } + } + } + } + } + }, + "image": { + "type": "object", + "properties": { + "repository": { + "type": "string", + "description": "", + "default": "bitnami/elasticsearch" + }, + "tag": { + "type": "string", + "description": "", + "default": "8.17.0" + } + } + }, + "master": { + "type": "object", + "properties": { + "replicaCount": { + "type": "number", + "description": "defines number of master-elegible replicas to deploy", + "default": 3 + }, + "podAntiAffinityPreset": { + "type": "string", + "description": "defines Pod anti-affinity preset. Ignored if master.affinity is set", + "default": "hard" + }, + "containerSecurityContext": { + "type": "object", + "properties": { + "readOnlyRootFilesystem": { + "type": "boolean", + "description": "", + "default": true + } + } + }, + "masterOnly": { + "type": "boolean", + "description": "", + "default": false + }, + "heapSize": { + "type": "string", + "description": "", + "default": "1024m" + }, + "persistence": { + "type": "object", + "properties": { + "size": { + "type": "string", + "description": "", + "default": "64Gi" + } + } + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "number", + "description": "cpu request", + "default": 1 + }, + "memory": { + "type": "string", + "description": "request", + "default": "2Gi" + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "number", + "description": "cpu limit", + "default": 2 + }, + "memory": { + "type": "string", + "description": "memory limit", + "default": "2Gi" + } + } + } + } + }, + "extraEnvVars": { + "type": "array", + "description": "env", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "env" + }, + "value": { + "type": "string", + "description": "env value" + } + } + } + } + } + }, + "sysctlImage": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "", + "default": true + } + } + }, + "data": { + "type": "object", + "properties": { + "replicaCount": { + "type": "number", + "description": "", + "default": 0 + } + } + }, + "coordinating": { + "type": "object", + "properties": { + "replicaCount": { + "type": "number", + "description": "", + "default": 0 + } + } + }, + "ingest": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "", + "default": false + } + } + } + } + }, + "prometheusServiceMonitor": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "if true then a service monitor will be deployed, which allows an installed prometheus controller to scrape metrics from the deployed pods", + "default": false + }, + "labels": { + "type": "object", + "properties": { + "release": { + "type": "string", + "description": "", + "default": "metrics" + } + } + }, + "scrapeInterval": { + "type": "string", + "description": "can be set to configure the interval at which metrics should be scraped", + "default": "10s" + } + } + } + } +} \ No newline at end of file diff --git a/charts/camunda-platform-alpha/values.yaml b/charts/camunda-platform-alpha/values.yaml index 4b73537536..a96ec57482 100644 --- a/charts/camunda-platform-alpha/values.yaml +++ b/charts/camunda-platform-alpha/values.yaml @@ -56,11 +56,11 @@ global: ## @extra global.license license: ## @param global.license.key if set, it will be exposed as "CAMUNDA_LICENSE_KEY" in the apps. - key: + key: "" ## @param global.license.existingSecret you can provide an existing secret name for Camunda license secret. - existingSecret: + existingSecret: "" ## @param global.license.existingSecretKey you can provide the key within the existing secret object for Camunda license key. - existingSecretKey: + existingSecretKey: "" ## @extra global.compatibility Compatibility adaptations for Kubernetes platforms compatibility: @@ -102,7 +102,7 @@ global: ## @param global.image.registry Can be used to set container image registry. registry: "" ## @param global.image.tag defines the tag / version which should be used in the most of the apps. - tag: + tag: "" ## @param global.image.pullPolicy defines the image pull policy which should be used https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy pullPolicy: Always ## @param global.image.pullSecrets can be used to configure image pull secrets https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod @@ -153,11 +153,11 @@ global: external: false tls: enabled: false - existingSecret: + existingSecret: "" auth: - username: - password: - existingSecret: + username: "" + password: "" + existingSecret: "" existingSecretKey: "password" ## @param global.elasticsearch.disableExporter DEPRECATED: this value is not needed anymore. Use global.elasticsearch.enabled disableExporter: false @@ -191,11 +191,11 @@ global: enabled: false tls: enabled: false - existingSecret: + existingSecret: "" auth: - username: - password: - existingSecret: + username: "" + password: "" + existingSecret: "" existingSecretKey: "password" ## @extra global.opensearch.url Configuration to configure opensearch url ## @param global.opensearch.url.protocol defines the external opensearch access protocol @@ -203,7 +203,7 @@ global: ## @param global.opensearch.url.port defines the external opensearch port, under which opensearch can be accessed url: protocol: https - host: + host: "" port: 443 ## @param global.zeebeClusterName ZeebeClusterName defines the cluster name for the Zeebe cluster. All Zeebe pods get this prefix in their name and the brokers uses that as cluster name. zeebeClusterName: "{{ .Release.Name }}-zeebe" @@ -212,7 +212,7 @@ global: identity: service: ## @param global.identity.service.url - url: + url: "" keycloak: # global.identity.keycloak.internal if true, it will configure an extra service with type "ExternalName". ## @param global.identity.keycloak.internal It's useful for using existing Keycloak in another namespace with and access it with the combined Ingress. @@ -284,7 +284,7 @@ global: ## @param global.identity.auth.identity.audience defines the audience, which is used by Identity. audience: camunda-identity-resource-server ## @param global.identity.auth.identity.existingSecret can be used to reference an existing secret. This should ONLY be used for an external OIDC provider. If not set, a random secret is generated. - existingSecret: + existingSecret: "" ## @param global.identity.auth.identity.existingSecretKey defines the key within the existing secret object. existingSecretKey: identity-oidc-client-token ## @param global.identity.auth.identity.redirectUrl defines the redirect URL, which is used by the auth platform to access Identity. @@ -295,7 +295,7 @@ global: # defaults to "oid". initialClaimName: "oid" ## @param global.identity.auth.identity.initialClaimValue defines the initial claim value, which is used by Identity to configure initial mapping rules. - initialClaimValue: + initialClaimValue: "" ## @extra global.identity.auth.console configuration to configure Console authentication specifics on global level, which can be accessed by other components console: @@ -358,7 +358,7 @@ global: # Can be overwritten if ingress is in use and an external IP is available. redirectUrl: "http://localhost:8082" ## @param global.identity.auth.core.tokenScope defines the token scope, which is used by Core. - tokenScope: + tokenScope: "" ## @extra global.identity.auth.optimize configuration to configure Optimize authentication specifics on global level, which can be accessed by other components optimize: @@ -649,13 +649,13 @@ identity: ## externalDatabase: enabled: false - host: - port: - username: - database: - password: - existingSecret: - existingSecretPasswordKey: + host: "" + port: 5432 + username: "" + database: "" + password: "" + existingSecret: "" + existingSecretPasswordKey: "" ## @param identity.configuration if specified, contents will be used as the application.yaml configuration: "" @@ -709,10 +709,10 @@ identityPostgresql: database: identity ## @param identityPostgresql.auth.password Password for the non-root username ## - password: + password: "" ## @param identityPostgresql.auth.existingSecret Name of an existing secret resource containing the database credentials ## - existingSecret: + existingSecret: "" secretKeys: ## @param identityPostgresql.auth.secretKeys.adminPasswordKey defines the key within the existing secret object for PostgreSQL admin. adminPasswordKey: "postgres-password" @@ -1182,7 +1182,7 @@ webModeler: ## @param webModeler.restapi.externalDatabase.password can be used to provide the database user's password; ignored if `webModeler.restapi.externalDatabase.existingSecret` is set password: "" ## @param webModeler.restapi.externalDatabase.existingSecret can be used to provide the name of an existing secret resource containing the database password - existingSecret: + existingSecret: "" ## @param webModeler.restapi.externalDatabase.existingSecretPasswordKey can be used to provide the name of an existing secret key containing the database password existingSecretPasswordKey: "database-password" @@ -1199,7 +1199,7 @@ webModeler: ## @param webModeler.restapi.mail.smtpTlsEnabled if true, enforces TLS encryption for SMTP connections (using STARTTLS) smtpTlsEnabled: true ## @param webModeler.restapi.mail.existingSecret can be used to provide the name of an existing secret resource containing the SMTP password - existingSecret: + existingSecret: "" ## @param webModeler.restapi.mail.existingSecretPasswordKey can be used to provide the name of an existing secret key containing the SMTP password existingSecretPasswordKey: "smtp-password" ## @param webModeler.restapi.mail.fromAddress defines the email address that will be displayed as the sender of emails sent by WebModeler @@ -2200,7 +2200,7 @@ core: ## @param core.podDisruptionBudget.enabled if true a pod disruption budget is defined for the brokers enabled: false ## @param core.podDisruptionBudget.minAvailable can be used to set how many pods should be available. Be aware that if minAvailable is set, maxUnavailable will not be set (they are mutually exclusive). - minAvailable: + minAvailable: 0 ## @param core.podDisruptionBudget.maxUnavailable can be used to set how many pods should be at max. unavailable maxUnavailable: 1 @@ -2323,7 +2323,7 @@ core: index: ## @param core.index.prefix if specified, defines web apps index prefix in Elasticsearch/OpenSearch. Note, for Zeebe index prefix, use "global.elasticsearch.prefix". - prefix: + prefix: "" retention: ## @param core.retention.enabled if true, the ILM Policy is created and applied to the index templates.