-
Notifications
You must be signed in to change notification settings - Fork 26
/
values.yaml
1774 lines (1765 loc) · 89.2 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
## Default values for Onlyoffice Docs
## product.name Specifies name of the product
## This is a service variable. You don't need to change it
product:
name: onlyoffice
## Onlyoffice Docs common parameters
## This block defines common parameters for all resources
##
## Connection parameters to external services
connections:
## connections.dbType The database type
## Possible values are `postgres`, `mariadb` or `mysql`
dbType: postgres
## connections.dbHost The IP address or the name of the Database host
dbHost: postgresql
## connections.dbUser Database user
dbUser: postgres
## connections.dbPort Database server port number
dbPort: "5432"
## connections.dbName Name of the Database database the application will be connected with
## The database must already exist
dbName: postgres
## connections.dbExistingSecret Name of existing secret to use for Database passwords
## Must contain the key specified in `connections.dbSecretKeyName`
dbExistingSecret: postgresql
## connections.dbSecretKeyName The name of the key that contains the Database user password
## If you set a password in `dbPassword`, a secret will be automatically created, the key name of which will be the value set here
dbSecretKeyName: postgres-password
## connections.dbPassword Database user password
## If set to, it takes priority over the `connections.dbExistingSecret`
dbPassword: ""
## connections.redisConnectorName Defines which connector to use to connect to Redis
## If you need to connect to Redis Sentinel, set the value `ioredis`
redisConnectorName: redis
## connections.redisHost The IP address or the name of the Redis host
## Not used if values are set in `connections.redisClusterNodes`
redisHost: redis-master
## connections.redisPort The Redis server port number
## Not used if values are set in `connections.redisClusterNodes`
redisPort: "6379"
## connections.redisUser The Redis user name
## ref: https://redis.io/docs/management/security/acl/
## The value in this parameter overrides the value set in the `options` object in `local.json` if you add custom configuration file
redisUser: default
## connections.redisDBNum Number of the redis logical database to be selected
## ref: https://redis.io/commands/select/
## The value in this parameter overrides the value set in the `options` object in `local.json` if you add custom configuration file
## Not used if values are set in `connections.redisClusterNodes`
redisDBNum: "0"
## connections.redisClusterNodes List of nodes in the Redis cluster
## There is no need to specify every node in the cluster, 3 should be enough
## You can specify multiple values
## It must be specified in the `host:port` format
## Example:
## redisClusterNodes:
## - 10.244.0.79:6379
## - 192.168.1.25:6379
redisClusterNodes: []
## connections.redisExistingSecret Name of existing secret to use for Redis password
## Must contain the key specified in `connections.redisSecretKeyName`
## The password from this secret overrides the value for the password set in the `options` object in `local.json` if you add custom configuration file
redisExistingSecret: redis
## connections.redisSecretKeyName The name of the key that contains the Redis user password
## If you set a password in `redisPassword`, a secret will be automatically created, the key name of which will be the value set here
redisSecretKeyName: redis-password
## connections.redisPassword The password set for the Redis account
## If set to, it takes priority over the `connections.redisExistingSecret`
## The value in this parameter overrides the value set in the `options` object in `local.json` if you add custom configuration file
redisPassword: ""
## connections.redisNoPass Defines whether to use a Redis auth without a password
## If the connection to Redis server does not require a password, set the value to `true`
redisNoPass: false
## connections.redisSentinelGroupName Name of a group of Redis instances composed of a master and one or more slaves
## Used if `connections.redisConnectorName` is set to `ioredis`
redisSentinelGroupName: mymaster
## connections.redisSentinelExistingSecret Name of existing secret to use for Redis Sentinel password
## Must contain the key specified in `connections.redisSentinelSecretKeyName`
## The password from this secret overrides the value for the password set in the `iooptions` object in `local.json` if you add custom configuration file
redisSentinelExistingSecret: ""
## connections.redisSentinelSecretKeyName The name of the key that contains the Redis Sentinel user password
## If you set a password in `redisSentinelPassword`, a secret will be automatically created, the key name of which will be the value set here
redisSentinelSecretKeyName: sentinel-password
## connections.redisSentinelPassword The password set for the Redis Sentinel account
## If set to, it takes priority over the `connections.redisSentinelExistingSecret`
## The value in this parameter overrides the value set in the `iooptions` object in `local.json` if you add custom configuration file
redisSentinelPassword: ""
## connections.redisSentinelNoPass Defines whether to use a Redis Sentinel auth without a password
## If the connection to Redis Sentinel does not require a password, set the value to `true`
redisSentinelNoPass: true
## connections.amqpType Defines the AMQP server type
## Possible values are `rabbitmq` or `activemq`
amqpType: rabbitmq
## connections.amqpHost The IP address or the name of the AMQP server
amqpHost: rabbitmq
## connections.amqpPort The port for the connection to AMQP server
amqpPort: "5672"
## connections.amqpVhost The virtual host for the connection to AMQP server
amqpVhost: "/"
## connections.amqpUser The username for the AMQP server account
amqpUser: user
## connections.amqpProto The protocol for the connection to AMQP server
amqpProto: amqp
## connections.amqpExistingSecret The name of existing secret to use for AMQP server passwords
## Must contain the key specified in `connections.amqpSecretKeyName`
amqpExistingSecret: rabbitmq
## connections.amqpSecretKeyName The name of the key that contains the AMQP server user password
## If you set a password in `amqpPassword`, a secret will be automatically created, the key name of which will be the value set here
amqpSecretKeyName: rabbitmq-password
## connections.amqpPassword AMQP server user password
## If set to, it takes priority over the `connections.amqpExistingSecret`
amqpPassword: ""
## Web Proxy parameters
## Used if your network has a web proxy
## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs#11-run-jobs-in-a-private-k8s-cluster-optional
webProxy:
## webProxy.enabled Specify whether a Web proxy is used in your network to access the Pods of k8s cluster to the Internet
enabled: false
## webProxy.http Web Proxy address for `HTTP` traffic
http: "http://proxy.example.com"
## webProxy.https Web Proxy address for `HTTPS` traffic
https: "https://proxy.example.com"
## webProxy.noProxy Patterns for IP addresses or k8s services name or domain names that shouldn’t use the Web Proxy
noProxy: "localhost,127.0.0.1,docservice"
## privateCluster Specify whether the k8s cluster is used in a private network without internet access
## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs#11-run-jobs-in-a-private-k8s-cluster-optional
privateCluster: false
## namespaceOverride The name of the namespace in which Onlyoffice Docs will be deployed
## If not set, the name will be taken from .Release.Namespace
namespaceOverride: ""
## commonLabels Defines labels that will be additionally added to all the deployed resources
## You can also use `tpl` as the value for the key
## ref: https://helm.sh/docs/chart_best_practices/labels/
## Example:
## commonLabels:
## app.kubernetes.io/name: "{{ .Chart.Name }}"
## helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
## app.kubernetes.io/managed-by: "{{ .Release.Service }}"
## app.kubernetes.io/instance: "{{ .Release.Name }}"
## app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
commonLabels: {}
## commonAnnotations Defines annotations that will be additionally added to all the deployed resources
## You can also use `tpl` as the value for the key
## Some resources may override the values specified here with their own
## Example:
## commonAnnotations:
## "key1": "value1"
## "key2": "{{ value2 }}"
commonAnnotations: {}
## Service account parameters
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
serviceAccount:
## serviceAccount.create Enable ServiceAccount creation
create: false
## serviceAccount.name Name of the ServiceAccount to be used
## If not set and `serviceAccount.create` is `true` the name will be taken from .Release.Name
## If not set and `serviceAccount.create` is `false` the name will be "default"
name: ""
## serviceAccount.annotations Map of annotations to add to the ServiceAccount
## If set to, it takes priority over the `commonAnnotations`
## You can also use `tpl` as the value for the key
annotations: {}
## serviceAccount.automountServiceAccountToken Enable auto mount of ServiceAccountToken on the serviceAccount created
## Used only if `serviceAccount.create` is `true`
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting
automountServiceAccountToken: true
## Persistence parameters
persistence:
## persistence.existingClaim Name of an existing PVC to use
## If not specified, a PVC named "ds-files" will be created
existingClaim: ""
## persistence.annotations Defines annotations that will be additionally added to "ds-files" PVC
## If set to, it takes priority over the `commonAnnotations`
## You can also use `tpl` as the value for the key
annotations: {}
## persistence.storageClass PVC Storage Class for Onlyoffice Docs data volume
storageClass: "nfs"
## persistence.size PVC Storage Request for Onlyoffice Docs volume
size: 8Gi
## persistence.storageS3 Defines whether S3 will be used as cache storage
## Set to `true` if you will use S3 as cache storage
## If set to `true` then PVC "ds-files" will not be created
storageS3: false
## Configure a Security Context for a Pod
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
podSecurityContext:
## podSecurityContext.enabled Enable security context for the pods
## If set to true, `podSecurityContext` is enabled for all resources describing the podTemplate
enabled: false
## Converter Deployment podSecurityContext parameters
converter:
## podSecurityContext.converter.fsGroup Defines the Group ID to which the owner and permissions for all files in volumes are changed when mounted in the Converter Pod
fsGroup: 101
## Docservice Deployment podSecurityContext parameters
docservice:
## podSecurityContext.docservice.fsGroup Defines the Group ID to which the owner and permissions for all files in volumes are changed when mounted in the Docservice Pod
fsGroup: 101
## Jobs podSecurityContext parameters
jobs:
## podSecurityContext.jobs.fsGroup Defines the Group ID to which the owner and permissions for all files in volumes are changed when mounted in Pods created by Jobs
fsGroup: 101
## Example StatefulSet podSecurityContext parameters
example:
## podSecurityContext.example.fsGroup Defines the Group ID to which the owner and permissions for all files in volumes are changed when mounted in the Example Pod
fsGroup: 1001
## Tests Pod podSecurityContext parameters
tests:
## podSecurityContext.tests.fsGroup Defines the Group ID to which the owner and permissions for all files in volumes are changed when mounted in the Test Pod
fsGroup: 101
## Pod anti-affinity parameters
## Pod anti-affinity prohibits at all (required) or, if possible (preferred), placing a second pod with the same label on the same node
podAntiAffinity:
## podAntiAffinity.type Types of Pod antiaffinity. Allowed values: `soft` or `hard` (soft=preferred, hard=required)
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
type: "soft"
## podAntiAffinity.topologyKey Node label key to match
topologyKey: kubernetes.io/hostname
## podAntiAffinity.weight Priority when selecting node. It is in the range from 1 to 100. Used only when `podAntiAffinity.type=soft`
weight: "100"
## nodeSelector Node labels for pods assignment
## Each ONLYOFFICE Docs services can override the values specified here with its own
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
nodeSelector: {}
## tolerations Tolerations for pods assignment
## Each ONLYOFFICE Docs services can override the values specified here with its own
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
tolerations: []
## imagePullSecrets Container image registry secret name
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: ""
## Onlyoffice Docs service parameters
service:
## service.existing The name of an existing service for ONLYOFFICE Docs. If not set, a service named `documentserver` will be created
## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs/blob/master/templates/services/documentserver.yaml
existing: ""
## service.annotations Map of annotations to add to the ONLYOFFICE Docs service
## If set to, it takes priority over the `commonAnnotations`
## You can also use `tpl` as the value for the key
annotations: {}
## service.type ONLYOFFICE Docs service type
type: ClusterIP
## service.port ONLYOFFICE Docs service port
port: 8888
## service.sessionAffinity Session Affinity for ONLYOFFICE Docs service
## If not set, `None` will be set as the default value
## ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity
sessionAffinity: ""
## service.sessionAffinityConfig Configuration for ONLYOFFICE Docs service Session Affinity
## Used if the `service.sessionAffinity` is set
## ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-stickiness-timeout
## Example:
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 900
sessionAffinityConfig: {}
## Onlyoffice Docs license
license:
## license.existingSecret Name of the existing secret that contains the license
## Must contain the key `license.lic`
existingSecret: ""
## license.existingClaim Name of the existing PVC in which the license is stored
## Must contain the file `license.lic`
existingClaim: ""
## Onlyoffice Docs logging parameters
log:
## log.level Defines the type and severity of a logged event
## Possible values are `ALL`, `TRACE`, `DEBUG`, `INFO`, `WARN`, `ERROR`, `FATAL`, `MARK`, `OFF`
level: WARN
## log.type Defines the format of a logged event
## Possible values are `pattern`, `json`, `basic`, `coloured`, `messagePassThrough`, `dummy`
type: pattern
## log.pattern Defines the log pattern if `log.type=pattern`
## ref: https://github.com/log4js-node/log4js-node/blob/master/docs/layouts.md#pattern-format
pattern: "[%d] [%p] [%X{DOCID}] [%X{USERID}] %c - %.10000m"
## wopi.enabled Defines if `WOPI` is enabled
## If the parameter is enabled, then caching attributes for the mounted directory (`PVC`) should be disabled for the client
wopi:
enabled: false
## Onlyoffice Docs metrics parameters
## StatsD is used as an intermediate metric collector
metrics:
## metrics.enabled Specifies the enabling StatsD for ONLYOFFICE Docs
enabled: false
## metrics.host Defines StatsD listening host
host: statsd-exporter-prometheus-statsd-exporter
## metrics.port Defines StatsD listening port
port: "8125"
## metrics.prefix Defines StatsD metrics prefix for backend services
prefix: ds.
## JSON Web Token parameters
jwt:
## jwt.enabled Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Docs
## Common for inbox and outbox requests
enabled: true
## jwt.secret Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Docs
## Common for inbox and outbox requests
secret: "MYSECRET"
## jwt.header Defines the http header that will be used to send the JSON Web Token
## Common for inbox and outbox requests
header: "Authorization"
## jwt.inBody Specifies the enabling the token validation in the request body to the ONLYOFFICE Docs
inBody: false
## jwt.inbox JSON Web Token validation parameters for inbox requests only
## jwt.outbox JSON Web Token validation parameters for outbox requests only
## If not specified, the values of the parameters of the common `jwt` are used
## Example:
## inbox:
## enabled: true
## secret: "MYSECRET"
## header: "Authorization"
inbox: {}
## outbox:
## enabled: true
## secret: "MYSECRET"
## header: "Authorization"
outbox: {}
## jwt.existingSecret The name of an existing secret containing variables for jwt
## If not specified, a secret named `jwt` will be created
existingSecret: ""
## Config for overriding default values
extraConf:
## extraConf.configMap The name of the ConfigMap containing the json file that override the default values
configMap: ""
## extraConf.filename The name of the json file that contains custom values
## Must be the same as the `key` name in `extraConf.ConfigMap`
filename: local.json
## Additional customers interface themes
extraThemes:
## extraThemes.configMap The name of the ConfigMap containing the json file that contains the interface themes
configMap: ""
## extraThemes.filename The name of the json file that contains custom interface themes
## Must be the same as the `key` name in `extraThemes.configMap`
filename: custom-themes.json
## sqlScripts.branchName The name of the repository branch from which sql scripts will be downloaded
## ref: https://github.com/ONLYOFFICE/server/tree/master/schema
sqlScripts:
branchName: master
## Onlyoffice Docs request-filtering-agent parameters
## These parameters are used if JWT is disabled: `jwt.enabled=false`
requestFilteringAgent:
## requestFilteringAgent.allowPrivateIPAddress Defines if it is allowed to connect private IP address or not
allowPrivateIPAddress: false
## requestFilteringAgent.allowMetaIPAddress Defines if it is allowed to connect meta address or not
allowMetaIPAddress: false
## requestFilteringAgent.allowIPAddressList Defines the list of IP addresses allowed to connect
## This values are preferred than `requestFilteringAgent.denyIPAddressList`
## Example:
## allowIPAddressList:
## - 10.244.0.79
## - 192.168.1.25
allowIPAddressList: []
## requestFilteringAgent.denyIPAddressList Defines the list of IP addresses allowed to connect
## Example:
## denyIPAddressList:
## - 10.244.0.80
denyIPAddressList: []
## Onlyoffice Docs Docservice Deployment parameters
## This block defines the parameters common to all the Pods of this deployment
##
docservice:
## docservice.annotations Defines annotations that will be additionally added to Docservice Deployment
## If set to, it takes priority over the `commonAnnotations`
## You can also use `tpl` as the value for the key
annotations: {}
## docservice.podAnnotations Map of annotations to add to the Docservice deployment pods
podAnnotations:
rollme: "{{ randAlphaNum 5 | quote }}"
## docservice.replicas Number of Docservice replicas to deploy
## If the `docservice.autoscaling.enabled` parameter is enabled, it is ignored
replicas: 2
## Update strategy used to replace old Pods by new ones. Allowed values: `RollingUpdate` or `Recreate`
## For Docservice deployment, it is recommended to use the `Recreate` type
## docservice.updateStrategy.type Docservice deployment update strategy type
updateStrategy:
type: Recreate
## docservice.customPodAntiAffinity Prohibiting the scheduling of Docservice Pods relative to other Pods containing the specified labels on the same node
## Example:
## customPodAntiAffinity:
## requiredDuringSchedulingIgnoredDuringExecution:
## - labelSelector:
## matchExpressions:
## - key: app
## operator: In
## values:
## - converter
## topologyKey: kubernetes.io/hostname
customPodAntiAffinity: {}
## Pod affinity rules for Docservice Pods scheduling by nodes relative to other Pods
## Pod affinity allow you to constrain which nodes Docservice Pods can be scheduled on based on the labels of Pods already running on that node
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Example:
## podAffinity:
## requiredDuringSchedulingIgnoredDuringExecution:
## - labelSelector:
## matchExpressions:
## - key: app
## operator: In
## values:
## - store
## topologyKey: topology.kubernetes.io/zone
podAffinity: {}
## Node affinity rules for Docservice Pods scheduling by nodes
## Node affinity allow you to constrain which nodes Docservice Pod can be scheduled on based on node labels
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## Example:
## nodeAffinity:
## preferredDuringSchedulingIgnoredDuringExecution:
## - weight: 100
## preference:
## matchExpressions:
## - key: kubernetes.io/name
## operator: In
## values:
## - name1
## - name2
nodeAffinity: {}
## docservice.nodeSelector Node labels for Docservice Pods assignment
## If set to, it takes priority over the `nodeSelector`
nodeSelector: {}
## docservice.tolerations Tolerations for Docservice Pods assignment
## If set to, it takes priority over the `tolerations`
tolerations: []
## Horizontal Pod Autoscaling parameters
## Horizontal Pod Autoscaling is used for autoscaling of the Docservice deployment
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
## The parameters below for autoscaling are used only when `docservice.autoscaling.enabled=true`
autoscaling:
## docservice.autoscaling.enabled Enable Docservice deployment autoscaling
enabled: false
## docservice.autoscaling.annotations Defines annotations that will be additionally added to Docservice deployment HPA
## If set to, it takes priority over the `commonAnnotations`
## You can also use `tpl` as the value for the key
annotations: {}
## docservice.autoscaling.minReplicas Docservice deployment autoscaling minimum number of replicas
minReplicas: 2
## docservice.autoscaling.maxReplicas Docservice deployment autoscaling maximum number of replicas
maxReplicas: 4
targetCPU:
## docservice.autoscaling.targetCPU.enabled Enable autoscaling of Docservice deployment by CPU usage percentage
enabled: true
## docservice.autoscaling.targetCPU.utilizationPercentage Docservice deployment autoscaling target CPU percentage
utilizationPercentage: 70
targetMemory:
## docservice.autoscaling.targetMemory.enabled Enable autoscaling of Docservice deployment by memory usage percentage
enabled: false
## docservice.autoscaling.targetMemory.utilizationPercentage Docservice deployment autoscaling target memory percentage
utilizationPercentage: 70
## docservice.autoscaling.customMetricsType Custom, additional or external autoscaling metrics for the Docservice deployment
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics
## Example:
## customMetricsType:
## - type: Object
## object:
## metric:
## name: requests-per-second
## describedObject:
## apiVersion: networking.k8s.io/v1
## kind: Ingress
## name: main-route
## target:
## type: Value
## value: 2k
customMetricsType: []
## docservice.autoscaling.behavior Configuring Docservice deployment scaling behavior policies for the `scaleDown` and `scaleUp` fields
## If not set the default values are used:
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#default-behavior
## Example:
## behavior:
## scaleDown:
## stabilizationWindowSeconds: 300
## policies:
## - type: Pods
## value: 4
## periodSeconds: 60
## scaleUp:
## stabilizationWindowSeconds: 0
## policies:
## - type: Percent
## value: 70
## periodSeconds: 15
## selectPolicy: Max
behavior: {}
## docservice.terminationGracePeriodSeconds The time to terminate gracefully during which the Docservice Pod will have the `Terminating` status
terminationGracePeriodSeconds: 30
## Docservice initContainers parameters
## Containers that run before docservice and proxy containers in a Pod
## ref:https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## Example:
## initContainers:
## - name: change-volume-owner
## image: busybox:latest
## command: ['chown', '-R', '101:101', '/var/lib/onlyoffice/documentserver/App_Data/cache/files']
## volumeMounts:
## - name: ds-files
## mountPath: /var/lib/onlyoffice/documentserver/App_Data/cache/files
initContainers: []
## docservice.extraVolumes An array with extra volumes for the docservice Pod
## Example:
## extraVolumes:
## - name: my-volume
## configMap:
## name: my-cm
extraVolumes: []
## Parameters of the docservice container of the Docservice deployment
##
image:
## docservice.image.repository docservice container image repository
## For more information, see after the Parameters table
## https://github.com/ONLYOFFICE/Kubernetes-Docs#4-parameters
repository: onlyoffice/docs-docservice-de
## docservice.image.tag docservice container image tag
tag: 8.2.2-1
## docservice.image.pullPolicy docservice container image pull policy
pullPolicy: IfNotPresent
## Configure a Security Context for the Docservice container
containerSecurityContext:
## docservice.containerSecurityContext.enabled Enable security context for the Docservice container
enabled: false
## docservice.containerSecurityContext.runAsUser User ID for the Docservice container
runAsUser: 101
## docservice.containerSecurityContext.runAsGroup Group ID for the Docservice container
runAsGroup: 101
## docservice.containerSecurityContext.runAsNonRoot Require that the container will run with a user with UID other than 0
runAsNonRoot: true
## docservice.containerSecurityContext.allowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process
allowPrivilegeEscalation: false
## docservice.containerSecurityContext.seccompProfile Defines the Seccomp profile for the Docservice container
seccompProfile:
type: RuntimeDefault
## docservice.containerSecurityContext.capabilities Defines the privileges granted to the process
capabilities:
drop: ["ALL"]
## docservice.lifecycleHooks Defines the Docservice container lifecycle hooks
## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
## It is used to trigger events to run at certain points in a container's lifecycle
## There are two hooks that are exposed: `PostStart` and `PreStop`
## Example:
## lifecycleHooks:
## preStop:
## exec:
## command: ["/bin/sh", "-c", "sleep 25"]
lifecycleHooks: {}
## docservice.containerPorts.http docservice container port
containerPorts:
http: 8000
## Probe used for the docservice container: startup, readiness and liveness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
## The parameters below for startup probes are used only when `docservice.startupProbe.enabled=true`
startupProbe:
## docservice.startupProbe.enabled Enable startupProbe for docservice container
enabled: true
httpGet:
## docservice.startupProbe.httpGet.path Checking the path for startupProbe
path: /index.html
## docservice.startupProbe.httpGet.port Checking the port for startupProbe
port: 8000
## docservice.startupProbe.failureThreshold Failure threshold for startupProbe
failureThreshold: 30
## docservice.startupProbe.periodSeconds Period seconds for startupProbe
periodSeconds: 10
## The parameters below for readiness probes are used only when `docservice.readinessProbe.enabled=true`
readinessProbe:
## docservice.readinessProbe.enabled Enable readinessProbe for docservice container
enabled: true
## docservice.readinessProbe.failureThreshold Failure threshold for readinessProbe
failureThreshold: 2
httpGet:
## docservice.readinessProbe.httpGet.path Checking the path for readinessProbe
path: /index.html
## docservice.readinessProbe.httpGet.port Checking the port for readinessProbe
port: 8000
## docservice.readinessProbe.periodSeconds Period seconds for readinessProbe
periodSeconds: 10
## docservice.readinessProbe.successThreshold Success threshold for readinessProbe
successThreshold: 1
## docservice.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
timeoutSeconds: 3
## The parameters below for liveness probes are used only when `docservice.livenessProbe.enabled=true`
livenessProbe:
## docservice.livenessProbe.enabled Enable livenessProbe for docservice container
enabled: true
## docservice.livenessProbe.failureThreshold Failure threshold for livenessProbe
failureThreshold: 3
httpGet:
## docservice.livenessProbe.httpGet.path Checking the path for livenessProbe
path: /index.html
## docservice.livenessProbe.httpGet.port Checking the port for livenessProbe
port: 8000
## docservice.livenessProbe.periodSeconds Period seconds for livenessProbe
periodSeconds: 10
## docservice.livenessProbe.successThreshold Success threshold for livenessProbe
successThreshold: 1
## docservice.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
timeoutSeconds: 3
## docservice container resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
## docservice.resources.requests The requested resources for the docservice container
## docservice.resources.limits The resources limits for the docservice container
resources:
## Example:
## requests:
## memory: "256Mi"
## cpu: "100m"
requests: {}
## limits:
## memory: "2Gi"
## cpu: "1000m"
limits: {}
## docservice.extraEnvVars An array with extra env variables for the Docservice container
## Example:
## extraEnvVars:
## - name: my_env
## value: "my_value"
extraEnvVars: []
## docservice.extraVolumeMounts An array with extra volume mounts for the Docservice container
## Example:
## extraVolumeMounts:
## - name: my-volume
## mountPath: /my_dir/my_cm.txt
## subPath: my_cm.txt
extraVolumeMounts: []
## Parameters of the proxy container of the Docservice deployment
##
proxy:
## proxy.accessLog Defines the nginx config access_log format directive
## ref: https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
## Example:
## accessLog: "main"
accessLog: "off"
## proxy.logFormat Defines the format of log entries using text and various variables
## ref: https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format
## Example:
## logFormat:
## - '$remote_addr - $remote_user [$time_local] "$request" '
## - '$status $body_bytes_sent "$http_referer" '
## - '"$http_user_agent" "$http_x_forwarded_for" $request_time'
logFormat: []
## proxy.gzipProxied Defines the nginx config gzip_proxied directive
## ref: https://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_proxied
gzipProxied: "off"
## proxy.clientMaxBodySize Defines the nginx config client_max_body_size directive
## ref: https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
clientMaxBodySize: "100m"
## proxy.workerConnections Defines the nginx config worker_connections directive
## ref: https://nginx.org/en/docs/ngx_core_module.html#worker_connections
workerConnections: "4096"
## proxy.secureLinkSecret Defines secret for the nginx config directive secure_link_md5
## ref: https://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link_md5
secureLinkSecret: verysecretstring
## proxy.infoAllowedIP Defines ip addresses for accessing the info page
## Example:
## infoAllowedIP:
## - 10.244.0.79
## - 192.168.1.0/24
infoAllowedIP: []
## proxy.infoAllowedUser Defines user name for accessing the info page
## If not set to, Nginx Basic Authentication will not be applied to access the info page
## ref: https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html
## For more details, see here:
## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs#12-access-to-the-info-page-optional
infoAllowedUser: ""
## proxy.infoAllowedSecretKeyName The name of the key that contains the info auth user password
## Used if `proxy.infoAllowedUser` is set
infoAllowedSecretKeyName: info-auth-password
## proxy.infoAllowedExistingSecret Name of existing secret to use for info auth password
## Used if `proxy.infoAllowedUser` is set
## Must contain the key specified in `proxy.infoAllowedSecretKeyName`
## If set to, it takes priority over the `proxy.infoAllowedPassword`
infoAllowedExistingSecret: ""
## proxy.infoAllowedPassword Defines user password for accessing the info page
## Used if `proxy.infoAllowedUser` is set
infoAllowedPassword: "password"
## proxy.welcomePage.enabled Defines whether the welcome page will be displayed
welcomePage:
enabled: true
image:
## proxy.image.repository proxy container image repository
## For more information, see after the Parameters table
## https://github.com/ONLYOFFICE/Kubernetes-Docs#4-parameters
repository: onlyoffice/docs-proxy-de
## proxy.image.tag proxy container image tag
tag: 8.2.2-1
## proxy.image.pullPolicy proxy container image pull policy
pullPolicy: IfNotPresent
## Configure a Security Context for the Proxy container
containerSecurityContext:
## proxy.containerSecurityContext.enabled Enable security context for the Proxy container
enabled: false
## proxy.containerSecurityContext.runAsUser User ID for the Proxy container
runAsUser: 101
## proxy.containerSecurityContext.runAsGroup Group ID for the Proxy container
runAsGroup: 101
## proxy.containerSecurityContext.runAsNonRoot Require that the container will run with a user with UID other than 0
runAsNonRoot: true
## proxy.containerSecurityContext.allowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process
allowPrivilegeEscalation: false
## proxy.containerSecurityContext.seccompProfile Defines the Seccomp profile for the Proxy container
seccompProfile:
type: RuntimeDefault
## proxy.containerSecurityContext.capabilities Defines the privileges granted to the process
capabilities:
drop: ["ALL"]
## proxy.lifecycleHooks Defines the Proxy container lifecycle hooks
## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
## It is used to trigger events to run at certain points in a container's lifecycle
## There are two hooks that are exposed: `PostStart` and `PreStop`
## Example:
## lifecycleHooks:
## preStop:
## exec:
## command: ["/bin/sh", "-c", "sleep 25"]
lifecycleHooks: {}
## proxy.containerPorts.http proxy container port
containerPorts:
http: 8888
## Probe used for the proxy container: startup, readiness and liveness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
## The parameters below for startup probes are used only when `proxy.startupProbe.enabled=true`
startupProbe:
## proxy.startupProbe.enabled Enable startupProbe for proxy container
enabled: true
httpGet:
## proxy.startupProbe.httpGet.path Checking the path for startupProbe
path: /index.html
## proxy.startupProbe.httpGet.port Checking the port for startupProbe
port: 8888
## proxy.startupProbe.failureThreshold Failure threshold for startupProbe
failureThreshold: 30
## proxy.startupProbe.periodSeconds Period seconds for startupProbe
periodSeconds: 10
## The parameters below for readiness probes are used only when `proxy.readinessProbe.enabled=true`
readinessProbe:
## proxy.readinessProbe.enabled Enable readinessProbe for proxy container
enabled: true
## proxy.readinessProbe.failureThreshold Failure threshold for readinessProbe
failureThreshold: 2
httpGet:
## proxy.readinessProbe.httpGet.path Checking the path for readinessProbe
path: /index.html
## proxy.readinessProbe.httpGet.port Checking the port for readinessProbe
port: 8888
## proxy.readinessProbe.periodSeconds Period seconds for readinessProbe
periodSeconds: 10
## proxy.readinessProbe.successThreshold Success threshold for readinessProbe
successThreshold: 1
## proxy.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
timeoutSeconds: 3
## The parameters below for liveness probes are used only when `proxy.livenessProbe.enabled=true`
livenessProbe:
## proxy.livenessProbe.enabled Enable livenessProbe for proxy container
enabled: true
## proxy.livenessProbe.failureThreshold Failure threshold for livenessProbe
failureThreshold: 3
httpGet:
## proxy.livenessProbe.httpGet.path Checking the path for livenessProbe
path: /index.html
## proxy.livenessProbe.httpGet.port Checking the port for livenessProbe
port: 8888
## proxy.livenessProbe.periodSeconds Period seconds for livenessProbe
periodSeconds: 10
## proxy.livenessProbe.successThreshold Success threshold for livenessProbe
successThreshold: 1
## proxy.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
timeoutSeconds: 3
## proxy container resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
## proxy.resources.requests The requested resources for the proxy container
## proxy.resources.limits The resources limits for the proxy container
resources:
## Example:
## requests:
## memory: "256Mi"
## cpu: "100m"
requests: {}
## limits:
## memory: "2Gi"
## cpu: "1000m"
limits: {}
## proxy.extraEnvVars An array with extra env variables for the Proxy container
## Example:
## extraEnvVars:
## - name: my_env
## value: "my_value"
extraEnvVars: []
## proxy.extraVolumeMounts An array with extra volume mounts for the Proxy container
## Example:
## extraVolumeMounts:
## - name: my-volume
## mountPath: /my_dir/my_cm.txt
## subPath: my_cm.txt
extraVolumeMounts: []
## Onlyoffice Docs Converter Deployment parameters
## This block defines the parameters common to all the Pods of this deployment
##
converter:
## converter.annotations Defines annotations that will be additionally added to Converter Deployment
## If set to, it takes priority over the `commonAnnotations`
## You can also use `tpl` as the value for the key
annotations: {}
## converter.podAnnotations Map of annotations to add to the Converter deployment pods
podAnnotations:
rollme: "{{ randAlphaNum 5 | quote }}"
## converter.replicas Number of Converter replicas to deploy
## If the `converter.autoscaling.enabled` parameter is enabled, it is ignored
replicas: 2
## Update strategy used to replace old Pods by new ones. Allowed values: `RollingUpdate` or `Recreate`
## converter.updateStrategy.type Docservice deployment update strategy type
updateStrategy:
type: Recreate
## converter.customPodAntiAffinity Prohibiting the scheduling of Converter Pods relative to other Pods containing the specified labels on the same node
## Example:
## customPodAntiAffinity:
## requiredDuringSchedulingIgnoredDuringExecution:
## - labelSelector:
## matchExpressions:
## - key: app
## operator: In
## values:
## - docservice
## topologyKey: kubernetes.io/hostname
customPodAntiAffinity: {}
## Pod affinity rules for Converter Pods scheduling by nodes relative to other Pods
## Pod affinity allow you to constrain which nodes Converter Pod can be scheduled on based on the labels of Pods already running on that node
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Example:
## podAffinity:
## preferredDuringSchedulingIgnoredDuringExecution:
## - weight: 100
## podAffinityTerm:
## labelSelector:
## matchExpressions:
## - key: app
## operator: NotIn
## values:
## - database
## topologyKey: kubernetes.io/hostname
podAffinity: {}
## Node affinity rules for Converter Pods scheduling by nodes
## Node affinity allow you to constrain which nodes Converter Pod can be scheduled on based on node labels
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## Example:
## nodeAffinity:
## requiredDuringSchedulingIgnoredDuringExecution:
## nodeSelectorTerms:
## - matchExpressions:
## - key: topology.kubernetes.io/zone
## operator: In
## values:
## - zone1
## - zone2
nodeAffinity: {}
## converter.nodeSelector Node labels for Converter Pods assignment
## If set to, it takes priority over the `nodeSelector`
nodeSelector: {}
## converter.tolerations Tolerations for Converter Pods assignment
## If set to, it takes priority over the `tolerations`
tolerations: []
## Horizontal Pod Autoscaling parameters
## Horizontal Pod Autoscaling is used for autoscaling of the Converter deployment
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
## The parameters below for autoscaling are used only when `converter.autoscaling.enabled=true`
autoscaling:
## converter.autoscaling.enabled Enable Converter deployment autoscaling
enabled: false
## converter.autoscaling.annotations Defines annotations that will be additionally added to Converter deployment HPA
## If set to, it takes priority over the `commonAnnotations`
## You can also use `tpl` as the value for the key
annotations: {}
## converter.autoscaling.minReplicas Converter deployment autoscaling minimum number of replicas
minReplicas: 2
## converter.autoscaling.maxReplicas Converter deployment autoscaling maximum number of replicas
maxReplicas: 16
targetCPU:
## converter.autoscaling.targetCPU.enabled Enable autoscaling of Converter deployment by CPU usage percentage
enabled: true
## converter.autoscaling.targetCPU.utilizationPercentage Converter deployment autoscaling target CPU percentage
utilizationPercentage: 70
targetMemory:
## converter.autoscaling.targetMemory.enabled Enable autoscaling of Converter deployment by memory usage percentage
enabled: false
## converter.autoscaling.targetMemory.utilizationPercentage Converter deployment autoscaling target memory percentage
utilizationPercentage: 70
## converter.autoscaling.customMetricsType Custom, additional or external autoscaling metrics for the Converter deployment
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics
## Example:
## customMetricsType:
## - type: Pods
## pods:
## metric:
## name: packets-per-second
## target:
## type: AverageValue
## averageValue: 1k
customMetricsType: []
## converter.autoscaling.behavior Configuring Converter deployment scaling behavior policies for the `scaleDown` and `scaleUp` fields
## If not set the default values are used:
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#default-behavior
## Example:
## behavior:
## scaleDown:
## stabilizationWindowSeconds: 300
## policies:
## - type: Percent
## value: 10
## periodSeconds: 60
## scaleUp:
## stabilizationWindowSeconds: 0
## policies:
## - type: Percent
## value: 10
## periodSeconds: 15
## - type: Pods
## value: 2
## periodSeconds: 15
## selectPolicy: Max
behavior: {}
## converter.terminationGracePeriodSeconds The time to terminate gracefully during which the Converter Pod will have the `Terminating` status
terminationGracePeriodSeconds: 30
## Converter initContainers parameters
## Containers that run before converter container in a Pod
## ref:https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## Example:
## initContainers:
## - name: change-volume-owner
## image: busybox:latest
## command: ['chown', '-R', '101:101', '/var/lib/onlyoffice/documentserver/App_Data/cache/files']
## volumeMounts:
## - name: ds-files
## mountPath: /var/lib/onlyoffice/documentserver/App_Data/cache/files
initContainers: []
## converter.extraVolumes An array with extra volumes for the Converter Pod
## Example:
## extraVolumes:
## - name: my-volume
## configMap:
## name: my-cm
extraVolumes: []
## Converter container image parameters
image:
## converter.image.repository converter container image repository
## For more information, see after the Parameters table
## https://github.com/ONLYOFFICE/Kubernetes-Docs#4-parameters
repository: onlyoffice/docs-converter-de
## converter.image.tag converter container image tag
tag: 8.2.2-1
## converter.image.pullPolicy converter container image pull policy
pullPolicy: IfNotPresent
## Configure a Security Context for the Converter container
containerSecurityContext:
## converter.containerSecurityContext.enabled Enable security context for the Converter container
enabled: false
## converter.containerSecurityContext.runAsUser User ID for the Converter container
runAsUser: 101
## converter.containerSecurityContext.runAsGroup Group ID for the Converter container
runAsGroup: 101
## converter.containerSecurityContext.runAsNonRoot Require that the container will run with a user with UID other than 0
runAsNonRoot: true
## converter.containerSecurityContext.allowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process
allowPrivilegeEscalation: false
## converter.containerSecurityContext.seccompProfile Defines the Seccomp profile for the Converter container
seccompProfile:
type: RuntimeDefault
## converter.containerSecurityContext.capabilities Defines the privileges granted to the process
capabilities:
drop: ["ALL"]
## converter.lifecycleHooks Defines the Converter container lifecycle hooks
## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
## It is used to trigger events to run at certain points in a container's lifecycle
## There are two hooks that are exposed: `PostStart` and `PreStop`
## Example:
## lifecycleHooks:
## preStop:
## exec:
## command: ["/bin/sh", "-c", "sleep 25"]
lifecycleHooks: {}
## converter container resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
## converter.resources.requests The requested resources for the converter container
## converter.resources.limits The resources limits for the converter container
resources:
## Example:
## requests:
## memory: "256Mi"
## cpu: "200m"
requests: {}
## limits:
## memory: "2Gi"
## cpu: "1000m"
limits: {}
## converter.extraEnvVars An array with extra env variables for the Converter container
## Example:
## extraEnvVars:
## - name: my_env
## value: "my_value"
extraEnvVars: []
## converter.extraVolumeMounts An array with extra volume mounts for the Converter container
## Example: