diff --git a/charts/document-engine/CHANGELOG.md b/charts/document-engine/CHANGELOG.md index 4c0ca94..94860f5 100644 --- a/charts/document-engine/CHANGELOG.md +++ b/charts/document-engine/CHANGELOG.md @@ -1,34 +1,38 @@ # Changelog - [Changelog](#changelog) - - [3.0.4 (2024-08-21)](#304-2024-08-21) + - [3.0.6 (2024-08-22)](#306-2024-08-22) - [Changed](#changed) + - [3.0.5 (2024-08-21)](#305-2024-08-21) + - [Fixed](#fixed) + - [3.0.4 (2024-08-21)](#304-2024-08-21) + - [Changed](#changed-1) - [Added](#added) - [2.9.3 (2024-08-16)](#293-2024-08-16) - - [Fixed](#fixed) + - [Fixed](#fixed-1) - [2.9.2 (2024-08-13)](#292-2024-08-13) - - [Changed](#changed-1) + - [Changed](#changed-2) - [2.9.1 (2024-08-10)](#291-2024-08-10) - [Added](#added-1) - - [Changed](#changed-2) + - [Changed](#changed-3) - [2.9.0 (2024-08-01)](#290-2024-08-01) - [Added](#added-2) - - [Changed](#changed-3) - - [Fixed](#fixed-1) - - [2.8.0](#280) - - [Added](#added-3) - [Changed](#changed-4) - [Fixed](#fixed-2) - - [2.7.3](#273) + - [2.8.0](#280) + - [Added](#added-3) - [Changed](#changed-5) - [Fixed](#fixed-3) - - [2.7.2](#272) + - [2.7.3](#273) + - [Changed](#changed-6) - [Fixed](#fixed-4) + - [2.7.2](#272) + - [Fixed](#fixed-5) - [2.7.0](#270) - - [Changed](#changed-6) + - [Changed](#changed-7) - [2.6.2](#262) - [Added](#added-4) - - [Changed](#changed-7) + - [Changed](#changed-8) - [2.6.0](#260) - [Added](#added-5) - [2.4.0](#240) @@ -38,9 +42,21 @@ - [2.2.0](#220) - [Added](#added-8) - [2.1.0](#210) - - [Changed](#changed-8) - - [2.0.0](#200) - [Changed](#changed-9) + - [2.0.0](#200) + - [Changed](#changed-10) + +## 3.0.6 (2024-08-22) + +### Changed + +* Documentation cleanup + +## 3.0.5 (2024-08-21) + +### Fixed + +* Commit mistake correction ## 3.0.4 (2024-08-21) diff --git a/charts/document-engine/Chart.yaml b/charts/document-engine/Chart.yaml index 70754a2..2be0870 100644 --- a/charts/document-engine/Chart.yaml +++ b/charts/document-engine/Chart.yaml @@ -4,7 +4,7 @@ type: application description: Document Engine is a backend software for processing documents and powering automation workflows. home: https://pspdfkit.com/guides/document-engine/ icon: data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMTAwMCIgaGVpZ2h0PSIxMDAwIiB2aWV3Qm94PSIwIDAgMTAwMCAxMDAwIiBmaWxsPSJub25lIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgo8cGF0aCBkPSJNMzQyLjU2NyA2NTguNjEyTDMyOS40OTYgNjY1LjkxNUwzMzguNzk5IDY1NC4yODZDMzk5LjMxIDU3OS44NDIgNDMzLjAyNiA0ODcuMjExIDQzNC41MjggMzkxLjI4OEw0MzQuNzYgMzc2LjMxTDQ0MC4xMSAzOTAuMjY1QzQ3NC40MDUgNDc5LjkzMiA1MzcuODc4IDU1NS40NDggNjIwLjMxIDYwNC42NTRMNjMzLjE0OCA2MTIuMzI5TDYxOC4zNTYgNjA5Ljk1N0M1MjMuNTcxIDU5NC43NTYgNDI2LjQyOCA2MTEuODk0IDM0Mi41NjcgNjU4LjYxMloiIGZpbGw9IiMxOTBEOTQiLz4KPHBhdGggZD0iTTU1NC41MTkgNTU2LjM2N0M0NzMuMzk2IDQ0Mi4wMzMgNDg3LjMwNCAzNzYuODY1IDUwOS44NjQgMjg5Ljc4OEM1MzYuNjExIDE4Ni41MjQgNDczLjM1IDg0LjA1MDUgMzYyLjU5NyAxMTQuNDI1QzMxMy41MjMgMTI3LjkxNCAyOTYuMTczIDE2MS4zMTIgMjkwLjAzMyAxODQuNzU2QzI1OS45ODQgMjk3Ljc4OSA0MzguMjMxIDQ2Ni4xNzQgNTU0LjUxOSA1NTYuMzY3WiIgZmlsbD0iIzVFNUNFQiIvPgo8cGF0aCBkPSJNMjE3LjEwMyA2NDQuMTg2QzExNC4zMDQgNjcyLjY1NCA1Ny4xODM1IDc3OC43NTUgMTM4Ljg2NSA4NTkuNDEzQzE3NS4wNTMgODk1LjEzNyAyMTIuNjM4IDg5My40NjIgMjM2LjAzNSA4ODcuMzIyQzM0OC45MjggODU2Ljc2MiA0MDUuNjMgNjE4LjE4NCA0MjUuNjMyIDQ3Mi40MDVDMzY3LjE2MiA1OTkuNjI1IDMwMy45OTQgNjIwLjE4NCAyMTcuMTAzIDY0NC4xODZaIiBmaWxsPSIjNUU1Q0VCIi8+CjxwYXRoIGQ9Ik04NzEuNDggNTgyLjY1MUM3ODguNTQzIDUwMC4xNzkgNTUzLjU5NCA1NzAuMzI0IDQxNy4zNSA2MjUuOTFDNTU2Ljg5NiA2MTIuODM5IDYwNi4zODkgNjU3LjQ0OCA2NzAuNTMzIDcyMC41MjJDNzQ2LjU4NiA3OTUuMzE5IDg2Ni45NjggNzkxLjczNyA4OTYuMDQgNjgwLjY1OUM5MDguNjkyIDYzMS40NDUgODg4LjQ1OCA1OTkuNzIyIDg3MS40OCA1ODIuNjUxWiIgZmlsbD0iIzVFNUNFQiIvPgo8L3N2Zz4K -version: 3.0.5 +version: 3.0.6 appVersion: "1.4.1" keywords: diff --git a/charts/document-engine/README.md b/charts/document-engine/README.md index 3aa53c2..0428284 100644 --- a/charts/document-engine/README.md +++ b/charts/document-engine/README.md @@ -1,11 +1,33 @@ # Document Engine Helm chart -![Version: 3.0.5](https://img.shields.io/badge/Version-3.0.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.1](https://img.shields.io/badge/AppVersion-1.4.1-informational?style=flat-square) +![Version: 3.0.6](https://img.shields.io/badge/Version-3.0.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.1](https://img.shields.io/badge/AppVersion-1.4.1-informational?style=flat-square) Document Engine is a backend software for processing documents and powering automation workflows. **Homepage:** +* [Using this chart](#using-this-chart) +* [Values](#values) + * [Document Engine License](#document-engine-license) + * [API authentication](#api-authentication) + * [Configuration options](#configuration-options) + * [Certificate trust](#certificate-trust) + * [Database](#database) + * [Document lifecycle](#document-lifecycle) + * [Asset storage](#asset-storage) + * [Digital signatures](#digital-signatures) + * [Dashboard](#dashboard) + * [Environment](#environment) + * [Metadata](#metadata) + * [Networking](#networking) + * [Observability](#observability) + * [Pod lifecycle](#pod-lifecycle) + * [Scheduling](#scheduling) + * [Chart dependencies](#chart-dependencies) +* [Contribution](#contribution) +* [License](#license) +* [Support, Issues and License Questions](#support-issues-and-license-questions) + ## Maintainers | Name | Email | Url | @@ -46,262 +68,271 @@ The chart depends upon [Bitnami](https://github.com/bitnami/charts/tree/main/bit ## Values -### [Document Engine License](./values.yaml#L17) +### Document Engine License | Key | Type | Default | Description | |-----|------|---------|-------------| -| [documentEngineLicense](./values.yaml#L17) | *object* | | License information, see more in [our guide](https://pspdfkit.com/guides/document-engine/deployment/product-activation/) | -| [documentEngineLicense.activationKey](./values.yaml#L22) | *string* | `""` | Activation key for online activation (most common) or license key for offline activation. Results in `ACTIVATION_KEY` environment variable. | -| [documentEngineLicense.externalSecret](./values.yaml#L27) | *object* | [...](./values.yaml#L27) | Query existing secret for the activation key | +| [documentEngineLicense](./values.yaml#L5) | *object* | | License information, see more in [our guide](https://pspdfkit.com/guides/document-engine/deployment/product-activation/) | +| [documentEngineLicense.activationKey](./values.yaml#L10) | *string* | `""` | Activation key for online activation (most common) or license key for offline activation. Results in `ACTIVATION_KEY` environment variable. | +| [documentEngineLicense.externalSecret](./values.yaml#L15) | *object* | [...](./values.yaml#L15) | Query existing secret for the activation key | -### [API authentication](./values.yaml#L40) +### API authentication | Key | Type | Default | Description | |-----|------|---------|-------------| -| [apiAuth](./values.yaml#L40) | *object* | | Document Enging API authentication | -| [apiAuth.apiToken](./values.yaml#L44) | *string* | `"secret"` | `API_AUTH_TOKEN`, a universal secret with full access to the API, should be long enough | -| [apiAuth.externalSecret](./values.yaml#L70) | *object* | [...](./values.yaml#L70) | Use an external secret for API credentials | -| [apiAuth.jwt](./values.yaml#L48) | *object* | [...](./values.yaml#L48) | JSON Web Token (JWT) settings | -| [apiAuth.jwt.algorithm](./values.yaml#L59) | *string* | `"RS256"` | `JWT_ALGORITHM` Supported algorithms: `RS256`, `RS512`, `ES256`, `ES512`. See RFC 7518 for details about specific algorithms. | -| [apiAuth.jwt.enabled](./values.yaml#L51) | *bool* | `false` | Enable JWT | -| [apiAuth.jwt.publicKey](./values.yaml#L54) | *string* | `"none"` | `JWT_PUBLIC_KEY` | -| [apiAuth.secretKeyBase](./values.yaml#L65) | *string* | `""` | A string used as the base key for deriving secret keys for the purposes of authentication. Choose a sufficiently long random string for this option. To generate a random string, use: `openssl rand -hex 256`. This will set `SECRET_KEY_BASE` environment variable. | +| [apiAuth](./values.yaml#L28) | *object* | | Document Enging API authentication | +| [apiAuth.apiToken](./values.yaml#L32) | *string* | `"secret"` | `API_AUTH_TOKEN`, a universal secret with full access to the API, should be long enough | +| [apiAuth.externalSecret](./values.yaml#L58) | *object* | [...](./values.yaml#L58) | Use an external secret for API credentials | +| [apiAuth.jwt](./values.yaml#L36) | *object* | [...](./values.yaml#L36) | JSON Web Token (JWT) settings | +| [apiAuth.jwt.algorithm](./values.yaml#L47) | *string* | `"RS256"` | `JWT_ALGORITHM` Supported algorithms: `RS256`, `RS512`, `ES256`, `ES512`. See RFC 7518 for details about specific algorithms. | +| [apiAuth.jwt.enabled](./values.yaml#L39) | *bool* | `false` | Enable JWT | +| [apiAuth.jwt.publicKey](./values.yaml#L42) | *string* | `"none"` | `JWT_PUBLIC_KEY` | +| [apiAuth.secretKeyBase](./values.yaml#L53) | *string* | `""` | A string used as the base key for deriving secret keys for the purposes of authentication. Choose a sufficiently long random string for this option. To generate a random string, use: `openssl rand -hex 256`. This will set `SECRET_KEY_BASE` environment variable. | -### [Configuration options](./values.yaml#L100) +### Configuration options | Key | Type | Default | Description | |-----|------|---------|-------------| -| [config](./values.yaml#L100) | *object* | | General configuration, [see more](https://pspdfkit.com/guides/document-engine/configuration/overview/) | -| [config.allowDocumentGeneration](./values.yaml#L133) | *bool* | `true` | `ALLOW_DOCUMENT_GENERATION` | -| [config.allowDocumentUploads](./values.yaml#L127) | *bool* | `true` | `ALLOW_DOCUMENT_UPLOADS` | -| [config.allowRemoteAssetsInGeneration](./values.yaml#L136) | *bool* | `true` | `ALLOW_REMOTE_ASSETS_IN_GENERATION` | -| [config.allowRemoteDocuments](./values.yaml#L130) | *bool* | `true` | `ALLOW_REMOTE_DOCUMENTS` | -| [config.asyncJobsTtlSeconds](./values.yaml#L124) | *int* | `172800` | `ASYNC_JOBS_TTL` | -| [config.automaticLinkExtraction](./values.yaml#L142) | *bool* | `false` | `AUTOMATIC_LINK_EXTRACTION` | -| [config.generationTimeoutSeconds](./values.yaml#L112) | *int* | `20` | `PDF_GENERATION_TIMEOUT` in seconds | -| [config.ignoreInvalidAnnotations](./values.yaml#L139) | *bool* | `true` | `IGNORE_INVALID_ANNOTATIONS` | -| [config.maxUploadSizeMegaBytes](./values.yaml#L121) | *int* | `950` | `MAX_UPLOAD_SIZE_BYTES` in megabytes | -| [config.minSearchQueryLength](./values.yaml#L145) | *int* | `3` | `MIN_SEARCH_QUERY_LENGTH` | -| [config.port](./values.yaml#L156) | *int* | `5000` | `PORT` for the Document Engine API | -| [config.proxy](./values.yaml#L151) | *object* | `{"http":"","https":""}` | Proxy settings, `HTTP_PROXY` amd `HTTPS_PROXY` | -| [config.readAnnotationBatchTimeoutSeconds](./values.yaml#L118) | *int* | `20` | `READ_ANNOTATION_BATCH_TIMEOUT` in seconds | -| [config.replaceSecretsFromEnv](./values.yaml#L161) | *bool* | `true` | `REPLACE_SECRETS_FROM_ENV` — whether to consider environment variables, values and secrets for `JWT_PUBLIC_KEY`, `SECRET_KEY_BASE` and `DASHBOARD_PASSWORD` | -| [config.requestTimeoutSeconds](./values.yaml#L106) | *int* | `60` | Full request timeout in seconds (`SERVER_REQUEST_TIMEOUT`) | -| [config.trustedProxies](./values.yaml#L148) | *string* | `"default"` | `TRUSTED_PROXIES` | -| [config.urlFetchTimeoutSeconds](./values.yaml#L115) | *int* | `5` | `REMOTE_URL_FETCH_TIMEOUT` in seconds | -| [config.workerPoolSize](./values.yaml#L103) | *int* | `16` | `PSPDFKIT_WORKER_POOL_SIZE` | -| [config.workerTimeoutSeconds](./values.yaml#L109) | *int* | `60` | Document processing timeout in seconds (`PSPDFKIT_WORKER_TIMEOUT`) | - -### [Certificate trust](./values.yaml#L166) +| [config](./values.yaml#L88) | *object* | | General configuration, [see more](https://pspdfkit.com/guides/document-engine/configuration/overview/) | +| [config.allowDocumentGeneration](./values.yaml#L121) | *bool* | `true` | `ALLOW_DOCUMENT_GENERATION` | +| [config.allowDocumentUploads](./values.yaml#L115) | *bool* | `true` | `ALLOW_DOCUMENT_UPLOADS` | +| [config.allowRemoteAssetsInGeneration](./values.yaml#L124) | *bool* | `true` | `ALLOW_REMOTE_ASSETS_IN_GENERATION` | +| [config.allowRemoteDocuments](./values.yaml#L118) | *bool* | `true` | `ALLOW_REMOTE_DOCUMENTS` | +| [config.asyncJobsTtlSeconds](./values.yaml#L112) | *int* | `172800` | `ASYNC_JOBS_TTL` | +| [config.automaticLinkExtraction](./values.yaml#L130) | *bool* | `false` | `AUTOMATIC_LINK_EXTRACTION` | +| [config.generationTimeoutSeconds](./values.yaml#L100) | *int* | `20` | `PDF_GENERATION_TIMEOUT` in seconds | +| [config.ignoreInvalidAnnotations](./values.yaml#L127) | *bool* | `true` | `IGNORE_INVALID_ANNOTATIONS` | +| [config.maxUploadSizeMegaBytes](./values.yaml#L109) | *int* | `950` | `MAX_UPLOAD_SIZE_BYTES` in megabytes | +| [config.minSearchQueryLength](./values.yaml#L133) | *int* | `3` | `MIN_SEARCH_QUERY_LENGTH` | +| [config.port](./values.yaml#L144) | *int* | `5000` | `PORT` for the Document Engine API | +| [config.proxy](./values.yaml#L139) | *object* | `{"http":"","https":""}` | Proxy settings, `HTTP_PROXY` amd `HTTPS_PROXY` | +| [config.readAnnotationBatchTimeoutSeconds](./values.yaml#L106) | *int* | `20` | `READ_ANNOTATION_BATCH_TIMEOUT` in seconds | +| [config.replaceSecretsFromEnv](./values.yaml#L149) | *bool* | `true` | `REPLACE_SECRETS_FROM_ENV` — whether to consider environment variables, values and secrets for `JWT_PUBLIC_KEY`, `SECRET_KEY_BASE` and `DASHBOARD_PASSWORD` | +| [config.requestTimeoutSeconds](./values.yaml#L94) | *int* | `60` | Full request timeout in seconds (`SERVER_REQUEST_TIMEOUT`) | +| [config.trustedProxies](./values.yaml#L136) | *string* | `"default"` | `TRUSTED_PROXIES` | +| [config.urlFetchTimeoutSeconds](./values.yaml#L103) | *int* | `5` | `REMOTE_URL_FETCH_TIMEOUT` in seconds | +| [config.workerPoolSize](./values.yaml#L91) | *int* | `16` | `PSPDFKIT_WORKER_POOL_SIZE` | +| [config.workerTimeoutSeconds](./values.yaml#L97) | *int* | `60` | Document processing timeout in seconds (`PSPDFKIT_WORKER_TIMEOUT`) | + +### Certificate trust | Key | Type | Default | Description | |-----|------|---------|-------------| -| [certificateTrust](./values.yaml#L166) | *object* | | [Certificate trust](https://pspdfkit.com/guides/document-engine/configuration/certificate-trust/) | -| [certificateTrust.customCertificates](./values.yaml#L179) | *list* | `[]` | ConfigMap and Secret references for trust configuration, stored in `/certificate-stores-custom` | -| [certificateTrust.digitalSignatures](./values.yaml#L170) | *list* | `[]` | CAs for digital signatures (`/certificate-stores/`) from ConfigMap and Secret resources. | -| [certificateTrust.downloaderTrustFileName](./values.yaml#L189) | *string* | `""` | Override `DOWNLOADER_CERT_FILE_PATH` to set HTTP client trust. If empty, defaults to Mozilla's CA bundle. | +| [certificateTrust](./values.yaml#L154) | *object* | | [Certificate trust](https://pspdfkit.com/guides/document-engine/configuration/certificate-trust/) | +| [certificateTrust.customCertificates](./values.yaml#L167) | *list* | `[]` | ConfigMap and Secret references for trust configuration, stored in `/certificate-stores-custom` | +| [certificateTrust.digitalSignatures](./values.yaml#L158) | *list* | `[]` | CAs for digital signatures (`/certificate-stores/`) from ConfigMap and Secret resources. | +| [certificateTrust.downloaderTrustFileName](./values.yaml#L177) | *string* | `""` | Override `DOWNLOADER_CERT_FILE_PATH` to set HTTP client trust. If empty, defaults to Mozilla's CA bundle. | -### [Database](./values.yaml#L194) +### Database | Key | Type | Default | Description | |-----|------|---------|-------------| -| [database](./values.yaml#L194) | *object* | | Database | -| [database.connections](./values.yaml#L203) | *int* | `20` | `DATABASE_CONNECTIONS` | -| [database.enabled](./values.yaml#L197) | *bool* | `true` | Persistent storage enabled | -| [database.engine](./values.yaml#L200) | *string* | `"postgres"` | Database engine: only `postgres` is currently supported | -| [database.migrationJob](./values.yaml#L267) | *object* | [...](./values.yaml#L267) | Database migration jobs. | -| [database.migrationJob.enabled](./values.yaml#L270) | *bool* | `false` | It `true`, results in `ENABLE_DATABASE_MIGRATIONS=false` in the main Document Engine container | -| [database.postgres](./values.yaml#L208) | *object* | [...](./values.yaml#L208) | PostgreSQL database settings | -| [database.postgres.adminPassword](./values.yaml#L229) | *string* | `"despair"` | `PG_ADMIN_PASSWORD` | -| [database.postgres.adminUsername](./values.yaml#L226) | *string* | `"postgres"` | `PG_ADMIN_USER` | -| [database.postgres.database](./values.yaml#L217) | *string* | `"document-engine"` | `PGDATABASE` | -| [database.postgres.externalAdminSecretName](./values.yaml#L238) | *string* | `""` | External secret for administrative database credentials, used for migrations: `PG_ADMIN_USER` and `PG_ADMIN_PASSWORD` | -| [database.postgres.externalSecretName](./values.yaml#L234) | *string* | `""` | Use external secret for database credentials. `PGUSER` and `PGPASSWORD` must be provided and, if not defined: `PGDATABASE`, `PGHOST`, `PGPORT`, `PGSSL` | -| [database.postgres.host](./values.yaml#L211) | *string* | `"postgresql"` | `PGHOST` | -| [database.postgres.password](./values.yaml#L223) | *string* | `"despair"` | `PGPASSWORD` | -| [database.postgres.port](./values.yaml#L214) | *int* | `5432` | `PGPORT` | -| [database.postgres.tls](./values.yaml#L243) | *object* | [...](./values.yaml#L243) | TLS settings | -| [database.postgres.tls.commonName](./values.yaml#L256) | *string* | `""` | Common name for the certificate (`PGSSL_CERT_COMMON_NAME`), defaults to `PGHOST` value | -| [database.postgres.tls.enabled](./values.yaml#L246) | *bool* | `false` | Enable TLS (`PGSSL`) | -| [database.postgres.tls.hostVerify](./values.yaml#L252) | *bool* | `true` | Negated `PGSSL_DISABLE_HOSTNAME_VERIFY` | -| [database.postgres.tls.trustBundle](./values.yaml#L260) | *string* | `""` | Trust bundle for PostgreSQL, sets `PGSSL_CA_CERTS`, mutually exclusive with `trustFileName` and takes precedence | -| [database.postgres.tls.trustFileName](./values.yaml#L263) | *string* | `""` | Path from `certificateTrust.customCertificates`, wraps around `PGSSL_CA_CERT_PATH` | -| [database.postgres.tls.verify](./values.yaml#L249) | *bool* | `true` | Negated `PGSSL_DISABLE_VERIFY` | -| [database.postgres.username](./values.yaml#L220) | *string* | `"de-user"` | `PGUSER` | - -### [Lifecycle](./values.yaml#L283) +| [database](./values.yaml#L182) | *object* | | Database | +| [database.connections](./values.yaml#L191) | *int* | `20` | `DATABASE_CONNECTIONS` | +| [database.enabled](./values.yaml#L185) | *bool* | `true` | Persistent storage enabled | +| [database.engine](./values.yaml#L188) | *string* | `"postgres"` | Database engine: only `postgres` is currently supported | +| [database.migrationJob](./values.yaml#L255) | *object* | [...](./values.yaml#L255) | Database migration jobs. | +| [database.migrationJob.enabled](./values.yaml#L258) | *bool* | `false` | It `true`, results in `ENABLE_DATABASE_MIGRATIONS=false` in the main Document Engine container | +| [database.postgres](./values.yaml#L196) | *object* | [...](./values.yaml#L196) | PostgreSQL database settings | +| [database.postgres.adminPassword](./values.yaml#L217) | *string* | `"despair"` | `PG_ADMIN_PASSWORD` | +| [database.postgres.adminUsername](./values.yaml#L214) | *string* | `"postgres"` | `PG_ADMIN_USER` | +| [database.postgres.database](./values.yaml#L205) | *string* | `"document-engine"` | `PGDATABASE` | +| [database.postgres.externalAdminSecretName](./values.yaml#L226) | *string* | `""` | External secret for administrative database credentials, used for migrations: `PG_ADMIN_USER` and `PG_ADMIN_PASSWORD` | +| [database.postgres.externalSecretName](./values.yaml#L222) | *string* | `""` | Use external secret for database credentials. `PGUSER` and `PGPASSWORD` must be provided and, if not defined: `PGDATABASE`, `PGHOST`, `PGPORT`, `PGSSL` | +| [database.postgres.host](./values.yaml#L199) | *string* | `"postgresql"` | `PGHOST` | +| [database.postgres.password](./values.yaml#L211) | *string* | `"despair"` | `PGPASSWORD` | +| [database.postgres.port](./values.yaml#L202) | *int* | `5432` | `PGPORT` | +| [database.postgres.tls](./values.yaml#L231) | *object* | [...](./values.yaml#L231) | TLS settings | +| [database.postgres.tls.commonName](./values.yaml#L244) | *string* | `""` | Common name for the certificate (`PGSSL_CERT_COMMON_NAME`), defaults to `PGHOST` value | +| [database.postgres.tls.enabled](./values.yaml#L234) | *bool* | `false` | Enable TLS (`PGSSL`) | +| [database.postgres.tls.hostVerify](./values.yaml#L240) | *bool* | `true` | Negated `PGSSL_DISABLE_HOSTNAME_VERIFY` | +| [database.postgres.tls.trustBundle](./values.yaml#L248) | *string* | `""` | Trust bundle for PostgreSQL, sets `PGSSL_CA_CERTS`, mutually exclusive with `trustFileName` and takes precedence | +| [database.postgres.tls.trustFileName](./values.yaml#L251) | *string* | `""` | Path from `certificateTrust.customCertificates`, wraps around `PGSSL_CA_CERT_PATH` | +| [database.postgres.tls.verify](./values.yaml#L237) | *bool* | `true` | Negated `PGSSL_DISABLE_VERIFY` | +| [database.postgres.username](./values.yaml#L208) | *string* | `"de-user"` | `PGUSER` | + +### Document lifecycle | Key | Type | Default | Description | |-----|------|---------|-------------| -| [documentLifecycle](./values.yaml#L283) | *object* | | Document lifecycle management | -| [documentLifecycle.cleanupJob](./values.yaml#L288) | *object* | [...](./values.yaml#L288) | Regular job to remove documents from the database. Note: currently only works with the `built-in` storage backend. | -| [documentLifecycle.cleanupJob.enabled](./values.yaml#L291) | *bool* | `false` | Enable the cleanup job | -| [documentLifecycle.cleanupJob.keepHours](./values.yaml#L297) | *int* | `24` | Documents TTL in hours | -| [documentLifecycle.cleanupJob.persistentLike](./values.yaml#L300) | *string* | `"persistent%"` | Keep documents with IDs beginning with `persistent` indefinitely | -| [documentLifecycle.cleanupJob.schedule](./values.yaml#L294) | *string* | `"13 * * * *"` | Cleanup job schedule in cron format | - -### [Asset storage](./values.yaml#L311) +| [documentLifecycle](./values.yaml#L271) | *object* | | Document lifecycle management | +| [documentLifecycle.cleanupJob](./values.yaml#L276) | *object* | [...](./values.yaml#L276) | Regular job to remove documents from the database. Note: currently only works with the `built-in` storage backend. | +| [documentLifecycle.cleanupJob.enabled](./values.yaml#L279) | *bool* | `false` | Enable the cleanup job | +| [documentLifecycle.cleanupJob.keepHours](./values.yaml#L285) | *int* | `24` | Documents TTL in hours | +| [documentLifecycle.cleanupJob.persistentLike](./values.yaml#L288) | *string* | `"persistent%"` | Keep documents with IDs beginning with `persistent` indefinitely | +| [documentLifecycle.cleanupJob.schedule](./values.yaml#L282) | *string* | `"13 * * * *"` | Cleanup job schedule in cron format | -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| [assetStorage](./values.yaml#L311) | *object* | | Everything about storing and caching assets | -| [assetStorage.azure](./values.yaml#L375) | *object* | [...](./values.yaml#L375) | Azure blob storage settings, in case `assetStorage.backendType` is set to `azure` | -| [assetStorage.azure.container](./values.yaml#L386) | *string* | `""` | `AZURE_STORAGE_DEFAULT_CONTAINER` | -| [assetStorage.backendFallback](./values.yaml#L323) | *object* | [...](./values.yaml#L323) | Asset storage fallback settings | -| [assetStorage.backendFallback.enabled](./values.yaml#L326) | *bool* | `false` | `ENABLE_ASSET_STORAGE_FALLBACK` | -| [assetStorage.backendFallback.enabledAzure](./values.yaml#L335) | *bool* | `false` | `ENABLE_ASSET_STORAGE_FALLBACK_AZURE` | -| [assetStorage.backendFallback.enabledPostgres](./values.yaml#L329) | *bool* | `false` | `ENABLE_ASSET_STORAGE_FALLBACK_POSTGRES` | -| [assetStorage.backendFallback.enabledS3](./values.yaml#L332) | *bool* | `false` | `ENABLE_ASSET_STORAGE_FALLBACK_S3` | -| [assetStorage.backendType](./values.yaml#L319) | *string* | `"built-in"` | Asset storage backend is only available if `database.enabled` is `true` Sets `ASSET_STORAGE_BACKEND`: `built-in`, `s3` or `azure` | -| [assetStorage.localCacheSizeMegabytes](./values.yaml#L315) | *int* | `2000` | Sets local asset storage value in megabytes Results in `ASSET_STORAGE_CACHE_SIZE` (in bytes) | -| [assetStorage.redis](./values.yaml#L404) | *object* | [...](./values.yaml#L404) | Redis settings for caching and prerendering | -| [assetStorage.redis.database](./values.yaml#L422) | *string* | `""` | `REDIS_DATABASE` | -| [assetStorage.redis.enabled](./values.yaml#L407) | *bool* | `false` | `USE_REDIS_CACHE` | -| [assetStorage.redis.externalSecretName](./values.yaml#L459) | *string* | `""` | External secret name. Must contain `REDIS_USERNAME` and `REDIS_PASSWORD` if they are needed, and _may_ set other values | -| [assetStorage.redis.host](./values.yaml#L416) | *string* | `"redis"` | `REDIS_HOST` | -| [assetStorage.redis.password](./values.yaml#L448) | *string* | `""` | `REDIS_PASSWORD` | -| [assetStorage.redis.port](./values.yaml#L419) | *int* | `6379` | `REDIS_PORT` | -| [assetStorage.redis.sentinel](./values.yaml#L427) | *object* | [...](./values.yaml#L427) | Redis Sentinel | -| [assetStorage.redis.tls](./values.yaml#L452) | *object* | | TLS settings | -| [assetStorage.redis.tls.enabled](./values.yaml#L455) | *bool* | `false` | Enable TLS (`REDIS_SSL`) | -| [assetStorage.redis.ttlSeconds](./values.yaml#L410) | *int* | `86400000` | `REDIS_TTL` | -| [assetStorage.redis.useTtl](./values.yaml#L413) | *bool* | `true` | `USE_REDIS_TTL_FOR_PRERENDERING` | -| [assetStorage.redis.username](./values.yaml#L445) | *string* | `""` | `REDIS_USERNAME` | -| [assetStorage.s3](./values.yaml#L339) | *object* | [...](./values.yaml#L339) | S3 backend storage settings, in case `assetStorage.backendType` is set to `s3 | -| [assetStorage.s3.bucket](./values.yaml#L350) | *string* | `"document-engine-assets"` | `ASSET_STORAGE_S3_BUCKET` | -| [assetStorage.s3.region](./values.yaml#L353) | *string* | `"us-east-1"` | `ASSET_STORAGE_S3_REGION` | - -### [Digital signatures](./values.yaml#L464) +### Asset storage | Key | Type | Default | Description | |-----|------|---------|-------------| -| [documentSigningService](./values.yaml#L464) | *object* | | Signing service parameters | -| [documentSigningService.cadesLevel](./values.yaml#L490) | *string* | `"b-lt"` | `DIGITAL_SIGNATURE_CADES_LEVEL` | -| [documentSigningService.certificateCheckTime](./values.yaml#L493) | *string* | `"current_time"` | `DIGITAL_SIGNATURE_CERTIFICATE_CHECK_TIME` | -| [documentSigningService.defaultSignatureLocation](./values.yaml#L484) | *string* | `"Head Quarters"` | `DEFAULT_SIGNATURE_LOCATION` | -| [documentSigningService.defaultSignatureReason](./values.yaml#L480) | *string* | `"approved"` | `DEFAULT_SIGNATURE_REASON` | -| [documentSigningService.defaultSignerName](./values.yaml#L476) | *string* | `"John Doe"` | `DEFAULT_SIGNER_NAME` | -| [documentSigningService.enabled](./values.yaml#L467) | *bool* | `false` | Enable signing service integration | -| [documentSigningService.hashAlgorithm](./values.yaml#L487) | *string* | `"sha512"` | `DIGITAL_SIGNATURE_HASH_ALGORITHM` | -| [documentSigningService.timeoutSeconds](./values.yaml#L473) | *int* | `10` | `SIGNING_SERVICE_TIMEOUT` in seconds | -| [documentSigningService.timestampAuthority](./values.yaml#L497) | *object* | [...](./values.yaml#L497) | Timestamp Authority (TSA) settings | -| [documentSigningService.timestampAuthority.url](./values.yaml#L500) | *string* | `"https://freetsa.org/"` | `TIMESTAMP_AUTHORITY_URL` | -| [documentSigningService.url](./values.yaml#L470) | *string* | `"https://signing-thing.local/sign"` | `SIGNING_SERVICE_URL` | - -### [Observability](./values.yaml#L513) +| [assetStorage](./values.yaml#L299) | *object* | | Everything about storing and caching assets | +| [assetStorage.azure](./values.yaml#L363) | *object* | [...](./values.yaml#L363) | Azure blob storage settings, in case `assetStorage.backendType` is set to `azure` | +| [assetStorage.azure.container](./values.yaml#L374) | *string* | `""` | `AZURE_STORAGE_DEFAULT_CONTAINER` | +| [assetStorage.backendFallback](./values.yaml#L311) | *object* | [...](./values.yaml#L311) | Asset storage fallback settings | +| [assetStorage.backendFallback.enabled](./values.yaml#L314) | *bool* | `false` | `ENABLE_ASSET_STORAGE_FALLBACK` | +| [assetStorage.backendFallback.enabledAzure](./values.yaml#L323) | *bool* | `false` | `ENABLE_ASSET_STORAGE_FALLBACK_AZURE` | +| [assetStorage.backendFallback.enabledPostgres](./values.yaml#L317) | *bool* | `false` | `ENABLE_ASSET_STORAGE_FALLBACK_POSTGRES` | +| [assetStorage.backendFallback.enabledS3](./values.yaml#L320) | *bool* | `false` | `ENABLE_ASSET_STORAGE_FALLBACK_S3` | +| [assetStorage.backendType](./values.yaml#L307) | *string* | `"built-in"` | Asset storage backend is only available if `database.enabled` is `true` Sets `ASSET_STORAGE_BACKEND`: `built-in`, `s3` or `azure` | +| [assetStorage.localCacheSizeMegabytes](./values.yaml#L303) | *int* | `2000` | Sets local asset storage value in megabytes Results in `ASSET_STORAGE_CACHE_SIZE` (in bytes) | +| [assetStorage.redis](./values.yaml#L392) | *object* | [...](./values.yaml#L392) | Redis settings for caching and prerendering | +| [assetStorage.redis.database](./values.yaml#L410) | *string* | `""` | `REDIS_DATABASE` | +| [assetStorage.redis.enabled](./values.yaml#L395) | *bool* | `false` | `USE_REDIS_CACHE` | +| [assetStorage.redis.externalSecretName](./values.yaml#L447) | *string* | `""` | External secret name. Must contain `REDIS_USERNAME` and `REDIS_PASSWORD` if they are needed, and _may_ set other values | +| [assetStorage.redis.host](./values.yaml#L404) | *string* | `"redis"` | `REDIS_HOST` | +| [assetStorage.redis.password](./values.yaml#L436) | *string* | `""` | `REDIS_PASSWORD` | +| [assetStorage.redis.port](./values.yaml#L407) | *int* | `6379` | `REDIS_PORT` | +| [assetStorage.redis.sentinel](./values.yaml#L415) | *object* | [...](./values.yaml#L415) | Redis Sentinel | +| [assetStorage.redis.tls](./values.yaml#L440) | *object* | | TLS settings | +| [assetStorage.redis.tls.enabled](./values.yaml#L443) | *bool* | `false` | Enable TLS (`REDIS_SSL`) | +| [assetStorage.redis.ttlSeconds](./values.yaml#L398) | *int* | `86400000` | `REDIS_TTL` | +| [assetStorage.redis.useTtl](./values.yaml#L401) | *bool* | `true` | `USE_REDIS_TTL_FOR_PRERENDERING` | +| [assetStorage.redis.username](./values.yaml#L433) | *string* | `""` | `REDIS_USERNAME` | +| [assetStorage.s3](./values.yaml#L327) | *object* | [...](./values.yaml#L327) | S3 backend storage settings, in case `assetStorage.backendType` is set to `s3 | +| [assetStorage.s3.bucket](./values.yaml#L338) | *string* | `"document-engine-assets"` | `ASSET_STORAGE_S3_BUCKET` | +| [assetStorage.s3.region](./values.yaml#L341) | *string* | `"us-east-1"` | `ASSET_STORAGE_S3_REGION` | + +### Digital signatures | Key | Type | Default | Description | |-----|------|---------|-------------| -| [observability](./values.yaml#L513) | *object* | | Observability settings | -| [observability.log](./values.yaml#L517) | *object* | [...](./values.yaml#L517) | Logs | -| [observability.log.healthcheckLevel](./values.yaml#L523) | *string* | `"debug"` | `HEALTHCHECK_LOGLEVEL` — log level for health checks | -| [observability.log.level](./values.yaml#L520) | *string* | `"info"` | `LOG_LEVEL` | -| [observability.metrics](./values.yaml#L558) | *object* | [...](./values.yaml#L558) | Metrics configuration | -| [observability.metrics.enabled](./values.yaml#L561) | *bool* | `false` | Enable metrics exporting | -| [observability.metrics.prometheusRule](./values.yaml#L599) | *object* | [...](./values.yaml#L599) | Prometheus [PrometheusRule](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.PrometheusRule) | -| [observability.metrics.serviceMonitor](./values.yaml#L585) | *object* | [...](./values.yaml#L585) | Prometheus [ServiceMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.ServiceMonitor) | -| [observability.metrics.statsd](./values.yaml#L565) | *object* | [...](./values.yaml#L565) | StatsD parameters | -| [observability.metrics.statsd.customTags](./values.yaml#L581) | *tpl/string* | *generated* | StatsD custom tags, `STATSD_CUSTOM_TAGS` | -| [observability.metrics.statsd.port](./values.yaml#L575) | *int* | `9125` | StatsD port, `STATSD_PORT` | -| [observability.opentelemetry](./values.yaml#L527) | *object* | [...](./values.yaml#L527) | OpenTelemetry settings | -| [observability.opentelemetry.enabled](./values.yaml#L530) | *bool* | `false` | Enable OpenTelemetry (`ENABLE_OPENTELEMETRY`), only tracing is currently supported | -| [observability.opentelemetry.otelPropagators](./values.yaml#L546) | *string* | `""` | `OTEL_PROPAGATORS`, propagators | -| [observability.opentelemetry.otelResourceAttributes](./values.yaml#L543) | *string* | `""` | `OTEL_RESOURCE_ATTRIBUTES`, resource attributes | -| [observability.opentelemetry.otelServiceName](./values.yaml#L540) | *string* | `""` | `OTEL_SERVICE_NAME`, service name | -| [observability.opentelemetry.otelTracesSampler](./values.yaml#L551) | *string* | `""` | `OTEL_TRACES_SAMPLER`, should normally not be touched to allow custom `parent_based` work, but something like `parentbased_traceidratio` may be considered | -| [observability.opentelemetry.otelTracesSamplerArg](./values.yaml#L554) | *string* | `""` | `OTEL_TRACES_SAMPLER_ARG`, argument for the sampler | -| [observability.opentelemetry.otlpExporterEndpoint](./values.yaml#L534) | *string* | `""` | https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ `OTEL_EXPORTER_OTLP_ENDPOINT`, if not set, defaults to `http://localhost:4317` | -| [observability.opentelemetry.otlpExporterProtocol](./values.yaml#L537) | *string* | `""` | `OTEL_EXPORTER_OTLP_PROTOCOL`, if not set, defaults to `grpc` | -| [prometheusExporter](./values.yaml#L609) | *object* | [...](./values.yaml#L609) | StatsD exporter for Prometheus, not recommended for production use Requires `observability.metrics.enabled` and `observability.metrics.statsd.enabled` | -| [prometheusExporter.enabled](./values.yaml#L612) | *bool* | `false` | Enable the Prometheus exporter | - -### [Dashboard](./values.yaml#L629) +| [documentSigningService](./values.yaml#L452) | *object* | | Signing service parameters | +| [documentSigningService.cadesLevel](./values.yaml#L478) | *string* | `"b-lt"` | `DIGITAL_SIGNATURE_CADES_LEVEL` | +| [documentSigningService.certificateCheckTime](./values.yaml#L481) | *string* | `"current_time"` | `DIGITAL_SIGNATURE_CERTIFICATE_CHECK_TIME` | +| [documentSigningService.defaultSignatureLocation](./values.yaml#L472) | *string* | `"Head Quarters"` | `DEFAULT_SIGNATURE_LOCATION` | +| [documentSigningService.defaultSignatureReason](./values.yaml#L468) | *string* | `"approved"` | `DEFAULT_SIGNATURE_REASON` | +| [documentSigningService.defaultSignerName](./values.yaml#L464) | *string* | `"John Doe"` | `DEFAULT_SIGNER_NAME` | +| [documentSigningService.enabled](./values.yaml#L455) | *bool* | `false` | Enable signing service integration | +| [documentSigningService.hashAlgorithm](./values.yaml#L475) | *string* | `"sha512"` | `DIGITAL_SIGNATURE_HASH_ALGORITHM` | +| [documentSigningService.timeoutSeconds](./values.yaml#L461) | *int* | `10` | `SIGNING_SERVICE_TIMEOUT` in seconds | +| [documentSigningService.timestampAuthority](./values.yaml#L485) | *object* | [...](./values.yaml#L485) | Timestamp Authority (TSA) settings | +| [documentSigningService.timestampAuthority.url](./values.yaml#L488) | *string* | `"https://freetsa.org/"` | `TIMESTAMP_AUTHORITY_URL` | +| [documentSigningService.url](./values.yaml#L458) | *string* | `"https://signing-thing.local/sign"` | `SIGNING_SERVICE_URL` | + +### Dashboard | Key | Type | Default | Description | |-----|------|---------|-------------| -| [dashboard](./values.yaml#L629) | *object* | | Document Engine Dashboard settings | -| [dashboard.auth](./values.yaml#L636) | *object* | [...](./values.yaml#L636) | Dashboard authentication | -| [dashboard.auth.externalSecret](./values.yaml#L646) | *object* | [...](./values.yaml#L646) | Use an external secret for dashboard credentials | -| [dashboard.auth.externalSecret.name](./values.yaml#L649) | *string* | `""` | External secret name | -| [dashboard.auth.externalSecret.passwordKey](./values.yaml#L655) | *string* | `"DASHBOARD_PASSWORD"` | Secret key name for the password | -| [dashboard.auth.externalSecret.usernameKey](./values.yaml#L652) | *string* | `"DASHBOARD_USERNAME"` | Secret key name for the username | -| [dashboard.auth.password](./values.yaml#L642) | *string* | `""` | `DASHBOARD_PASSWORD` — will generate a random password if not set | -| [dashboard.auth.username](./values.yaml#L639) | *string* | `"admin"` | `DASHBOARD_USERNAME` | -| [dashboard.enabled](./values.yaml#L632) | *bool* | `true` | Enable dashboard | - -### [Dependencies](./values.yaml#L943) +| [dashboard](./values.yaml#L501) | *object* | | Document Engine Dashboard settings | +| [dashboard.auth](./values.yaml#L508) | *object* | [...](./values.yaml#L508) | Dashboard authentication | +| [dashboard.auth.externalSecret](./values.yaml#L518) | *object* | [...](./values.yaml#L518) | Use an external secret for dashboard credentials | +| [dashboard.auth.externalSecret.name](./values.yaml#L521) | *string* | `""` | External secret name | +| [dashboard.auth.externalSecret.passwordKey](./values.yaml#L527) | *string* | `"DASHBOARD_PASSWORD"` | Secret key name for the password | +| [dashboard.auth.externalSecret.usernameKey](./values.yaml#L524) | *string* | `"DASHBOARD_USERNAME"` | Secret key name for the username | +| [dashboard.auth.password](./values.yaml#L514) | *string* | `""` | `DASHBOARD_PASSWORD` — will generate a random password if not set | +| [dashboard.auth.username](./values.yaml#L511) | *string* | `"admin"` | `DASHBOARD_USERNAME` | +| [dashboard.enabled](./values.yaml#L504) | *bool* | `true` | Enable dashboard | + +### Environment | Key | Type | Default | Description | |-----|------|---------|-------------| -| [minio](./values.yaml#L943) | *reference* | [...](./values.yaml#L943) | [External MinIO chart](https://github.com/bitnami/charts/tree/main/bitnami/minio) | -| [postgresql](./values.yaml#L921) | *reference* | [...](./values.yaml#L921) | [External PostgreSQL database chart](https://github.com/bitnami/charts/tree/main/bitnami/postgresql) | -| [redis](./values.yaml#L955) | *reference* | [...](./values.yaml#L955) | [External Redis chart](https://github.com/bitnami/charts/tree/main/bitnami/redis) | - -### [Kubernetes metadata](./values.yaml#L713) +| [extraEnvFrom](./values.yaml#L693) | *list* | `[]` | Extra environment variables from resources | +| [extraEnvs](./values.yaml#L690) | *list* | `[]` | Extra environment variables | +| [extraVolumeMounts](./values.yaml#L699) | *list* | `[]` | Additional volume mounts for Document Engine container | +| [extraVolumes](./values.yaml#L696) | *list* | `[]` | Additional volumes | +| [image](./values.yaml#L650) | *object* | [...](./values.yaml#L650) | Image settings | +| [imagePullSecrets](./values.yaml#L657) | *list* | `[]` | Pull secrets | +| [initContainers](./values.yaml#L705) | *list* | `[]` | Init containers | +| [podSecurityContext](./values.yaml#L676) | *object* | `{}` | Pod security context | +| [securityContext](./values.yaml#L680) | *object* | `{}` | Security context | +| [serviceAccount](./values.yaml#L669) | *object* | [...](./values.yaml#L669) | ServiceAccount | +| [sidecars](./values.yaml#L702) | *list* | `[]` | Additional containers | + +### Metadata | Key | Type | Default | Description | |-----|------|---------|-------------| -| [deploymentAnnotations](./values.yaml#L713) | *object* | `{}` | Deployment annotations | -| [podAnnotations](./values.yaml#L710) | *object* | `{}` | Pod annotations | -| [podLabels](./values.yaml#L707) | *object* | `{}` | Pod labels | +| [deploymentAnnotations](./values.yaml#L715) | *object* | `{}` | Deployment annotations | +| [fullnameOverride](./values.yaml#L664) | *string* | `""` | Release full name override | +| [nameOverride](./values.yaml#L661) | *string* | `""` | Release name override | +| [podAnnotations](./values.yaml#L712) | *object* | `{}` | Pod annotations | +| [podLabels](./values.yaml#L709) | *object* | `{}` | Pod labels | -### [Networking](./values.yaml#L742) +### Networking | Key | Type | Default | Description | |-----|------|---------|-------------| -| [extraIngresses](./values.yaml#L742) | *object* | `map[]` | Additional ingresses, e.g. for the dashboard | -| [ingress](./values.yaml#L718) | *object* | [...](./values.yaml#L718) | Ingress | -| [networkPolicy](./values.yaml#L759) | *object* | [...](./values.yaml#L759) | [Network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) | -| [service](./values.yaml#L660) | *object* | [...](./values.yaml#L660) | Service | - -### [Pod environment](./values.yaml#L691) +| [extraIngresses](./values.yaml#L766) | *object* | [...](./values.yaml#L766) | Additional ingresses, e.g. for the dashboard | +| [ingress](./values.yaml#L731) | *object* | [...](./values.yaml#L731) | Ingress | +| [ingress.annotations](./values.yaml#L740) | *object* | `{}` | Ingress annotations | +| [ingress.className](./values.yaml#L737) | *string* | `""` | Ingress class name | +| [ingress.enabled](./values.yaml#L734) | *bool* | `false` | Enable ingress | +| [ingress.hosts](./values.yaml#L743) | *list* | `[]` | Hosts | +| [ingress.tls](./values.yaml#L757) | *list* | `[]` | Ingress TLS section | +| [networkPolicy](./values.yaml#L783) | *object* | [...](./values.yaml#L783) | [Network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) | +| [networkPolicy.allowExternal](./values.yaml#L791) | *bool* | `true` | Allow access from anywhere | +| [networkPolicy.allowExternalEgress](./values.yaml#L815) | *bool* | `true` | Allow the pod to access any range of port and all destinations. | +| [networkPolicy.enabled](./values.yaml#L786) | *bool* | `true` | Enable network policy | +| [networkPolicy.extraEgress](./values.yaml#L818) | *list* | `[]` | Extra egress rules | +| [networkPolicy.extraIngress](./values.yaml#L794) | *list* | `[]` | Additional ingress rules | +| [networkPolicy.ingressMatchSelectorLabels](./values.yaml#L809) | *list* | `[]` | Allow traffic from other namespaces | +| [service](./values.yaml#L720) | *object* | [...](./values.yaml#L720) | Service | +| [service.port](./values.yaml#L726) | *int* | `5000` | Service port — see also `config.port` | +| [service.type](./values.yaml#L723) | *string* | `"ClusterIP"` | Service type | + +### Observability | Key | Type | Default | Description | |-----|------|---------|-------------| -| [extraEnvFrom](./values.yaml#L691) | *list* | `[]` | Extra environment variables from resources | -| [extraEnvs](./values.yaml#L688) | *list* | `[]` | Extra environment variables | -| [extraVolumeMounts](./values.yaml#L697) | *list* | `[]` | Additional volume mounts for Document Engine container | -| [extraVolumes](./values.yaml#L694) | *list* | `[]` | Additional volumes | -| [initContainers](./values.yaml#L703) | *list* | `[]` | Init containers | -| [podSecurityContext](./values.yaml#L674) | *object* | `{}` | Pod security context | -| [securityContext](./values.yaml#L678) | *object* | `{}` | Security context | -| [serviceAccount](./values.yaml#L667) | *object* | [...](./values.yaml#L667) | ServiceAccount | -| [sidecars](./values.yaml#L700) | *list* | `[]` | Additional containers | - -### [Pod lifecycle](./values.yaml#L844) +| [observability](./values.yaml#L532) | *object* | | Observability settings | +| [observability.log](./values.yaml#L536) | *object* | [...](./values.yaml#L536) | Logs | +| [observability.log.healthcheckLevel](./values.yaml#L542) | *string* | `"debug"` | `HEALTHCHECK_LOGLEVEL` — log level for health checks | +| [observability.log.level](./values.yaml#L539) | *string* | `"info"` | `LOG_LEVEL` | +| [observability.metrics](./values.yaml#L577) | *object* | [...](./values.yaml#L577) | Metrics configuration | +| [observability.metrics.enabled](./values.yaml#L580) | *bool* | `false` | Enable metrics exporting | +| [observability.metrics.prometheusRule](./values.yaml#L618) | *object* | [...](./values.yaml#L618) | Prometheus [PrometheusRule](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.PrometheusRule) | +| [observability.metrics.serviceMonitor](./values.yaml#L604) | *object* | [...](./values.yaml#L604) | Prometheus [ServiceMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.ServiceMonitor) | +| [observability.metrics.statsd](./values.yaml#L584) | *object* | [...](./values.yaml#L584) | StatsD parameters | +| [observability.metrics.statsd.customTags](./values.yaml#L600) | *tpl/string* | *generated* | StatsD custom tags, `STATSD_CUSTOM_TAGS` | +| [observability.metrics.statsd.port](./values.yaml#L594) | *int* | `9125` | StatsD port, `STATSD_PORT` | +| [observability.opentelemetry](./values.yaml#L546) | *object* | [...](./values.yaml#L546) | OpenTelemetry settings | +| [observability.opentelemetry.enabled](./values.yaml#L549) | *bool* | `false` | Enable OpenTelemetry (`ENABLE_OPENTELEMETRY`), only tracing is currently supported | +| [observability.opentelemetry.otelPropagators](./values.yaml#L565) | *string* | `""` | `OTEL_PROPAGATORS`, propagators | +| [observability.opentelemetry.otelResourceAttributes](./values.yaml#L562) | *string* | `""` | `OTEL_RESOURCE_ATTRIBUTES`, resource attributes | +| [observability.opentelemetry.otelServiceName](./values.yaml#L559) | *string* | `""` | `OTEL_SERVICE_NAME`, service name | +| [observability.opentelemetry.otelTracesSampler](./values.yaml#L570) | *string* | `""` | `OTEL_TRACES_SAMPLER`, should normally not be touched to allow custom `parent_based` work, but something like `parentbased_traceidratio` may be considered | +| [observability.opentelemetry.otelTracesSamplerArg](./values.yaml#L573) | *string* | `""` | `OTEL_TRACES_SAMPLER_ARG`, argument for the sampler | +| [observability.opentelemetry.otlpExporterEndpoint](./values.yaml#L553) | *string* | `""` | https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ `OTEL_EXPORTER_OTLP_ENDPOINT`, if not set, defaults to `http://localhost:4317` | +| [observability.opentelemetry.otlpExporterProtocol](./values.yaml#L556) | *string* | `""` | `OTEL_EXPORTER_OTLP_PROTOCOL`, if not set, defaults to `grpc` | +| [prometheusExporter](./values.yaml#L628) | *object* | [...](./values.yaml#L628) | StatsD exporter for Prometheus, not recommended for production use Requires `observability.metrics.enabled` and `observability.metrics.statsd.enabled` | +| [prometheusExporter.enabled](./values.yaml#L631) | *bool* | `false` | Enable the Prometheus exporter | +| [prometheusExporter.port](./values.yaml#L638) | *int* | `10254` | Prometheus metrics port | + +### Pod lifecycle | Key | Type | Default | Description | |-----|------|---------|-------------| -| [lifecycle](./values.yaml#L844) | *object* | `{}` | [Lifecycle](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) | -| [livenessProbe](./values.yaml#L818) | *object* | [...](./values.yaml#L818) | [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| [readinessProbe](./values.yaml#L831) | *object* | [...](./values.yaml#L831) | [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| [startupProbe](./values.yaml#L805) | *object* | [...](./values.yaml#L805) | [Startup probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | +| [lifecycle](./values.yaml#L874) | *object* | `{}` | [Lifecycle](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) | +| [livenessProbe](./values.yaml#L848) | *object* | [...](./values.yaml#L848) | [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | +| [readinessProbe](./values.yaml#L861) | *object* | [...](./values.yaml#L861) | [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | +| [startupProbe](./values.yaml#L835) | *object* | [...](./values.yaml#L835) | [Startup probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -### [Scheduling](./values.yaml#L901) +### Scheduling | Key | Type | Default | Description | |-----|------|---------|-------------| -| [affinity](./values.yaml#L901) | *object* | `{}` | Node affinity | -| [autoscaling](./values.yaml#L852) | *object* | [...](./values.yaml#L852) | [Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | -| [nodeSelector](./values.yaml#L898) | *object* | `{}` | [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) | -| [podDisruptionBudget](./values.yaml#L891) | *object* | [...](./values.yaml#L891) | [Pod disruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) | -| [priorityClassName](./values.yaml#L910) | *string* | `""` | [Priority classs](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) | -| [replicaCount](./values.yaml#L881) | *int* | `1` | Number of replicas | -| [resources](./values.yaml#L878) | *object* | `{}` | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| [schedulerName](./values.yaml#L913) | *string* | `""` | [Scheduler](https://kubernetes.io/docs/concepts/scheduling-eviction/kube-scheduler/) | -| [terminationGracePeriodSeconds](./values.yaml#L916) | *string* | `""` | [Termination grace period](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/) | -| [tolerations](./values.yaml#L904) | *list* | `[]` | [Node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | -| [topologySpreadConstraints](./values.yaml#L907) | *list* | `[]` | [Topology spread constraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/) | -| [updateStrategy](./values.yaml#L884) | *object* | `{"rollingUpdate":{},"type":"RollingUpdate"}` | [Update strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) | - -### Other Values +| [affinity](./values.yaml#L931) | *object* | `{}` | Node affinity | +| [autoscaling](./values.yaml#L882) | *object* | [...](./values.yaml#L882) | [Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | +| [nodeSelector](./values.yaml#L928) | *object* | `{}` | [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) | +| [podDisruptionBudget](./values.yaml#L921) | *object* | [...](./values.yaml#L921) | [Pod disruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) | +| [priorityClassName](./values.yaml#L940) | *string* | `""` | [Priority classs](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) | +| [replicaCount](./values.yaml#L911) | *int* | `1` | Number of replicas | +| [resources](./values.yaml#L908) | *object* | `{}` | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | +| [schedulerName](./values.yaml#L943) | *string* | `""` | [Scheduler](https://kubernetes.io/docs/concepts/scheduling-eviction/kube-scheduler/) | +| [terminationGracePeriodSeconds](./values.yaml#L946) | *string* | `""` | [Termination grace period](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/) | +| [tolerations](./values.yaml#L934) | *list* | `[]` | [Node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | +| [topologySpreadConstraints](./values.yaml#L937) | *list* | `[]` | [Topology spread constraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/) | +| [updateStrategy](./values.yaml#L914) | *object* | `{"rollingUpdate":{},"type":"RollingUpdate"}` | [Update strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) | + +### Chart dependencies | Key | Type | Default | Description | |-----|------|---------|-------------| -| [fullnameOverride](./values.yaml#L11) | *string* | `""` | | -| [image](./values.yaml#L3) | *object* | | Image settings | -| [imagePullSecrets](./values.yaml#L9) | *list* | `[]` | Pull secrets | -| [nameOverride](./values.yaml#L10) | *string* | `""` | | +| [minio](./values.yaml#L973) | *reference* | [...](./values.yaml#L973) | [External MinIO chart](https://github.com/bitnami/charts/tree/main/bitnami/minio) | +| [postgresql](./values.yaml#L951) | *reference* | [...](./values.yaml#L951) | [External PostgreSQL database chart](https://github.com/bitnami/charts/tree/main/bitnami/postgresql) | +| [redis](./values.yaml#L985) | *reference* | [...](./values.yaml#L985) | [External Redis chart](https://github.com/bitnami/charts/tree/main/bitnami/redis) | ## Contribution diff --git a/charts/document-engine/README.md.gotmpl b/charts/document-engine/README.md.gotmpl index 6a0d419..7da368c 100644 --- a/charts/document-engine/README.md.gotmpl +++ b/charts/document-engine/README.md.gotmpl @@ -1,3 +1,106 @@ +{{/* +Functions { +*/}} +{{- define "chart.valuesTableOfContents" -}} +{{- if .Sections.Sections -}} +{{- $sectionNames := list -}} +{{- range .Sections.Sections -}} +{{- $sectionNames = append $sectionNames .SectionName -}} +{{- end -}} +{{- $sections := list -}} +{{- range ($sectionNames | sortAlpha) -}} +{{- $currentSectionName := . -}} +{{- range $.Sections.Sections -}} +{{- if eq .SectionName $currentSectionName -}} +{{- $thisSection := dict -}} +{{- $title := regexReplaceAll "^[0-9A-Z]+\\.\\s+" .SectionName "" -}} +{{- $link := printf "./values.yaml#L%d" (first .SectionItems).LineNumber -}} +{{- $_ := set $thisSection "SectionName" .SectionName -}} +{{- $_ := set $thisSection "SectionItems" .SectionItems -}} +{{- $_ := set $thisSection "SectionTitle" $title -}} +{{- $sections = append $sections $thisSection -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- if .Sections.DefaultSection.SectionItems -}} +{{- $thisSection := dict -}} +{{- $_ := set $thisSection "SectionName" .Sections.DefaultSection.SectionName -}} +{{- $_ := set $thisSection "SectionItems" .Sections.DefaultSection.SectionItems -}} +{{- $_ := set $thisSection "SectionTitle" .Sections.DefaultSection.SectionName -}} +{{- $sections = append $sections $thisSection -}} +{{- end -}} +{{- range $sections -}} +{{- $sectionAnchor := regexReplaceAll "\\s" .SectionTitle "-" | lower }} + * [{{ .SectionTitle }}](#{{ $sectionAnchor }}) +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "chart.valueDefaultColumnRender" -}} +{{- $defaultValue := (default .Default .AutoDefault) -}} +{{- $notationType := .NotationType -}} +{{- if .Default -}} +{{- $defaultValue = (trimAll "`" (default .Default .AutoDefault) ) -}} +{{- $notationType = "json" -}} +{{- end -}} +{{- if eq $notationType "none" -}} +{{- else if eq $notationType "reference" -}} +[...](./values.yaml#L{{ .LineNumber }}) +{{- else if eq $notationType "plain" -}} +{{- $defaultValue }} +{{- else if eq $notationType "tpl" -}} +`{{ $defaultValue }}` +{{- else -}} +`{{ $defaultValue }}` +{{- end -}} +{{- end -}} + +{{- define "chart.valuesTable" -}} +{{- if .Sections.Sections -}} +{{- $sectionNames := list -}} +{{- range .Sections.Sections -}} +{{- $sectionNames = append $sectionNames .SectionName -}} +{{- end -}} +{{- $sections := list -}} +{{- range ($sectionNames | sortAlpha) -}} +{{- $currentSectionName := . -}} +{{- range $.Sections.Sections -}} +{{- if eq .SectionName $currentSectionName -}} +{{- $thisSection := dict -}} +{{- $title := regexReplaceAll "^[0-9A-Z]+\\.\\s+" .SectionName "" -}} +{{- $link := printf "./values.yaml#L%d" (first .SectionItems).LineNumber -}} +{{- $_ := set $thisSection "SectionName" .SectionName -}} +{{- $_ := set $thisSection "SectionItems" .SectionItems -}} +{{- $_ := set $thisSection "SectionTitle" $title -}} +{{- $_ := set $thisSection "SectionHeading" (printf "[%s](%s)" $title $link) -}} +{{- $sections = append $sections $thisSection -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- if .Sections.DefaultSection.SectionItems -}} +{{- $thisSection := dict -}} +{{- $_ := set $thisSection "SectionName" .Sections.DefaultSection.SectionName -}} +{{- $_ := set $thisSection "SectionItems" .Sections.DefaultSection.SectionItems -}} +{{- $_ := set $thisSection "SectionTitle" .Sections.DefaultSection.SectionName -}} +{{- $_ := set $thisSection "SectionHeading" .Sections.DefaultSection.SectionName -}} +{{- $sections = append $sections $thisSection -}} +{{- end -}} +{{- range $sections }} + +### {{ .SectionTitle }} + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .SectionItems }} +| [{{ .Key }}](./values.yaml#L{{ .LineNumber }}) | *{{ .Type }}* | {{ template "chart.valueDefaultColumnRender" . }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | +{{- end }} +{{- end }} +{{- end -}} +{{- end -}} +{{/* +} End of functions +*/ -}} + # Document Engine Helm chart {{ template "chart.deprecationWarning" . }} @@ -8,7 +111,16 @@ {{ template "chart.homepageLine" . }} -{{ template "chart.maintainersSection" . }} +* [Using this chart](#using-this-chart) +* [Values](#values) +{{- template "chart.valuesTableOfContents" . }} +* [Contribution](#contribution) +* [License](#license) +* [Support, Issues and License Questions](#support-issues-and-license-questions) + +## Maintainers + +{{ template "chart.maintainersTable" . }} ## Using this chart @@ -40,69 +152,6 @@ The chart depends upon [Bitnami](https://github.com/bitnami/charts/tree/main/bit ## Values -{{- define "chart.valueDefaultColumnRender" -}} -{{- $defaultValue := (default .Default .AutoDefault) -}} -{{- $notationType := .NotationType }} -{{- if .Default -}} -{{- $defaultValue = (trimAll "`" (default .Default .AutoDefault) ) -}} -{{- $notationType = "json" -}} -{{- end -}} -{{- if eq $notationType "none" -}} -{{- else if eq $notationType "reference" -}} -[...](./values.yaml#L{{ .LineNumber }}) -{{- else if eq $notationType "plain" -}} -{{- $defaultValue }} -{{- else if eq $notationType "tpl" -}} -`{{ $defaultValue }}` -{{- else -}} -`{{ $defaultValue }}` -{{- end -}} -{{- end -}} - -{{ define "chart.valuesTable" }} -{{- if .Sections.Sections }} -{{- $sectionNames := list -}} -{{- range .Sections.Sections }} -{{- $sectionNames = append $sectionNames .SectionName }} -{{- end }} -{{- $sections := list -}} -{{- range ($sectionNames | sortAlpha) }} -{{- $currentSectionName := . -}} -{{- range $.Sections.Sections }} -{{- if eq .SectionName $currentSectionName }} -{{- $sections = append $sections . }} -{{- end }} -{{- end }} -{{- end }} -{{- range $sections }} - -### [{{ regexReplaceAll "^\\d+\\.\\s+" .SectionName "" }}](./values.yaml#L{{ (first .SectionItems).LineNumber }}) - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -{{- range .SectionItems }} -| [{{ .Key }}](./values.yaml#L{{ .LineNumber }}) | *{{ .Type }}* | {{ template "chart.valueDefaultColumnRender" . }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | -{{- end }} -{{- end }} -{{ if .Sections.DefaultSection.SectionItems}} - -### {{ .Sections.DefaultSection.SectionName }} - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -{{- range .Sections.DefaultSection.SectionItems }} -| [{{ .Key }}](./values.yaml#L{{ .LineNumber }}) | *{{ .Type }}* | {{ template "chart.valueDefaultColumnRender" . }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | -{{- end }} -{{ end }} -{{ else }} -| Key | Type | Default | Description | -|-----|------|---------|-------------| -{{- range .Values }} -| [{{ .Key }}](./values.yaml#L{{ .LineNumber }}) | *{{ .Type }}* | {{ template "chart.valueDefaultColumnRender" . }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | -{{- end }} -{{ end }} -{{ end }} - {{ template "chart.valuesTable" . }} ## Contribution diff --git a/charts/document-engine/values.yaml b/charts/document-engine/values.yaml index def2c59..1e55f0d 100644 --- a/charts/document-engine/values.yaml +++ b/charts/document-engine/values.yaml @@ -1,15 +1,3 @@ -# -- (object) Image settings -# @notationType -- none -image: - repository: pspdfkit/document-engine - pullPolicy: IfNotPresent - # Defaults to the Chart appVersion - tag: "" -# -- Pull secrets -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - # -- (object) License information, see more in # [our guide](https://pspdfkit.com/guides/document-engine/deployment/product-activation/) # @section -- 0. Document Engine License @@ -278,25 +266,25 @@ database: podLabels: {} # -- (object) Document lifecycle management -# @section -- 6. Lifecycle +# @section -- 6. Document lifecycle # @notationType -- none documentLifecycle: # -- (object) Regular job to remove documents from the database. # Note: currently only works with the `built-in` storage backend. - # @section -- 6. Lifecycle + # @section -- 6. Document lifecycle # @notationType -- reference cleanupJob: # -- Enable the cleanup job - # @section -- 6. Lifecycle + # @section -- 6. Document lifecycle enabled: false # -- Cleanup job schedule in cron format - # @section -- 6. Lifecycle + # @section -- 6. Document lifecycle schedule: "13 * * * *" # -- Documents TTL in hours - # @section -- 6. Lifecycle + # @section -- 6. Document lifecycle keepHours: 24 # -- Keep documents with IDs beginning with `persistent` indefinitely - # @section -- 6. Lifecycle + # @section -- 6. Document lifecycle persistentLike: "persistent%" # @ignored resources: {} @@ -507,80 +495,111 @@ documentSigningService: # @ignored password: "" +# -- (object) Document Engine Dashboard settings +# @section -- A. Dashboard +# @notationType -- none +dashboard: + # -- Enable dashboard + # @section -- A. Dashboard + enabled: true + # -- (object) Dashboard authentication + # @section -- A. Dashboard + # @notationType -- reference + auth: + # -- `DASHBOARD_USERNAME` + # @section -- A. Dashboard + username: admin + # -- `DASHBOARD_PASSWORD` — will generate a random password if not set + # @section -- A. Dashboard + password: "" + # -- (object) Use an external secret for dashboard credentials + # @section -- A. Dashboard + # @notationType -- reference + externalSecret: + # -- External secret name + # @section -- A. Dashboard + name: "" + # -- Secret key name for the username + # @section -- A. Dashboard + usernameKey: DASHBOARD_USERNAME + # -- Secret key name for the password + # @section -- A. Dashboard + passwordKey: DASHBOARD_PASSWORD + # -- (object) Observability settings -# @section -- 9. Observability +# @section -- D. Observability # @notationType -- none observability: # -- (object) Logs - # @section -- 9. Observability + # @section -- D. Observability # @notationType -- reference log: # -- `LOG_LEVEL` - # @section -- 9. Observability + # @section -- D. Observability level: info # -- `HEALTHCHECK_LOGLEVEL` — log level for health checks - # @section -- 9. Observability + # @section -- D. Observability healthcheckLevel: debug # -- (object) OpenTelemetry settings - # @section -- 9. Observability + # @section -- D. Observability # @notationType -- reference opentelemetry: # -- Enable OpenTelemetry (`ENABLE_OPENTELEMETRY`), only tracing is currently supported - # @section -- 9. Observability + # @section -- D. Observability enabled: false # -- https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ # `OTEL_EXPORTER_OTLP_ENDPOINT`, if not set, defaults to `http://localhost:4317` - # @section -- 9. Observability + # @section -- D. Observability otlpExporterEndpoint: "" # -- `OTEL_EXPORTER_OTLP_PROTOCOL`, if not set, defaults to `grpc` - # @section -- 9. Observability + # @section -- D. Observability otlpExporterProtocol: "" # -- `OTEL_SERVICE_NAME`, service name - # @section -- 9. Observability + # @section -- D. Observability otelServiceName: "" # -- `OTEL_RESOURCE_ATTRIBUTES`, resource attributes - # @section -- 9. Observability + # @section -- D. Observability otelResourceAttributes: "" # -- `OTEL_PROPAGATORS`, propagators - # @section -- 9. Observability + # @section -- D. Observability otelPropagators: "" # -- `OTEL_TRACES_SAMPLER`, should normally not be touched # to allow custom `parent_based` work, # but something like `parentbased_traceidratio` may be considered - # @section -- 9. Observability + # @section -- D. Observability otelTracesSampler: "" # -- `OTEL_TRACES_SAMPLER_ARG`, argument for the sampler - # @section -- 9. Observability + # @section -- D. Observability otelTracesSamplerArg: "" # -- (object) Metrics configuration - # @section -- 9. Observability + # @section -- D. Observability # @notationType -- reference metrics: # -- Enable metrics exporting - # @section -- 9. Observability + # @section -- D. Observability enabled: false # -- (object) StatsD parameters - # @section -- 9. Observability + # @section -- D. Observability # @notationType -- reference statsd: # -- Enable StatsD exporting, required for Prometheus exporter - # @section -- 9. Observability + # @section -- D. Observability enabled: false # -- StatsD host, `STATSD_HOST` # Set to `localhost` if using the Prometheus exporter - # @section -- 9. Observability + # @section -- D. Observability host: localhost # -- StatsD port, `STATSD_PORT` - # @section -- 9. Observability + # @section -- D. Observability port: 9125 # -- (tpl/string) StatsD custom tags, `STATSD_CUSTOM_TAGS` # @notationType -- tpl - # @section -- 9. Observability + # @section -- D. Observability # @default -- *generated* # @notationType -- plain customTags: "namespace={{ .Release.Namespace }},app={{ include \"document-engine.fullname\" . }}" # -- (object) Prometheus [ServiceMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.ServiceMonitor) - # @section -- 9. Observability + # @section -- D. Observability # @notationType -- reference serviceMonitor: enabled: false @@ -594,7 +613,7 @@ observability: honorLabels: false jobLabel: "" # -- (object) Prometheus [PrometheusRule](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.PrometheusRule) - # @section -- 9. Observability + # @section -- D. Observability # @notationType -- reference prometheusRule: enabled: false @@ -604,16 +623,18 @@ observability: # -- (object) StatsD exporter for Prometheus, not recommended for production use # Requires `observability.metrics.enabled` and `observability.metrics.statsd.enabled` -# @section -- 9. Observability +# @section -- D. Observability # @notationType -- reference prometheusExporter: # -- Enable the Prometheus exporter - # @section -- 9. Observability + # @section -- D. Observability enabled: false image: repository: prom/statsd-exporter pullPolicy: IfNotPresent tag: "v0.27.1" + # -- Prometheus metrics port + # @section -- D. Observability port: 10254 resources: requests: @@ -623,46 +644,27 @@ prometheusExporter: memory: "128Mi" cpu: "100m" -# -- (object) Document Engine Dashboard settings -# @section -- Dashboard -# @notationType -- none -dashboard: - # -- Enable dashboard - # @section -- Dashboard - enabled: true - # -- (object) Dashboard authentication - # @section -- Dashboard - # @notationType -- reference - auth: - # -- `DASHBOARD_USERNAME` - # @section -- Dashboard - username: admin - # -- `DASHBOARD_PASSWORD` — will generate a random password if not set - # @section -- Dashboard - password: "" - # -- (object) Use an external secret for dashboard credentials - # @section -- Dashboard - # @notationType -- reference - externalSecret: - # -- External secret name - # @section -- Dashboard - name: "" - # -- Secret key name for the username - # @section -- Dashboard - usernameKey: DASHBOARD_USERNAME - # -- Secret key name for the password - # @section -- Dashboard - passwordKey: DASHBOARD_PASSWORD - -# -- (object) Service -# @section -- Networking +# -- (object) Image settings +# @section -- B. Environment # @notationType -- reference -service: - type: ClusterIP - port: 5000 +image: + repository: pspdfkit/document-engine + pullPolicy: IfNotPresent + # Defaults to the Chart appVersion + tag: "" +# -- Pull secrets +# @section -- B. Environment +imagePullSecrets: [] + +# -- Release name override +# @section -- B. Metadata +nameOverride: "" +# -- Release full name override +# @section -- B. Metadata +fullnameOverride: "" # -- (object) ServiceAccount -# @section -- Pod environment +# @section -- B. Environment # @notationType -- reference serviceAccount: create: true @@ -670,11 +672,11 @@ serviceAccount: name: "" # -- Pod security context -# @section -- Pod environment +# @section -- B. Environment podSecurityContext: {} # fsGroup: 2000 # -- Security context -# @section -- Pod environment +# @section -- B. Environment securityContext: {} # capabilities: # drop: @@ -684,123 +686,151 @@ securityContext: {} # runAsUser: 1000 # -- Extra environment variables -# @section -- Pod environment +# @section -- B. Environment extraEnvs: [] # -- Extra environment variables from resources -# @section -- Pod environment +# @section -- B. Environment extraEnvFrom: [] # -- Additional volumes -# @section -- Pod environment +# @section -- B. Environment extraVolumes: [] # -- Additional volume mounts for Document Engine container -# @section -- Pod environment +# @section -- B. Environment extraVolumeMounts: [] # -- Additional containers -# @section -- Pod environment +# @section -- B. Environment sidecars: [] # -- Init containers -# @section -- Pod environment +# @section -- B. Environment initContainers: [] # -- Pod labels -# @section -- Kubernetes metadata +# @section -- B. Metadata podLabels: {} # -- Pod annotations -# @section -- Kubernetes metadata +# @section -- B. Metadata podAnnotations: {} # -- Deployment annotations -# @section -- Kubernetes metadata +# @section -- B. Metadata deploymentAnnotations: {} +# -- (object) Service +# @section -- C. Networking +# @notationType -- reference +service: + # -- Service type + # @section -- C. Networking + type: ClusterIP + # -- Service port — see also `config.port` + # @section -- C. Networking + port: 5000 + # -- (object) Ingress -# @section -- Networking +# @section -- C. Networking # @notationType -- reference ingress: + # -- Enable ingress + # @section -- C. Networking enabled: false + # -- Ingress class name + # @section -- C. Networking className: "" + # -- Ingress annotations + # @section -- C. Networking annotations: {} + # -- Hosts + # @section -- C. Networking hosts: [] - # - host: chart-example.local - # paths: - # - path: / - # pathType: ImplementationSpecific - # - path: /special - # pathType: Exact - # backend: - # service: - # name: redirect-through-annotation - # port: - # name: use-annotation + # - host: chart-example.local + # paths: + # - path: / + # pathType: ImplementationSpecific + # - path: /special + # pathType: Exact + # backend: + # service: + # name: redirect-through-annotation + # port: + # name: use-annotation + # -- Ingress TLS section + # @section -- C. Networking tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local + # - secretName: chart-example-tls + # hosts: + # - chart-example.local # -- (object) Additional ingresses, e.g. for the dashboard -# @section -- Networking +# @section -- C. Networking +# @default -- none # @notationType -- reference extraIngresses: {} -# dashboard: -# enabled: false -# className: nginx -# annotations: -# nginx.ingress.kubernetes.io/enable-cors: "true" -# hosts: -# - host: chart-example.local -# paths: -# - path: /dashboard -# pathType: Prefix -# tls: [] + # dashboard: + # enabled: false + # className: nginx + # annotations: + # nginx.ingress.kubernetes.io/enable-cors: "true" + # hosts: + # - host: chart-example.local + # paths: + # - path: /dashboard + # pathType: Prefix + # tls: [] # https://editor.networkpolicy.io/ # -- (object) [Network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) -# @section -- Networking +# @section -- C. Networking # @notationType -- reference networkPolicy: + # -- Enable network policy + # @section -- C. Networking enabled: true labels: {} annotations: {} - # Allow access from anywhere + # -- Allow access from anywhere + # @section -- C. Networking allowExternal: true - # Extra ingress rules + # -- Additional ingress rules + # @section -- C. Networking extraIngress: [] - # - ports: - # - port: 5000 - # from: - # - podSelector: - # - matchLabels: - # - role: frontend - # - podSelector: - # - matchExpressions: - # - key: role - # operator: In - # values: - # - frontend - - # Allow traffic from other namespaces + # - ports: + # - port: 5000 + # from: + # - podSelector: + # - matchLabels: + # - role: frontend + # - podSelector: + # - matchExpressions: + # - key: role + # operator: In + # values: + # - frontend + # -- Allow traffic from other namespaces + # @section -- C. Networking ingressMatchSelectorLabels: [] # - namespaceSelectorLabels: {} # podSelectorLabels: {} - # Allow the pod to access any range of port and all destinations. + # -- Allow the pod to access any range of port and all destinations. + # @section -- C. Networking allowExternalEgress: true - # Extra egress rules + # -- Extra egress rules + # @section -- C. Networking extraEgress: [] - # - ports: - # - port: 80 - # to: - # - podSelector: - # - matchLabels: - # - role: some-storage - # - podSelector: - # - matchExpressions: - # - key: role - # operator: In - # values: - # - some-storage + # - ports: + # - port: 80 + # to: + # - podSelector: + # - matchLabels: + # - role: some-storage + # - podSelector: + # - matchExpressions: + # - key: role + # operator: In + # values: + # - some-storage # -- (object) [Startup probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) -# @section -- Pod lifecycle +# @section -- F. Pod lifecycle # @notationType -- reference startupProbe: httpGet: @@ -813,7 +843,7 @@ startupProbe: successThreshold: 1 failureThreshold: 5 # -- (object) [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) -# @section -- Pod lifecycle +# @section -- F. Pod lifecycle # @notationType -- reference livenessProbe: httpGet: @@ -826,7 +856,7 @@ livenessProbe: successThreshold: 1 failureThreshold: 3 # -- (object) [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) -# @section -- Pod lifecycle +# @section -- F. Pod lifecycle # @notationType -- reference readinessProbe: httpGet: @@ -840,14 +870,14 @@ readinessProbe: failureThreshold: 3 # -- [Lifecycle](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) -# @section -- Pod lifecycle +# @section -- F. Pod lifecycle lifecycle: {} # preStop: # exec: # command: ["/bin/sh", "-c", "sleep 180"] # -- (object) [Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) -# @section -- Scheduling +# @section -- G. Scheduling # @notationType -- reference autoscaling: enabled: false @@ -874,19 +904,19 @@ autoscaling: # selectPolicy: Max # -- [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) -# @section -- Scheduling +# @section -- G. Scheduling resources: {} # -- Number of replicas -# @section -- Scheduling +# @section -- G. Scheduling replicaCount: 1 # -- [Update strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) -# @section -- Scheduling +# @section -- G. Scheduling updateStrategy: type: RollingUpdate rollingUpdate: {} # -- (object) [Pod disruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) -# @section -- Scheduling +# @section -- G. Scheduling # @notationType -- reference podDisruptionBudget: create: false @@ -894,29 +924,29 @@ podDisruptionBudget: maxUnavailable: "" # -- [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) -# @section -- Scheduling +# @section -- G. Scheduling nodeSelector: {} # -- Node affinity -# @section -- Scheduling +# @section -- G. Scheduling affinity: {} # -- [Node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) -# @section -- Scheduling +# @section -- G. Scheduling tolerations: [] # -- [Topology spread constraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/) -# @section -- Scheduling +# @section -- G. Scheduling topologySpreadConstraints: [] # -- [Priority classs](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) -# @section -- Scheduling +# @section -- G. Scheduling priorityClassName: "" # -- [Scheduler](https://kubernetes.io/docs/concepts/scheduling-eviction/kube-scheduler/) -# @section -- Scheduling +# @section -- G. Scheduling schedulerName: "" # -- [Termination grace period](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/) -# @section -- Scheduling +# @section -- G. Scheduling terminationGracePeriodSeconds: "" # -- [External PostgreSQL database chart](https://github.com/bitnami/charts/tree/main/bitnami/postgresql) -# @section -- Dependencies +# @section -- Z. Chart dependencies # @notationType -- reference postgresql: enabled: false @@ -938,7 +968,7 @@ postgresql: database: document-engine # -- [External MinIO chart](https://github.com/bitnami/charts/tree/main/bitnami/minio) -# @section -- Dependencies +# @section -- Z. Chart dependencies # @notationType -- reference minio: enabled: false @@ -950,7 +980,7 @@ minio: disableWebUI: true # -- [External Redis chart](https://github.com/bitnami/charts/tree/main/bitnami/redis) -# @section -- Dependencies +# @section -- Z. Chart dependencies # @notationType -- reference redis: enabled: false