Values file

The values.yaml file lets you install IDE Services to a Kubernetes cluster. For details, refer to Install IDE Services in a Kubernetes cluster.

Get values.yaml for IDE Services

Run the following command:
helm show values oci://docker.io/jetbrains/ide-services-helm > values.yaml

Get values.yaml for Code With Me Relay

Run the following command:
helm show values oci://docker.io/jetbrains/code-with-me-relay-helm > values.yaml

Application parameters

The IDE Services Helm chart supports commonly used Kubernetes parameters and application parameters.

ides.config.javaOpts

If necessary, specify additional Java options to pass to the application container.

ides.config.additionalEnvs

If necessary, specify additional environmental variables to pass to the application container.

ides.config.deploymentURL

Specify a public URL to access IDE Services's Web UI. This URL is displayed to the end users in the browser.

ides.config.allowedOrigins

If necessary, provide a list of CORS origins allowed by the IDE Services Server.

ides.config.loggingLevel

Set the highest logging level to display in the logs (for root).

You can change the logging level of any package. To disable logging, set WARN as a value.

ides.config.intellijPlugin.pluginRepositoryType

Specify the source for obtaining plugins. Possible values:

TBE: specify this option if you want IDE Services to install plugins from the local plugin repository. Use this option when working in offline mode.
MARKETPLACE: specify this option if you want IDE Services to search for plugins externally on the marketplace.

ides.config.additionalSecrets

Specify additional secrets in the key=value format. The suffix parameter determines the path to the secret content in the file system. The secretName parameter defines the name of an existing user secret. The values from the secret can be used in the application configuration by using placeholders, for instance, ${okta.secret}.

Example:

                    additionalSecrets:
                        - suffix: "okta"
                        secretName: "company-okta-secret"
                

ides.config.configCustomization

Use this parameter to pass any configurations supported by application.yaml. For more details, refer to Server configuration file.

In case of intersection, the values passed in the ides.config.configCustomization property override the existing application configuration. For example, if you configure your database in both the ides.config.configCustomization and ides.config.db properties, the former configuration overrides the latter.

Database

ides.config.db.host

Specify a PostgreSQL host.

ides.config.db.database

Specify the name of the PostgreSQL database, to which the IDE Services Server should connect and use.

ides.config.db.user

Specify a username to connect to the PostgreSQL database.

ides.config.db.password

Specify a password to connect to the PostgreSQL database.

ides.config.db.secretName

In case you're using a secret to store database details, specify the secret name.

When creating a secret, use the following format:

                    apiVersion: v1
                    kind: Secret
                    type: Opaque
                    metadata:
                        name: <secret-name>
                    data:
                        host: ""
                        database: ""
                        user: ""
                        password: ""
                

Object storage

ides.config.storage.secretName

In case you're using a secret to store object storage details, specify the secret name.

When creating a secret, use the following format:

                            apiVersion: v1
                            kind: Secret
                            type: Opaque
                            metadata:
                                name: <secret-name>
                            data:
                                bucket: ""
                                url: ""
                                access-key: ""
                                secret-key: ""
                                s3-region: ""
                        

                            apiVersion: v1
                            kind: Secret
                            type: Opaque
                            metadata:
                                name: <secret-name>
                            data:
                                container:  ""
                                connection-string: ""
                                account-name: ""
                                account-key: ""
                                endpoint:  ""
                                check-container: true/false
                        

For more information, refer to Object storage.

ides.config.storage.type

Defines the object storage type used for the IDE Services Server: s3 or azure. Depending on the specified type, you need to set up a connection to the storage of your choice.

S3

ides.config.storage.s3.url: Specify a URL to access your S3 bucket.
ides.config.storage.s3.bucket: Specify the name of your S3 bucket.
ides.config.storage.s3.accessKey: Provide a unique key to access the S3-compatible storage.
ides.config.storage.s3.secretKey: Provide a secret key to pair with the unique access key.
ides.config.storage.s3.s3Region: Specify a region that you selected during S3 bucket creation. The default value is us-east-1.

Azure

In order to connect to Azure object storage, you need to provide either a connection string or a combination of the account name, key, and endpoint.

ides.config.storage.azure.connectionString: Provide a connection string to authorize requests to Azure storage.
ides.config.storage.azure.container: Specify the name of the Azure container to connect.
ides.config.storage.azure.accountKey: Provide an account key to authorize requests to Azure storage.
ides.config.storage.azure.accountName: Provide an account name to authorize requests to Azure storage.
ides.config.storage.azure.endpoint: Provide the blob service endpoint to access the Azure server.
ides.config.storage.azure.checkContainer: Enables the check that verifies the existence of the specified Azure container on every application start.

OAuth2 provider

ides.config.auth.login-url"

Provide a URL for logging in via your selected authentication provider.

ides.config.auth.token-url

Provide a URL for obtaining an authorization token on the side of your authentication provider.

ides.config.auth.jwt-certs-url

Specify a URL to the JSON Web Key (JWK) set that is used to validate JSON Web Tokens (JWT).

ides.config.auth.client-id

Specify a public identifier for IDE Services that you set when configuring your authentication provider.

ides.config.auth.client-secret

Specify a secret for IDE Services that you set when configuring your authentication provider.

ides.config.auth.required-scopes

Define scopes that will be available to IDE Services when accessing a user account.

ides.config.auth.root-admin-emails

List emails of users that will receive admin rights.

ides.config.auth.login-url-prompt-param

Defines whether the user should be prompted with a login dialog. Specify one of the following:

login: use this value to show the login dialog to the user.
none: use this value to skip showing the login dialog to the user.

Available for: OneLogin.

ides.config.auth.use-id-token-as-access-token

Allows for using id tokens to authenticate users.

Available for: Google.

ides.config.auth.secretName

In case you're using a secret to store details of the authentication provider, specify the secret name.

When creating a secret, use the following format:

                    apiVersion: v1
                    kind: Secret
                    type: Opaque
                    metadata:
                        name: <secret-name>
                    stringData:
                        auth.yaml: |
                            tbe:
                                auth:
                                    <Your OAuth 2.0 configuration>
                

For more information, refer to Authorization and authentication.

ides.config.auth.saml.enabled

Enables the use of SAML.

ides.config.auth.saml.sp-id

If necessary, specify a unique identifier for IDE Services, which can be used in requests to an external SAML identity provider.

ides.config.auth.saml.sp-x509cert

Provide the content of local.crt. This value is used to publish the metadata provided in the certificate.

ides.config.auth.saml.sp-private-key

Provide the content of local.key. This value is used for generating a signature and decrypting a SAMLResponse.

ides.config.auth.saml.sso-url

An external endpoint of the SAML identity provider used for Single Sign-On. This value can be obtained from an external IdP configuration.

ides.config.auth.saml.idp-id

Specify an identifier of the identity provider.

ides.config.auth.saml.idp-x509cert

Provide the X509 certificate. This value is used to validate signatures of IdP responses.

ides.config.auth.saml.cert-algorithm

Specify SHA-256 as a certificate signing algorithm.

ides.config.auth.saml.idp-http-method

Specify the HTTP method type to use in sign-on requests. Possible values: GET, POST.

ides.config.auth.saml.attribute-mapping.email

If the email field is named differently on the identity provider's side, specify the field name.

ides.config.auth.saml.attribute-mapping.firstName

If the firstName field is named differently on the identity provider's side, specify the field name.

ides.config.auth.saml.attribute-mapping.lastName

If the lastName field is named differently on the identity provider's side, specify the field name.

ides.config.auth.saml.attribute-mapping.fullName

If the fullName field is named differently on the identity provider's side, specify the field name.

Offline mode

ides.config.offlineMode.enabled: Allows running the IDE Services Server in offline mode.
ides.config.offlineMode.mappingPath: Specify the location of the offline.json file in the object storage.

Last modified: 13 May 2024