Values File
The values.yaml file lets you install Space On-Premises to a Kubernetes cluster. For details, refer to Kubernetes Installation. To download values.yaml, follow this link.
Global parameters
Name | Description | Value |
|---|---|---|
| URL of the registry with images of Space components |
|
| Registry credentials. Specify not the credentials but the corresponding secrets |
|
| Space application log format: plaintext or json |
|
| Log verbosity: INFO, ERROR, DEBUG, TRACE |
|
| Enables/disables Helm test hooks |
|
Common parameters
Name | Description | Value |
|---|---|---|
| Kubernetes version |
|
| Prefix that partially overrides the lib.name in the templates |
|
| Name that overrides the lib.name in the templates |
|
| Key/value map of labels that is applied to all resources in the templates |
|
| Key/value map of annotations that is applied to all resources in the templates |
|
| Name that overrides the lib.namespace in the templates |
|
Space application
Name | Description | Value |
|---|---|---|
| URL of the container registry |
|
| URL of the container repository |
|
| Image version |
|
| Pull policy of the container image |
|
| Registry credentials. Specify not the credentials but the corresponding secrets |
|
| Overrides the default application configuration |
|
| Initial number of pods for the application |
|
| Custom pod labels |
|
| Custom pod annotations |
|
| Additional environment variables |
|
| Additional settings included in the JAVA_OPTS environment variable |
|
| Max CPU available for a pod (resource request) |
|
| Max memory available for a pod (resource request) |
|
| Min CPU available for a pod (resource limit) |
|
| Min memory available for a pod (resource limit) |
|
| Space API port number |
|
| Space web UI port number |
|
| Additional annotations |
|
| Enables/disables security context |
|
| Group ID that has access to the filesystem at run-time |
|
| Enables/disables security context |
|
| ID of the user who runs the process |
|
| Specifies if the process can run under the root user |
|
| Specifies if the process can get more permissions at run-time |
|
| Specifies if the root filesystem of the process is read-only |
|
| List of Kernel capabilities that the process is not allowed to use |
|
| Enables/disables livenessProbe |
|
| Initial delay in seconds before taking the first livenessProbe |
|
| Period of taking livenessProbe in seconds |
|
| Timeout of livenessProbe in seconds |
|
| Number of retries if livenessProbe fails |
|
| Min consecutive successes for livenessProbe to be considered successful |
|
| Enables/disables readinessProbe |
|
| Initial delay in seconds before taking the first readinessProbe |
|
| Period of taking readinessProbe in seconds |
|
| Timeout of readinessProbe in seconds |
|
| Number of retries if readinessProbe fails |
|
| Min consecutive successes for readinessProbe to be considered successful |
|
| Enables/disables readinessProbe |
|
| Initial delay in seconds before taking the first startupProbe |
|
| Period of taking startupProbe in seconds |
|
| Timeout of startupProbe in seconds |
|
| Number of retries if startupProbe fails |
|
| Min consecutive successes for startupProbe to be considered successful |
|
| Specifies whether to create a service account |
|
| Service account name |
|
| Specifies if the account can mount the access token from the Kubernetes API |
|
| Key/value map of annotations |
|
| Enables/disables autoscaling |
|
| Minimum number of pods |
|
| Maximum number of pods |
|
| CPU utilization threshold |
|
| Memory utilization threshold |
|
| Main encryption key |
|
| Webhook encryption key |
|
| Enables/disables reCAPTCHA |
|
| reCAPTCHA version |
|
| siteKey used for identifying the application |
|
| secretKey used for authentication with reCAPTCHA |
|
| Name of the external secret with reCAPTCHA settings |
|
| First name |
|
| Last name |
|
| Username |
|
| Password |
|
|
| |
| Name of the main secret |
|
| Enables/disables outgoing mail from Space |
|
| Username of the SMTP server account that will be used to send email |
|
| Password of the SMTP server account that will be used to send email |
|
| SMTP server hostname |
|
| (Required) SMTP server port. Typically, 25 or 2525 |
|
| Mail server protocol. Typically, SSL, TLS or SMTP |
|
| (Required) Email address. Space will use it to send email |
|
| Waiting time aggregation in seconds |
|
| Outgoing mail limit in emails per second |
|
| Waiting queue name |
|
| Name of the external secret with mail server credentials |
|
| X.509-encoded public key for issuing access tokens by the OAuth 2.0 authentication server |
|
| PKCS#8-encoded 4096-bit private key for issuing access tokens by the OAuth 2.0 authentication server. |
|
| 128-bit key. To generate, run $(openssl rand -base64 16) |
|
| 128-bit key. To generate, run $(openssl rand -base64 16) |
|
| 128-bit key. To generate, run $(openssl rand -base64 16) |
|
| X.509-encoded public key for signing/verifying outgoing messages to external applications |
|
| PKCS#8-encoded 4096-bit private key for signing/verifying outgoing messages to external applications |
|
| Name of the external secret with authentication server settings |
|
| License string |
|
| Database hostname |
|
| Database port |
|
| Database name |
|
| Database username |
|
| Database password |
|
| Name of the external secret with database settings |
|
| Size of the idle pool |
|
| Redis hostname |
|
| Redis port |
|
| (Optional) Redis username |
|
| (Optional) Redis password |
|
| Name of the external secret with Redis settings |
|
| Region where the bucket is located |
|
| Bucket name |
|
| "true" if the bucket exists or "false" otherwise |
|
| Storage URL |
|
| Storage access key |
|
| Storage secret key |
|
| Name of the external secret with storage settings |
|
| Elasticsearch hostname |
|
| Elasticsearch port |
|
| Elasticsearch prefix |
|
| Bearer authentication token |
|
| API key for ApiKey authentication |
|
| Username for Basic authentication |
|
| Password for Basic authentication |
|
| Name of the external secret with Elasticsearch settings |
|
| Elasticsearch audit hostname |
|
| Elasticsearch audit port |
|
| Bearer authentication token |
|
| API key for ApiKey authentication |
|
| Username for Basic authentication |
|
| Password for Basic authentication |
|
| Name of the external secret with Elasticsearch audit settings |
|
| Elasticsearch metrics hostname |
|
| Elasticsearch metrics port |
|
| Bearer authentication token |
|
| API key for ApiKey authentication |
|
| Username for Basic authentication |
|
| Password for Basic authentication |
|
| Name of the external secret with Elasticsearch metrics settings |
|
| Git hosting URL |
|
| Git authentication token. Space and VCS must refer to the same value: vcs.secrets.spaceAccessKey. |
|
| Name of the external secret with VCS settings |
|
| Space URL |
|
| List of additional Space URLs |
|
| Packages URL |
|
| Region where the log storage bucket is located |
|
| Log storage bucket name |
|
| "true" if the bucket exists or "false" otherwise |
|
| Log storage URL |
|
| Log storage access key |
|
| Log storage secret key |
|
| Name of the external secret with log storage settings |
|
| Container image registry |
|
| Repository with the Automation worker image |
|
| Version of the Automation worker image |
|
| Region where the worker storage bucket is located |
|
| Worker storage bucket name |
|
| "true" if the bucket exists or "false" otherwise |
|
| Worker storage URL |
|
| Worker storage access key |
|
| Worker storage secret key |
|
| Тame of the external secret with worker storage settings |
|
| Container image registry |
|
| Repository with the Automation builder image |
|
| Version of the Automation builder image |
|
| Container image registry |
|
| Repository with the Automation DSL compiler image |
|
| Version of the Automation DSL compiler image |
|
| Region where the DSL compiler storage bucket is located |
|
| DSL compiler storage bucket name |
|
| "true" if the bucket exists or "false" otherwise |
|
| DSL compiler storage URL |
|
| DSL compiler storage access key |
|
| DSL compiler storage secret key |
|
| Name of the external secret with the DSL compiler storage settings |
|
| Container image registry |
|
| Repository with the Automation compose image |
|
| Automation compose image version |
|
| Enables/disables Ingress for routing inbound traffic |
|
| Ingress path type |
|
| Ingress hostname |
|
| Key/value map with annotations |
|
| Enables/disables TLS for the hostname |
|
| Specifies whether to create a self-signed certificate for $parent.hostname |
|
| Ingress path array |
|
| Ingress extra paths |
|
| Additional TLS configuration |
|
| Name of the external secret for $parent.hostname |
|
| IngressClass name |
|
| Additional Ingress rules |
|
| Container image registry |
|
| Repository with the Redis image |
|
| Version of the Redis image |
|
| Redis image pull policy |
|
| Container image registry |
|
| Repository with the PostgreSQL image |
|
| Version of the PostgreSQL image |
|
| PostgreSQL image pull policy |
|
| Container image registry |
|
| Repository with the BusyBox image |
|
| Version of the BusyBox image |
|
| BusyBox image pull policy |
|
| Max CPU available for a pod (resource request) |
|
| Max memory available for a pod (resource request) |
|
| Min CPU available for a pod (resource limit) |
|
| Min memory available for a pod (resource limit) |
|
| Enables/disables Security Context |
|
| ID of the user who runs the process |
|
| Specifies if the process can run under the root user |
|
| Specifies if the process can get more permissions at run-time |
|
| Specifies if the root filesystem of the process is read-only |
|
| List of Kernel capabilities that the process is not allowed to use |
|
VCS
Name | Description | Value |
|---|---|---|
| Container image registry |
|
| Repository with the VCS image |
|
| Version of the VCS image |
|
| VCS image pull policy |
|
| Name of the external secret with registry credentials |
|
| Overrides the default VCS application configuration |
|
| Initial number of pods for the application |
|
| Custom pod labels |
|
| Custom pod annotations |
|
| Additional environment variables |
|
| Additional settings included in the JAVA_OPTS environment variable |
|
| Max CPU available for a pod (resource request) |
|
| Max memory available for a pod (resource request) |
|
| Min CPU available for a pod (resource limit) |
|
| Min memory available for a pod (resource limit) |
|
| VCS API port number |
|
| SSH port number |
|
| Additional annotations |
|
| Enable external service exposure |
|
| External service type |
|
| External service port |
|
| Additional annotations |
|
| Enables/disables security context |
|
| Group ID that has access to the filesystem at run-time |
|
| Enables/disables security context |
|
| ID of the user who runs the process |
|
| Specifies if the process can run under the root user |
|
| Specifies if the process can get more permissions at run-time |
|
| Specifies if the root filesystem of the process is read-only |
|
| List of Kernel capabilities that the process is not allowed to use |
|
| Enables/disables livenessProbe |
|
| Initial delay in seconds before taking the first livenessProbe |
|
| Period of taking livenessProbe in seconds |
|
| Timeout of livenessProbe in seconds |
|
| Number of retries if livenessProbe fails |
|
| Min consecutive successes for livenessProbe to be considered successful |
|
| Enables/disables readinessProbe |
|
| Initial delay in seconds before taking the first readinessProbe |
|
| Period of taking readinessProbe in seconds |
|
| Timeout of readinessProbe in seconds |
|
| Number of retries if readinessProbe fails |
|
| Min consecutive successes for readinessProbe to be considered successful |
|
| Specifies whether to create a service account |
|
| Service account name |
|
| Specifies if the account can mount the access token from the Kubernetes API |
|
| Key/value map of annotations |
|
| Enables/disables autoscaling |
|
| Minimum number of pods |
|
| Maximum number of pods |
|
| CPU utilization threshold |
|
| Memory utilization threshold |
|
| Event bus architecture |
|
| Event bus hostname |
|
| Event bus port |
|
| (Optional) Username for accessing the event bus service |
|
| (Optional) Password for accessing the event bus service |
|
| Name of the external secret with event bus settings |
|
| Region where the VCS storage bucket is located |
|
| VCS storage bucket name |
|
| VCS storage URL |
|
| VCS storage access key |
|
| VCS storage secret key |
|
| Name of the external secret with the VCS storage settings |
|
| Database name |
|
| Database hostname |
|
| Database port |
|
| Database username |
|
| Database password |
|
| Name of the external secret with the database settings |
|
| 2048-bit RSA private key the VCS server will use to respond on the SSH port |
|
| Here you must specify the same value as in space.vcs.token |
|
| Name of the external secret with the secrets settings |
|
| Public URL of the VCS server |
|
| External URL for the Space application |
|
| Enables/disables Ingress for routing VCS traffic |
|
| Ingress path type |
|
| Ingress hostname |
|
| Key/value map with annotations |
|
| Enables/disables TLS for the hostname |
|
| Specifies whether to create a self-signed certificate for $parent.hostname |
|
| Ingress path array |
|
| Ingress extra paths |
|
| Additional TLS configuration |
|
| Name of the external secret for $parent.hostname |
|
| IngressClass name |
|
| Additional Ingress rules |
|
| Container image registry |
|
| Repository with the Redis image |
|
| Version of the Redis image |
|
| Redis image pull policy |
|
| Container image registry |
|
| Repository with the PostgreSQL image |
|
| Version of the PostgreSQL image |
|
| PostgreSQL image pull policy |
|
| Container image registry |
|
| Repository with the BusyBox image |
|
| Version of the BusyBox image |
|
| BusyBox image pull policy |
|
| Max CPU available for a pod (resource request) |
|
| Max memory available for a pod (resource request) |
|
| Min CPU available for a pod (resource limit) |
|
| Min memory available for a pod (resource limit) |
|
| Enables/disables Security Context |
|
| ID of the user who runs the process |
|
| Specifies if the process can run under the root user |
|
| Specifies if the process can get more permissions at run-time |
|
| Specifies if the root filesystem of the process is read-only |
|
| List of Kernel capabilities that the process is not allowed to use |
|
Packages
Name | Description | Value |
|---|---|---|
| Container image registry |
|
| Repository with the Packages image |
|
| Version of the Packages image |
|
| Packages image pull policy |
|
| Name of the external secret with registry credentials |
|
| Overrides the default Packages application configuration |
|
| Initial number of pods for the application |
|
| Custom pod labels |
|
| Custom pod annotations |
|
| Additional environment variables |
|
| Additional settings included in the JAVA_OPTS environment variable |
|
| Max CPU available for a pod (resource request) |
|
| Max memory available for a pod (resource request) |
|
| Min CPU available for a pod (resource limit) |
|
| Min memory available for a pod (resource limit) |
|
| Port number of the Packages external API |
|
| Port number of the Packages internal API |
|
| Additional annotations |
|
| Enables/disables security context |
|
| Group ID that has access to the filesystem at run-time |
|
| Enables/disables security context |
|
| ID of the user who runs the process |
|
| Specifies if the process can run under the root user |
|
| Specifies if the process can get more permissions at run-time |
|
| Specifies if the root filesystem of the process is read-only |
|
| List of Kernel capabilities that the process is not allowed to use |
|
| Enables/disables livenessProbe |
|
| Initial delay in seconds before taking the first livenessProbe |
|
| Period of taking livenessProbe in seconds |
|
| Timeout of livenessProbe in seconds |
|
| Number of retries if livenessProbe fails |
|
| Min consecutive successes for livenessProbe to be considered successful |
|
| Enables/disables readinessProbe |
|
| Initial delay in seconds before taking the first readinessProbe |
|
| Period of taking readinessProbe in seconds |
|
| Timeout of readinessProbe in seconds |
|
| Number of retries if readinessProbe fails |
|
| Min consecutive successes for readinessProbe to be considered successful |
|
| Enables/disables readinessProbe |
|
| Initial delay in seconds before taking the first startupProbe |
|
| Period of taking startupProbe in seconds |
|
| Timeout of startupProbe in seconds |
|
| Number of retries if startupProbe fails |
|
| Min consecutive successes for startupProbe to be considered successful |
|
| Specifies whether to create a service account |
|
| Service account name |
|
| Specifies if the account can mount the access token from the Kubernetes API |
|
| Key/value map of annotations |
|
| Enables/disables autoscaling |
|
| Minimum number of pods |
|
| Maximum number of pods |
|
| CPU utilization threshold |
|
| Memory utilization threshold |
|
| Database hostname |
|
| Database port |
|
| Database name |
|
| Database username |
|
| Database password |
|
| Name of the external secret with the database settings |
|
| Size of the idle pool |
|
| Redis hostname |
|
| Redis port |
|
| (Optional) Redis username |
|
| (Optional) Redis password |
|
| Name of the external secret with Redis settings |
|
| Region where the bucket is located |
|
| Bucket name |
|
| "true" if the bucket exists or "false" otherwise |
|
| Storage URL, accessible both by the k8s pods and external clients. |
|
| Storage access key |
|
| Storage secret key |
|
| Name of the external secret with storage settings |
|
| Elasticsearch hostname |
|
| Elasticsearch port |
|
| Elasticsearch prefix |
|
| Bearer authentication token |
|
| API key for ApiKey authentication |
|
| Username for Basic authentication |
|
| Password for Basic authentication |
|
| Name of the external secret with Elasticsearch settings |
|
| Public URL |
|
| Internal URL |
|
| Client Id used for interaction between Space and Packages API |
|
| Client secret used for interaction between Space and Packages API |
|
| Name of the external secret with Packages settings |
|
| Public URL |
|
| Internal URL |
|
| Enables/disables Ingress for routing inbound traffic |
|
| Ingress path type |
|
| Ingress hostname |
|
| Key/value map with annotations |
|
| Enables/disables TLS for the hostname |
|
| Specifies whether to create a self-signed certificate for $parent.hostname |
|
| Ingress path array |
|
| Ingress extra paths |
|
| Additional TLS configuration |
|
| Name of the external secret for $parent.hostname |
|
| IngressClass name |
|
| Additional Ingress rules |
|
| Container image registry |
|
| Repository with the Redis image |
|
| Version of the Redis image |
|
| Redis image pull policy |
|
| Container image registry |
|
| Repository with the PostgreSQL image |
|
| Version of the PostgreSQL image |
|
| PostgreSQL image pull policy |
|
| Container image registry |
|
| Repository with the BusyBox image |
|
| Version of the BusyBox image |
|
| BusyBox image pull policy |
|
| Max CPU available for a pod (resource request) |
|
| Max memory available for a pod (resource request) |
|
| Min CPU available for a pod (resource limit) |
|
| Min memory available for a pod (resource limit) |
|
| Enables/disables Security Context |
|
| ID of the user who runs the process |
|
| Specifies if the process can run under the root user |
|
| Specifies if the process can get more permissions at run-time |
|
| Specifies if the root filesystem of the process is read-only |
|
| List of Kernel capabilities that the process is not allowed to use |
|
Lang-service
Name | Description | Value |
|---|---|---|
| Container image registry |
|
| Repository with the Langservice image |
|
| Version of the Langservice image |
|
| Langservice image pull policy |
|
| Name of the external secret with registry credentials |
|
| Overrides the default Langservice application configuration |
|
| Initial number of pods for the application |
|
| Custom pod labels |
|
| Custom pod annotations |
|
| Additional environment variables |
|
| Additional settings included in the JAVA_OPTS environment variable |
|
| Max CPU available for a pod (resource request) |
|
| Max memory available for a pod (resource request) |
|
| Min CPU available for a pod (resource limit) |
|
| Min memory available for a pod (resource limit) |
|
| Langservice port number |
|
| Additional annotations |
|
| Enables/disables security context |
|
| Group ID that has access to the filesystem at run-time |
|
| Enables/disables security context |
|
| ID of the user who runs the process |
|
| Specifies if the process can run under the root user |
|
| Specifies if the process can get more permissions at run-time |
|
| Specifies if the root filesystem of the process is read-only |
|
| List of Kernel capabilities that the process is not allowed to use |
|
| Specifies whether to create a service account |
|
| Service account name |
|
| Specifies if the account can mount the access token from the Kubernetes API |
|
| Key/value map of annotations |
|
| Enables/disables autoscaling |
|
| Minimum number of pods |
|
| Maximum number of pods |
|
| CPU utilization threshold |
|
| Memory utilization threshold |
|
| Enables/disables livenessProbe |
|
| Initial delay in seconds before taking the first livenessProbe |
|
| Period of taking livenessProbe in seconds |
|
| Timeout of livenessProbe in seconds |
|
| Number of retries if livenessProbe fails |
|
| Min consecutive successes for livenessProbe to be considered successful |
|
| Enables/disables readinessProbe |
|
| Initial delay in seconds before taking the first readinessProbe |
|
| Period of taking readinessProbe in seconds |
|
| Timeout of readinessProbe in seconds |
|
| Number of retries if readinessProbe fails |
|
| Min consecutive successes for readinessProbe to be considered successful |
|
Compute-service
Name | Description | Value |
|---|---|---|
| Enables/disables Space automation and remote development |
|
| Enables/disables creating namespace |
|
| URL of the container registry |
|
| URL of the container repository |
|
| Image version |
|
| Pull policy of the container image |
|
| Registry credentials. Specify not the credentials but the corresponding secrets |
|
| Enables/disables autoscaling |
|
| Minimum number of pods |
|
| Maximum number of pods |
|
| CPU utilization threshold |
|
| Memory utilization threshold |
|
| Database hostname |
|
| Database port |
|
| Database name |
|
| Database username |
|
| Database password |
|
| Name of the external secret with the database settings |
|
| Size of the idle pool |
|
| jobs namespace suffix |
|
| ComputeService worker image registry |
|
| Repository with the ComputeService worker image |
|
| Version of the ComputeService worker image |
|
| Size of volume which will be mapped to task root dir: will allow to isolate IOPS amd do not use node space |
|
| Volume mapping inside container |
|
| for test purposes when DNS is not available, example: "10.0.0.1:vcs.service.local,10.0.0.1:packages.service.local" |
|
| set true for using https://github.com/nestybox/sysbox and disable privileged mode |
|
| "sysbox-runc" by default |
|
| "io.kubernetes.cri-o.userns-mode;auto:size=65536" |
|
| Number of ComputeService pods. |
|
| CPU resource limit for a ComputeService pod |
|
| Memory resource limit for a ComputeService pod |
|
| CPU resource request for a ComputeService pod |
|
| CPU resource request for a ComputeService pod |
|
| Name of the oAuth client that the Space and ComputeService applications will use to communicate with each other. |
|
| Symmetric 256-bit string the Space and ComputeService applications will use to communicate with each other. |
|
| Java Options values you want to pass to the ComputeService application. |
|
| External port of the ComputeService service. The Space service must be able to connect to it inside the namespace. |
|
| Internal port of the ComputeService service. The Space service must be able to connect to it inside the namespace. |
|
|
| |
| enable jobs affinity |
|
| used for sending jobs to nodes with such label key |
|
| used for sending jobs to nodes with such label value |
|
| upper limit for healthy and unhealthy workers in total |
|
| max scale out step per 30 seconds. "1" means to scale out max 1 worker instance per 30 sec. |
|
| upper limit for the number of idle healthy workers waiting for new tasks |
|
| lower limit for the number of idle healthy workers waiting for new tasks |
|
| healthy worker inactivity period after which workers are marked for the rotation for security reason |
|
| % of free workers which should be available for immediate picking tasks, |
|