Values File
The values.yaml file lets you install Space On-Premises to a Kubernetes cluster. For details, refer to Kubernetes Installation. To get values.yaml, run
Global parameters
Name | Description | Value |
|---|---|---|
| URL of the registry with images of Space components |
|
| Registry credentials. Specify not the credentials but the corresponding secrets |
|
| Space application log format: plaintext or json |
|
| Log verbosity: INFO, ERROR, DEBUG, TRACE |
|
| Enables/disables Helm test hooks |
|
Common parameters
Name | Description | Value |
|---|---|---|
| Kubernetes version |
|
| Prefix that partially overrides the lib.name in the templates |
|
| Name that overrides the lib.name in the templates |
|
| Key/value map of labels that is applied to all resources in the templates |
|
| Key/value map of annotations that is applied to all resources in the templates |
|
| Name that overrides the lib.namespace in the templates |
|
Space application
Name | Description | Value |
|---|---|---|
| URL of the container registry |
|
| URL of the container repository |
|
| Image version |
|
| Pull policy of the container image |
|
| Registry credentials. Specify not the credentials but the corresponding secrets |
|
| Overrides the default application configuration |
|
| Initial number of pods for the application |
|
| Custom pod labels |
|
| Custom pod annotations |
|
| Additional environment variables |
|
| Additional settings included in the JAVA_OPTS environment variable |
|
| Max CPU available for a pod (resource request) |
|
| Max memory available for a pod (resource request) |
|
| Min CPU available for a pod (resource limit) |
|
| Min memory available for a pod (resource limit) |
|
| Space API port number |
|
| Space web UI port number |
|
| Additional annotations |
|
| Enables/disables security context |
|
| Group ID that has access to the filesystem at run-time |
|
| Enables/disables security context |
|
| ID of the user who runs the process |
|
| Specifies if the process can run under the root user |
|
| Specifies if the process can get more permissions at run-time |
|
| Specifies if the root filesystem of the process is read-only |
|
| List of Kernel capabilities that the process is not allowed to use |
|
| Enables/disables livenessProbe |
|
| Initial delay in seconds before taking the first livenessProbe |
|
| Period of taking livenessProbe in seconds |
|
| Timeout of livenessProbe in seconds |
|
| Number of retries if livenessProbe fails |
|
| Min consecutive successes for livenessProbe to be considered successful |
|
| Enables/disables readinessProbe |
|
| Initial delay in seconds before taking the first readinessProbe |
|
| Period of taking readinessProbe in seconds |
|
| Timeout of readinessProbe in seconds |
|
| Number of retries if readinessProbe fails |
|
| Min consecutive successes for readinessProbe to be considered successful |
|
| Enables/disables readinessProbe |
|
| Initial delay in seconds before taking the first startupProbe |
|
| Period of taking startupProbe in seconds |
|
| Timeout of startupProbe in seconds |
|
| Number of retries if startupProbe fails |
|
| Min consecutive successes for startupProbe to be considered successful |
|
| Specifies whether to create a service account |
|
| Service account name |
|
| Specifies if the account can mount the access token from the Kubernetes API |
|
| Key/value map of annotations |
|
| Enables/disables autoscaling |
|
| Minimum number of pods |
|
| Maximum number of pods |
|
| CPU utilization threshold |
|
| Memory utilization threshold |
|
| Main encryption key |
|
| Webhook encryption key |
|
| Enables/disables reCAPTCHA |
|
| reCAPTCHA version |
|
| siteKey used for identifying the application |
|
| secretKey used for authentication with reCAPTCHA |
|
| Name of the external secret with reCAPTCHA settings |
|
| First name |
|
| Last name |
|
| Username |
|
| Password |
|
|
| |
| Name of the main secret |
|
| Enables/disables outgoing mail from Space |
|
| Username of the SMTP server account that will be used to send email |
|
| Password of the SMTP server account that will be used to send email |
|
| SMTP server hostname |
|
| (Required) SMTP server port. Typically, 25 or 2525 |
|
| Mail server protocol. Typically, SSL, TLS or SMTP |
|
| (Required) Email address. Space will use it to send email |
|
| Waiting time aggregation in seconds |
|
| Outgoing mail limit in emails per second |
|
| Waiting queue name |
|
| Name of the external secret with mail server credentials |
|
| X.509-encoded public key for issuing access tokens by the OAuth 2.0 authentication server |
|
| PKCS#8-encoded 4096-bit private key for issuing access tokens by the OAuth 2.0 authentication server. |
|
| 128-bit key. To generate, run $(openssl rand -base64 16) |
|
| 128-bit key. To generate, run $(openssl rand -base64 16) |
|
| 128-bit key. To generate, run $(openssl rand -base64 16) |
|
| X.509-encoded public key for signing/verifying outgoing messages to external applications |
|
| PKCS#8-encoded 4096-bit private key for signing/verifying outgoing messages to external applications |
|
| Name of the external secret with authentication server settings |
|
| License string |
|
| Database hostname |
|
| Database port |
|
| Database name |
|
| Database username |
|
| Database password |
|
| Name of the external secret with database settings |
|
| Size of the idle pool |
|
| Redis hostname |
|
| Redis port |
|
| (Optional) Redis username |
|
| (Optional) Redis password |
|
| Name of the external secret with Redis settings |
|
| Region where the bucket is located |
|
| Bucket name |
|
| "true" if the bucket exists or "false" otherwise |
|
| Storage URL |
|
| Storage access key |
|
| Storage secret key |
|
| Name of the external secret with storage settings |
|
| Elasticsearch hostname |
|
| Elasticsearch port |
|
| Elasticsearch URL scheme (http by default). Possible values: http, https |
|
| Elasticsearch prefix |
|
| Bearer authentication token |
|
| API key for ApiKey authentication |
|
| Username for Basic authentication |
|
| Password for Basic authentication |
|
| Name of the external secret with Elasticsearch settings |
|
| Elasticsearch audit hostname |
|
| Elasticsearch audit port |
|
| Elasticsearch audit URL scheme (http by default). Possible values: http, https |
|
| Bearer authentication token |
|
| API key for ApiKey authentication |
|
| Username for Basic authentication |
|
| Password for Basic authentication |
|
| Name of the external secret with Elasticsearch audit settings |
|
| Elasticsearch metrics hostname |
|
| Elasticsearch metrics port |
|
| Elasticsearch metrics URL scheme (http by default). Possible values: http, https |
|
| Bearer authentication token |
|
| API key for ApiKey authentication |
|
| Username for Basic authentication |
|
| Password for Basic authentication |
|
| Name of the external secret with Elasticsearch metrics settings |
|
| Git hosting URL |
|
| Git authentication token. Space and VCS must refer to the same value: vcs.secrets.spaceAccessKey. |
|
| Name of the external secret with VCS settings |
|
| Space URL |
|
| List of additional Space URLs |
|
| Packages URL |
|
| Region where the log storage bucket is located |
|
| Log storage bucket name |
|
| "true" if the bucket exists or "false" otherwise |
|
| Log storage URL |
|
| Log storage access key |
|
| Log storage secret key |
|
| Name of the external secret with log storage settings |
|
| Container image registry |
|
| Repository with the Automation worker image |
|
| Version of the Automation worker image |
|
| Region where the worker storage bucket is located |
|
| Worker storage bucket name |
|
| "true" if the bucket exists or "false" otherwise |
|
| Worker storage URL |
|
| Worker storage access key |
|
| Worker storage secret key |
|
| Тame of the external secret with worker storage settings |
|
| Container image registry |
|
| Repository with the Automation builder image |
|
| Version of the Automation builder image |
|
| Container image registry |
|
| Repository with the Automation DSL compiler image |
|
| Version of the Automation DSL compiler image |
|
| Region where the DSL compiler storage bucket is located |
|
| DSL compiler storage bucket name |
|
| "true" if the bucket exists or "false" otherwise |
|
| DSL compiler storage URL |
|
| DSL compiler storage access key |
|
| DSL compiler storage secret key |
|
| Name of the external secret with the DSL compiler storage settings |
|
| Enables/disables Ingress for routing inbound traffic |
|
| Ingress path type |
|
| Ingress hostname |
|
| Key/value map with annotations |
|
| Enables/disables TLS for the hostname |
|
| Specifies whether to create a self-signed certificate for $parent.hostname |
|
| Ingress path array |
|
| Ingress extra paths |
|
| Additional TLS configuration |
|
| Name of the external secret for $parent.hostname |
|
| IngressClass name |
|
| Additional Ingress rules |
|
| Container image registry |
|
| Repository with the Redis image |
|
| Version of the Redis image |
|
| Redis image pull policy |
|
| Container image registry |
|
| Repository with the PostgreSQL image |
|
| Version of the PostgreSQL image |
|
| PostgreSQL image pull policy |
|
| Container image registry |
|
| Repository with the BusyBox image |
|
| Version of the BusyBox image |
|
| BusyBox image pull policy |
|
| Max CPU available for a pod (resource request) |
|
| Max memory available for a pod (resource request) |
|
| Min CPU available for a pod (resource limit) |
|
| Min memory available for a pod (resource limit) |
|
| Enables/disables Security Context |
|
| ID of the user who runs the process |
|
| Specifies if the process can run under the root user |
|
| Specifies if the process can get more permissions at run-time |
|
| Specifies if the root filesystem of the process is read-only |
|
| List of Kernel capabilities that the process is not allowed to use |
|
VCS
Name | Description | Value |
|---|---|---|
| Container image registry |
|
| Repository with the VCS image |
|
| Version of the VCS image |
|
| VCS image pull policy |
|
| Name of the external secret with registry credentials |
|
| Overrides the default VCS application configuration |
|
| Initial number of pods for the application |
|
| Custom pod labels |
|
| Custom pod annotations |
|
| Additional environment variables |
|
| Additional settings included in the JAVA_OPTS environment variable |
|
| Max CPU available for a pod (resource request) |
|
| Max memory available for a pod (resource request) |
|
| Min CPU available for a pod (resource limit) |
|
| Min memory available for a pod (resource limit) |
|
| VCS API port number |
|
| SSH port number |
|
| Additional annotations |
|
| Enable external service exposure |
|
| External service type |
|
| External service port |
|
| Additional annotations |
|
| Enables/disables security context |
|
| Group ID that has access to the filesystem at run-time |
|
| Enables/disables security context |
|
| ID of the user who runs the process |
|
| Specifies if the process can run under the root user |
|
| Specifies if the process can get more permissions at run-time |
|
| Specifies if the root filesystem of the process is read-only |
|
| List of Kernel capabilities that the process is not allowed to use |
|
| Enables/disables livenessProbe |
|
| Initial delay in seconds before taking the first livenessProbe |
|
| Period of taking livenessProbe in seconds |
|
| Timeout of livenessProbe in seconds |
|
| Number of retries if livenessProbe fails |
|
| Min consecutive successes for livenessProbe to be considered successful |
|
| Enables/disables readinessProbe |
|
| Initial delay in seconds before taking the first readinessProbe |
|
| Period of taking readinessProbe in seconds |
|
| Timeout of readinessProbe in seconds |
|
| Number of retries if readinessProbe fails |
|
| Min consecutive successes for readinessProbe to be considered successful |
|
| Specifies whether to create a service account |
|
| Service account name |
|
| Specifies if the account can mount the access token from the Kubernetes API |
|
| Key/value map of annotations |
|
| Enables/disables autoscaling |
|
| Minimum number of pods |
|
| Maximum number of pods |
|
| CPU utilization threshold |
|
| Memory utilization threshold |
|
| For security reasons, VCS doesn't allow mirroring hostnames located on the same network as the VCS service (as per RFC 1918). To enable the mirroring anyway, set the value to 'true' |
|
| Event bus architecture |
|
| Event bus hostname |
|
| Event bus port |
|
| (Optional) Username for accessing the event bus service |
|
| (Optional) Password for accessing the event bus service |
|
| Name of the external secret with event bus settings |
|
| Region where the VCS storage bucket is located |
|
| VCS storage bucket name |
|
| VCS storage URL |
|
| VCS storage access key |
|
| VCS storage secret key |
|
| Name of the external secret with the VCS storage settings |
|
| Database name |
|
| Database hostname |
|
| Database port |
|
| Database username |
|
| Database password |
|
| Name of the external secret with the database settings |
|
| 2048-bit RSA private key the VCS server will use to respond on the SSH port |
|
| Here you must specify the same value as in space.vcs.token |
|
| Name of the external secret with the secrets settings |
|
| Public URL of the VCS server |
|
| External URL for the Space application |
|
| Enables/disables Ingress for routing VCS traffic |
|
| Ingress path type |
|
| Ingress hostname |
|
| Key/value map with annotations |
|
| Enables/disables TLS for the hostname |
|
| Specifies whether to create a self-signed certificate for $parent.hostname |
|
| Ingress path array |
|
| Ingress extra paths |
|
| Additional TLS configuration |
|
| Name of the external secret for $parent.hostname |
|
| IngressClass name |
|
| Additional Ingress rules |
|
| Container image registry |
|
| Repository with the Redis image |
|
| Version of the Redis image |
|
| Redis image pull policy |
|
| Container image registry |
|
| Repository with the PostgreSQL image |
|
| Version of the PostgreSQL image |
|
| PostgreSQL image pull policy |
|
| Container image registry |
|
| Repository with the BusyBox image |
|
| Version of the BusyBox image |
|
| BusyBox image pull policy |
|
| Max CPU available for a pod (resource request) |
|
| Max memory available for a pod (resource request) |
|
| Min CPU available for a pod (resource limit) |
|
| Min memory available for a pod (resource limit) |
|
| Enables/disables Security Context |
|
| ID of the user who runs the process |
|
| Specifies if the process can run under the root user |
|
| Specifies if the process can get more permissions at run-time |
|
| Specifies if the root filesystem of the process is read-only |
|
| List of Kernel capabilities that the process is not allowed to use |
|
Packages
Name | Description | Value |
|---|---|---|
| Container image registry |
|
| Repository with the Packages image |
|
| Version of the Packages image |
|
| Packages image pull policy |
|
| Name of the external secret with registry credentials |
|
| Overrides the default Packages application configuration |
|
| Initial number of pods for the application |
|
| Custom pod labels |
|
| Custom pod annotations |
|
| Additional environment variables |
|
| Additional settings included in the JAVA_OPTS environment variable |
|
| Max CPU available for a pod (resource request) |
|
| Max memory available for a pod (resource request) |
|
| Min CPU available for a pod (resource limit) |
|
| Min memory available for a pod (resource limit) |
|
| Port number of the Packages external API |
|
| Port number of the Packages internal API |
|
| Additional annotations |
|
| Enables/disables security context |
|
| Group ID that has access to the filesystem at run-time |
|
| Enables/disables security context |
|
| ID of the user who runs the process |
|
| Specifies if the process can run under the root user |
|
| Specifies if the process can get more permissions at run-time |
|
| Specifies if the root filesystem of the process is read-only |
|
| List of Kernel capabilities that the process is not allowed to use |
|
| Enables/disables livenessProbe |
|
| Initial delay in seconds before taking the first livenessProbe |
|
| Period of taking livenessProbe in seconds |
|
| Timeout of livenessProbe in seconds |
|
| Number of retries if livenessProbe fails |
|
| Min consecutive successes for livenessProbe to be considered successful |
|
| Enables/disables readinessProbe |
|
| Initial delay in seconds before taking the first readinessProbe |
|
| Period of taking readinessProbe in seconds |
|
| Timeout of readinessProbe in seconds |
|
| Number of retries if readinessProbe fails |
|
| Min consecutive successes for readinessProbe to be considered successful |
|
| Enables/disables readinessProbe |
|
| Initial delay in seconds before taking the first startupProbe |
|
| Period of taking startupProbe in seconds |
|
| Timeout of startupProbe in seconds |
|
| Number of retries if startupProbe fails |
|
| Min consecutive successes for startupProbe to be considered successful |
|
| Specifies whether to create a service account |
|
| Service account name |
|
| Specifies if the account can mount the access token from the Kubernetes API |
|
| Key/value map of annotations |
|
| Enables/disables autoscaling |
|
| Minimum number of pods |
|
| Maximum number of pods |
|
| CPU utilization threshold |
|
| Memory utilization threshold |
|
| Database hostname |
|
| Database port |
|
| Database name |
|
| Database username |
|
| Database password |
|
| Name of the external secret with the database settings |
|
| Size of the idle pool |
|
| Redis hostname |
|
| Redis port |
|
| (Optional) Redis username |
|
| (Optional) Redis password |
|
| Name of the external secret with Redis settings |
|
| Region where the bucket is located |
|
| Bucket name |
|
| "true" if the bucket exists or "false" otherwise |
|
| Storage URL, accessible both by the k8s pods and external clients. |
|
| Storage access key |
|
| Storage secret key |
|
| Name of the external secret with storage settings |
|
| Elasticsearch hostname |
|
| Elasticsearch port |
|
| Elasticsearch URL scheme (http by default). Possible values: http, https |
|
| Elasticsearch prefix |
|
| Bearer authentication token |
|
| API key for ApiKey authentication |
|
| Username for Basic authentication |
|
| Password for Basic authentication |
|
| Name of the external secret with Elasticsearch settings |
|
| Public URL |
|
| Internal URL |
|
| Client Id used for interaction between Space and Packages API |
|
| Client secret used for interaction between Space and Packages API |
|
| Name of the external secret with Packages settings |
|
| Public URL |
|
| Internal URL |
|
| Enables/disables Ingress for routing inbound traffic |
|
| Ingress path type |
|
| Ingress hostname |
|
| Key/value map with annotations |
|
| Enables/disables TLS for the hostname |
|
| Specifies whether to create a self-signed certificate for $parent.hostname |
|
| Ingress path array |
|
| Ingress extra paths |
|
| Additional TLS configuration |
|
| Name of the external secret for $parent.hostname |
|
| IngressClass name |
|
| Additional Ingress rules |
|
| Container image registry |
|
| Repository with the Redis image |
|
| Version of the Redis image |
|
| Redis image pull policy |
|
| Container image registry |
|
| Repository with the PostgreSQL image |
|
| Version of the PostgreSQL image |
|
| PostgreSQL image pull policy |
|
| Container image registry |
|
| Repository with the BusyBox image |
|
| Version of the BusyBox image |
|
| BusyBox image pull policy |
|
| Max CPU available for a pod (resource request) |
|
| Max memory available for a pod (resource request) |
|
| Min CPU available for a pod (resource limit) |
|
| Min memory available for a pod (resource limit) |
|
| Enables/disables Security Context |
|
| ID of the user who runs the process |
|
| Specifies if the process can run under the root user |
|
| Specifies if the process can get more permissions at run-time |
|
| Specifies if the root filesystem of the process is read-only |
|
| List of Kernel capabilities that the process is not allowed to use |
|
Lang-service
Name | Description | Value |
|---|---|---|
| Container image registry |
|
| Repository with the Langservice image |
|
| Version of the Langservice image |
|
| Langservice image pull policy |
|
| Name of the external secret with registry credentials |
|
| Overrides the default Langservice application configuration |
|
| Initial number of pods for the application |
|
| Custom pod labels |
|
| Custom pod annotations |
|
| Additional environment variables |
|
| Additional settings included in the JAVA_OPTS environment variable |
|
| Max CPU available for a pod (resource request) |
|
| Max memory available for a pod (resource request) |
|
| Min CPU available for a pod (resource limit) |
|
| Min memory available for a pod (resource limit) |
|
| Langservice port number |
|
| Additional annotations |
|
| Enables/disables security context |
|
| Group ID that has access to the filesystem at run-time |
|
| Enables/disables security context |
|
| ID of the user who runs the process |
|
| Specifies if the process can run under the root user |
|
| Specifies if the process can get more permissions at run-time |
|
| Specifies if the root filesystem of the process is read-only |
|
| List of Kernel capabilities that the process is not allowed to use |
|
| Specifies whether to create a service account |
|
| Service account name |
|
| Specifies if the account can mount the access token from the Kubernetes API |
|
| Key/value map of annotations |
|
| Enables/disables autoscaling |
|
| Minimum number of pods |
|
| Maximum number of pods |
|
| CPU utilization threshold |
|
| Memory utilization threshold |
|
| Enables/disables livenessProbe |
|
| Initial delay in seconds before taking the first livenessProbe |
|
| Period of taking livenessProbe in seconds |
|
| Timeout of livenessProbe in seconds |
|
| Number of retries if livenessProbe fails |
|
| Min consecutive successes for livenessProbe to be considered successful |
|
| Enables/disables readinessProbe |
|
| Initial delay in seconds before taking the first readinessProbe |
|
| Period of taking readinessProbe in seconds |
|
| Timeout of readinessProbe in seconds |
|
| Number of retries if readinessProbe fails |
|
| Min consecutive successes for readinessProbe to be considered successful |
|
Compute-service
Name | Description | Value |
|---|---|---|
| Enables/disables Space automation and remote development |
|
| Enables/disables creating namespace |
|
| URL of the container registry |
|
| URL of the container repository |
|
| Image version |
|
| Pull policy of the container image |
|
| Registry credentials. Specify not the credentials but the corresponding secrets |
|
| Enables/disables autoscaling |
|
| Minimum number of pods |
|
| Maximum number of pods |
|
| CPU utilization threshold |
|
| Memory utilization threshold |
|
| Database hostname |
|
| Database port |
|
| Database name |
|
| Database username |
|
| Database password |
|
| Name of the external secret with the database settings |
|
| Size of the idle pool |
|
| jobs namespace suffix |
|
| Registry credentials. Specify not the credentials but the corresponding secrets (see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry). For example: "docker-credentinals-1,docker-credentinals-2" |
|
| worker version |
|
| ComputeService worker image registry |
|
| Repository with the ComputeService worker image |
|
| Version of the ComputeService worker image |
|
| Size of volume which will be mapped to task root dir: will allow to isolate IOPS amd do not use node space |
|
| Volume mapping inside container |
|
| for test purposes when DNS is not available, example: "10.0.0.1:vcs.service.local,10.0.0.1:packages.service.local" |
|
| set true for using https://github.com/nestybox/sysbox and disable privileged mode |
|
| "sysbox-runc" by default |
|
| "io.kubernetes.cri-o.userns-mode;auto:size=65536" |
|
| Number of ComputeService pods. |
|
| CPU resource limit for a ComputeService pod |
|
| Memory resource limit for a ComputeService pod |
|
| CPU resource request for a ComputeService pod |
|
| CPU resource request for a ComputeService pod |
|
| Name of the oAuth client that the Space and ComputeService applications will use to communicate with each other. |
|
| Symmetric 256-bit string the Space and ComputeService applications will use to communicate with each other. |
|
| Java Options values you want to pass to the ComputeService application. |
|
| External port of the ComputeService service. The Space service must be able to connect to it inside the namespace. |
|
| Internal port of the ComputeService service. The Space service must be able to connect to it inside the namespace. |
|
|
| |
| enable jobs affinity |
|
| used for sending jobs to nodes with such label key |
|
| used for sending jobs to nodes with such label value |
|
| upper limit for healthy and unhealthy workers in total |
|
| max scale out step per 30 seconds. "1" means to scale out max 1 worker instance per 30 sec. |
|
| upper limit for the number of idle healthy workers waiting for new tasks |
|
| lower limit for the number of idle healthy workers waiting for new tasks |
|
| healthy worker inactivity period after which workers are marked for the rotation for security reason |
|
| % of free workers which should be available for immediate picking tasks, |
|