huanld/speckle-server
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
ae79a48eb018d2f1fe0fb271bf2d340ba398fcaf
speckle-server/utils/helm/speckle-server/values.schema.json
T
spgoad 38720cecdc Feature: Add OpenID Connect Generic Authentication Strategy (#1283) 
* feat(server): add OIDC auth strategy

Add an OpenID Connect Authentication Strategy for Speckle Server. Enables configuration of
authentication against an OIDC standard compliant identity provider endpoint.

closes specklesystems#1270

Co-authored-by: spencer.goad <spencer.goad@disney.com>
2023-01-09 13:41:50 +00:00

1357 lines
52 KiB
JSON
Raw Blame History

{
"title": "Chart Values",
"type": "object",
"properties": {
"namespace": {
"type": "string",
"description": "The name of the namespace in which Speckle will be deployed.",
"default": "speckle-test"
},
"create_namespace": {
"type": "boolean",
"description": "Enabling this will create a new namespace into which Speckle will be deployed",
"default": false
},
"domain": {
"type": "string",
"description": "The DNS host name at which this Speckle deployment will be reachable",
"default": "localhost"
},
"ssl_canonical_url": {
"type": "boolean",
"description": "HTTPS protocol will be the preferred protocol for serving this Speckle deployment",
"default": true
},
"cert_manager_issuer": {
"type": "string",
"description": "The name of the ClusterIssuer kubernetes resource that provides the SSL Certificate",
"default": "letsencrypt-staging"
},
"networkPlugin": {
"type": "object",
"properties": {
"type": {
"type": "string",
"description": "(Optional) Used to configure which type of NetworkPolicy is deployed. Options are 'kubernetes' or 'cilium'.",
"default": "kubernetes"
}
}
},
"ingress": {
"type": "object",
"properties": {
"namespace": {
"type": "string",
"description": "The namespace in which the ingress controller is deployed.",
"default": "ingress-nginx"
},
"controllerName": {
"type": "string",
"description": "The name of the Kubernetes pod in which the ingress controller is deployed.",
"default": "ingress-nginx"
}
}
},
"docker_image_tag": {
"type": "string",
"description": "Speckle is published as a Docker Image. The version of the image which will be deployed is specified by this tag.",
"default": "v2.3.3"
},
"imagePullPolicy": {
"type": "string",
"description": "Determines the conditions when the Docker Images for Speckle should be pulled from the Image registry.",
"default": "IfNotPresent"
},
"secretName": {
"type": "string",
"description": "Deprecated, please use individual secret parameters. This is the name of the Kubernetes Secret resource in which secrets for Speckle are stored. Secrets within this Secret resource may include Postgres and Redis connectin strings, S3 secret values, email server passwords, etc..",
"default": "server-vars"
},
"file_size_limit_mb": {
"type": "number",
"description": "This maximum size of any single file (unit is Megabytes) that can be uploaded to Speckle",
"default": 100
},
"enable_prometheus_monitoring": {
"type": "boolean",
"description": "If enabled, Speckle deploys a Prometheus ServiceMonitor resource",
"default": false
},
"prometheusMonitoring": {
"type": "object",
"properties": {
"namespace": {
"type": "string",
"description": "If provided, deploys Speckle's Prometheus resources (e.g. ServiceMonitor) in the given namespace",
"default": ""
},
"release": {
"type": "string",
"description": "If provided, adds the value to a `release` label on all the Prometheus resources deployed by Speckle",
"default": ""
},
"networkPolicy": {
"type": "object",
"properties": {
"inCluster": {
"type": "object",
"properties": {
"kubernetes": {
"type": "object",
"properties": {
"podSelector": {
"type": "object",
"description": "(Kubernetes Network Policy only) The pod Selector yaml object used to uniquely select the prometheus pods within the cluster and given namespace",
"default": {}
},
"namespaceSelector": {
"type": "object",
"description": "(Kubernetes Network Policy only) The namespace selector yaml object used to uniquely select the namespace in which the prometheus pods are deployed",
"default": {}
}
}
},
"cilium": {
"type": "object",
"properties": {
"fromEndpoints": {
"type": "array",
"description": "(Cilium Network Policy only) The endpoint selector yaml object used to uniquely select the in-cluster endpoint in which the prometheus pods are deployed",
"default": [],
"items": {
"type": "object"
}
}
}
}
}
}
}
}
}
},
"db": {
"type": "object",
"properties": {
"useCertificate": {
"type": "boolean",
"description": "If enabled, the certificate defined in db.certificate is used to verify TLS connections to the Postgres database",
"default": false
},
"maxConnectionsServer": {
"type": "number",
"description": "The number of connections to the Postgres database to provide in the connection pool",
"default": 4
},
"certificate": {
"type": "string",
"description": "The x509 public certificate for SSL connections to the Postgres database. Use of this certificate requires db.useCertificate to be enabled and an appropriate value for db.PGSSLMODE provided.",
"default": ""
},
"PGSSLMODE": {
"type": "string",
"description": "This defines the level of security used when connecting to the Postgres database",
"default": "require"
},
"connectionString": {
"type": "object",
"properties": {
"secretName": {
"type": "string",
"description": "Required. A secret containing the full connection string to the Postgres database (e.g. in format of `protocol://username:password@host:port/database`) stored within the Kubernetes cluster as an opaque Kubernetes Secret. Ref: https://kubernetes.io/docs/concepts/configuration/secret/#opaque-secrets",
"default": ""
},
"secretKey": {
"type": "string",
"description": "Required. The key within the Kubernetes Secret holding the connection string.",
"default": ""
}
}
},
"networkPolicy": {
"type": "object",
"properties": {
"externalToCluster": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, indicates that the Postgres database is hosted externally to the Kubernetes cluster",
"default": true
}
}
},
"inCluster": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, indicates that the Postgres database is hosted withing the same Kubernetes cluster in which Speckle will be deployed",
"default": false
},
"port": {
"type": "string",
"description": "the port on the server providing the Postgres database (default: \"5432\")",
"default": ""
},
"kubernetes": {
"type": "object",
"properties": {
"podSelector": {
"type": "object",
"description": "(Kubernetes Network Policy only) The pod Selector yaml object used to uniquely select the postgres compatible database pods within the cluster and given namespace",
"default": {}
},
"namespaceSelector": {
"type": "object",
"description": "(Kubernetes Network Policy only) The namespace selector yaml object used to uniquely select the namespace in which the postgres compatible database pods are deployed",
"default": {}
}
}
},
"cilium": {
"type": "object",
"properties": {
"endpointSelector": {
"type": "object",
"description": "(Cilium Network Policy only) The endpoint selector yaml object used to uniquely select the in-cluster endpoint in which the postgres compatible database pods are deployed",
"default": {}
},
"serviceSelector": {
"type": "object",
"description": "(Cilium Network Policy only) The service selector yaml object used to uniquely select the in-cluster service providing the postgres compatible database service",
"default": {}
}
}
}
}
}
}
}
}
},
"s3": {
"type": "object",
"properties": {
"configMap": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, the s3.endpoint, s3.bucket, and s3.access_key values will be determined from a configMap and the values provided in this helm release ignored.",
"default": false
},
"name": {
"type": "string",
"description": "The name of the ConfigMap in which values for the keys (`endpoint`, `bucket`, and `access_key`) are provided. Expected to be in the namespace defined by the `namespace` parameter of this Helm Chart.",
"default": ""
}
}
},
"endpoint": {
"type": "string",
"description": "The URL at which the s3 compatible storage is hosted. If `s3.configMap.enabled` is true, this value is ignored.",
"default": ""
},
"bucket": {
"type": "string",
"description": "The s3 compatible bucket in which Speckle data will be stored. If `s3.configMap.enabled` is true, this value is ignored.",
"default": ""
},
"access_key": {
"type": "string",
"description": "The key of the access key used to authenticate with the s3 compatible storage. If `s3.configMap.enabled` is true, this value is ignored.",
"default": ""
},
"secret_key": {
"type": "object",
"properties": {
"secretName": {
"type": "string",
"description": "Required. A Kubernetes secret containing the s3 secret_key. This is expected to be the name of an opaque Kubernetes Secret. Ref: https://kubernetes.io/docs/concepts/configuration/secret/#opaque-secrets",
"default": ""
},
"secretKey": {
"type": "string",
"description": "Required. The key within the Kubernetes Secret, the value of which is the s3 secret.",
"default": ""
}
}
},
"create_bucket": {
"type": "string",
"description": "If enabled, will create a bucket with the given bucket name at this endpoint",
"default": "false"
},
"region": {
"type": "string",
"description": "The region in which the bucket resides (or will be created in).",
"default": ""
},
"networkPolicy": {
"type": "object",
"properties": {
"port": {
"type": "string",
"description": "the port on the server providing the s3 compatible storage (default: \"443\")",
"default": ""
},
"externalToCluster": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, indicates that the s3 compatible storage is hosted externally to the Kubernetes cluster",
"default": true
}
}
},
"inCluster": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, indicates that the s3 compatible storage is hosted withing the same Kubernetes cluster in which Speckle will be deployed",
"default": false
},
"kubernetes": {
"type": "object",
"properties": {
"podSelector": {
"type": "object",
"description": "(Kubernetes Network Policy only) The pod Selector yaml object used to uniquely select the s3 compatible storage pods within the cluster and given namespace",
"default": {}
},
"namespaceSelector": {
"type": "object",
"description": "(Kubernetes Network Policy only) The namespace selector yaml object used to uniquely select the namespace in which the s3 compatible storage pods are deployed",
"default": {}
}
}
},
"cilium": {
"type": "object",
"properties": {
"endpointSelector": {
"type": "object",
"description": "(Cilium Network Policy only) The endpoint selector yaml object used to uniquely select the in-cluster endpoint in which the s3 compatible storage pods are deployed",
"default": {}
},
"serviceSelector": {
"type": "object",
"description": "(Cilium Network Policy only) The service selector yaml object used to uniquely select the in-cluster service providing the s3 compatible storage service",
"default": {}
}
}
}
}
}
}
}
}
},
"redis": {
"type": "object",
"properties": {
"connectionString": {
"type": "object",
"properties": {
"secretName": {
"type": "string",
"description": "Required. A secret containing the full connection string to the Redis store (e.g. in format of `protocol://username:password@host:port/database`) stored within the Kubernetes cluster as an opaque Kubernetes Secret. Ref: https://kubernetes.io/docs/concepts/configuration/secret/#opaque-secrets",
"default": ""
},
"secretKey": {
"type": "string",
"description": "Required. The key within the Kubernetes Secret holding the Redis connection string.",
"default": ""
}
}
},
"networkPolicy": {
"type": "object",
"properties": {
"externalToCluster": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, indicates that the Redis store is hosted externally to the Kubernetes cluster",
"default": true
}
}
},
"inCluster": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, indicates that the Redis store is hosted withing the same Kubernetes cluster in which Speckle will be deployed",
"default": false
},
"port": {
"type": "string",
"description": "the port on the server providing the Redis store (default: \"6379\")",
"default": ""
},
"kubernetes": {
"type": "object",
"properties": {
"podSelector": {
"type": "object",
"description": "(Kubernetes Network Policy only) The pod Selector yaml object used to uniquely select the redis store pods within the cluster and given namespace",
"default": {}
},
"namespaceSelector": {
"type": "object",
"description": "(Kubernetes Network Policy only) The namespace selector yaml object used to uniquely select the namespace in which the redis store pods are deployed",
"default": {}
}
}
},
"cilium": {
"type": "object",
"properties": {
"endpointSelector": {
"type": "object",
"description": "(Cilium Network Policy only) The endpoint selector yaml object used to uniquely select the in-cluster endpoint in which the redis pods are deployed",
"default": {}
},
"serviceSelector": {
"type": "object",
"description": "(Cilium Network Policy only) The service selector yaml object used to uniquely select the in-cluster service providing the redis store service",
"default": {}
}
}
}
}
}
}
}
}
},
"server": {
"type": "object",
"properties": {
"replicas": {
"type": "number",
"description": "The number of instances of the Server pod to be deployed within the cluster.",
"default": 1
},
"sessionSecret": {
"type": "object",
"properties": {
"secretName": {
"type": "string",
"description": "The name of the Kubernetes Secret containing the Session secret. This is a unique value (can be generated randomly). This is expected to be provided within the Kubernetes cluster as an opaque Kubernetes Secret. Ref: https://kubernetes.io/docs/concepts/configuration/secret/#opaque-secrets",
"default": ""
},
"secretKey": {
"type": "string",
"description": "The key within the Kubernetes Secret holding the Session secret as its value.",
"default": ""
}
}
},
"auth": {
"type": "object",
"properties": {
"local": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, users can register and authenticate with an email address and password.",
"default": true
}
}
},
"google": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, users can authenticate via Google with their Google account credentials. If enabling Google, the `server.auth.google.client_id` parameter is required, and a secret must be provided via the Kubernetes secret referenced in `server.auth.google.clientSecret`.",
"default": false
},
"client_id": {
"type": "string",
"description": "This is the ID for Speckle that you have registered with Google.",
"default": ""
},
"clientSecret": {
"type": "object",
"properties": {
"secretName": {
"type": "string",
"description": "The name of the Kubernetes Secret containing the Google client secret. This is expected to be provided within the Kubernetes cluster as an opaque Kubernetes Secret. Ref: https://kubernetes.io/docs/concepts/configuration/secret/#opaque-secrets",
"default": ""
},
"secretKey": {
"type": "string",
"description": "The key within the Kubernetes Secret holding the Google client secret as its value.",
"default": ""
}
}
}
}
},
"github": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, users can authenticate via Github with their Github account credentials. If enabling Github authentication, the `server.auth.github.client_id` parameter is required.",
"default": false
},
"client_id": {
"type": "string",
"description": "This is the ID for Speckle that you have registered with Github",
"default": ""
},
"clientSecret": {
"type": "object",
"properties": {
"secretName": {
"type": "string",
"description": "The name of the Kubernetes Secret containing the GitHub client secret. This is expected to be provided within the Kubernetes cluster as an opaque Kubernetes Secret. Ref: https://kubernetes.io/docs/concepts/configuration/secret/#opaque-secrets",
"default": ""
},
"secretKey": {
"type": "string",
"description": "The key within the Kubernetes Secret holding the GitHub client secret as its value.",
"default": ""
}
}
}
}
},
"azure_ad": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, users can authenticate via Azure Active Directory.",
"default": false
},
"org_name": {
"type": "string",
"description": "This is the Organisation Name that you have registered with Azure",
"default": ""
},
"identity_metadata": {
"type": "string",
"description": "This is the identity metadata for Speckle that you have registered with Azure",
"default": ""
},
"issuer": {
"type": "string",
"description": "This is the issuer name for Speckle that you have registered with Azure",
"default": ""
},
"client_id": {
"type": "string",
"description": "This is the ID for Speckle that you have registered with Azure",
"default": ""
},
"clientSecret": {
"type": "object",
"properties": {
"secretName": {
"type": "string",
"description": "The name of the Kubernetes Secret containing the Azure AD client secret. This is expected to be provided within the Kubernetes cluster as an opaque Kubernetes Secret. Ref: https://kubernetes.io/docs/concepts/configuration/secret/#opaque-secrets",
"default": ""
},
"secretKey": {
"type": "string",
"description": "The key within the Kubernetes Secret holding the Azure AD client secret as its value.",
"default": ""
}
}
},
"additional_domains": {
"type": "array",
"description": "List of `matchName` or `matchPattern` maps for domains that should be allow-listed for egress in Network Policy. https://docs.microsoft.com/en-us/azure/azure-portal/azure-portal-safelist-urls?tabs=public-cloud are enabled by default.",
"default": [],
"items": {
"type": "object"
}
},
"port": {
"type": "number",
"description": "Port on server to connect to. Used to allow egress in Network Policy. Defaults to 443",
"default": 443
}
}
},
"oidc": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, users can authenticate via OpenID Connect.",
"default": false
},
"name": {
"type": "string",
"description": "This is the name that you want displayed on the login button",
"default": ""
},
"discovery_url": {
"type": "string",
"description": "This is the OIDC discovery URL for the identity provider you want to use",
"default": ""
},
"client_id": {
"type": "string",
"description": "This is the ID for Speckle that you have registered with the OIDC identity provider",
"default": ""
},
"clientSecret": {
"type": "object",
"properties": {
"secretName": {
"type": "string",
"description": "The name of the Kubernetes Secret containing the OIDC client secret. This is expected to be provided within the Kubernetes cluster as an opaque Kubernetes Secret. Ref: https://kubernetes.io/docs/concepts/configuration/secret/#opaque-secrets",
"default": ""
},
"secretKey": {
"type": "string",
"description": "The key within the Kubernetes Secret holding the OIDC client secret as its value.",
"default": ""
}
}
},
"domains": {
"type": "array",
"description": "List of `matchName` or `matchPattern` maps for domains that should be allow-listed for egress in Network Policy.",
"default": [],
"items": {
"type": "object"
}
}
}
}
}
},
"email": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, Speckle can send email to users - for example, email verification for account registration.",
"default": false
},
"host": {
"type": "string",
"description": "The domain name or IP address of the server hosting the email service.",
"default": ""
},
"port": {
"type": "string",
"description": "The port on the server for the email service.",
"default": ""
},
"username": {
"type": "string",
"description": "The username with which Speckle will authenticate with the email service.",
"default": ""
},
"password": {
"type": "object",
"properties": {
"secretName": {
"type": "string",
"description": "The name of the Kubernetes Secret containing the email password. This is expected to be provided within the Kubernetes cluster as an opaque Kubernetes Secret. Ref: https://kubernetes.io/docs/concepts/configuration/secret/#opaque-secrets",
"default": ""
},
"secretKey": {
"type": "string",
"description": "The key within the Kubernetes Secret holding the email password as its value.",
"default": ""
}
}
},
"networkPolicy": {
"type": "object",
"properties": {
"externalToCluster": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, indicates that the email server is hosted externally to the Kubernetes cluster",
"default": true
}
}
},
"inCluster": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, indicates that the email server is hosted withing the same Kubernetes cluster in which Speckle will be deployed",
"default": false
},
"kubernetes": {
"type": "object",
"properties": {
"podSelector": {
"type": "object",
"description": "(Kubernetes Network Policy only) The pod Selector yaml object used to uniquely select the email server pods within the cluster and given namespace",
"default": {}
},
"namespaceSelector": {
"type": "object",
"description": "(Kubernetes Network Policy only) The namespace selector yaml object used to uniquely select the namespace in which the email server pods are deployed",
"default": {}
}
}
},
"cilium": {
"type": "object",
"properties": {
"endpointSelector": {
"type": "object",
"description": "(Cilium Network Policy only) The endpoint selector yaml object used to uniquely select the in-cluster endpoint in which the email server pods are deployed",
"default": {}
},
"serviceSelector": {
"type": "object",
"description": "(Cilium Network Policy only) The service selector yaml object used to uniquely select the in-cluster service providing the email server",
"default": {}
}
}
}
}
}
}
}
}
},
"requests": {
"type": "object",
"properties": {
"cpu": {
"type": "string",
"description": "The CPU that should be available on a node when scheduling this pod.",
"default": "500m"
},
"memory": {
"type": "string",
"description": "The Memory that should be available on a node when scheduling this pod.",
"default": "1Gi"
}
}
},
"limits": {
"type": "object",
"properties": {
"cpu": {
"type": "string",
"description": "The maximum CPU that will be made available to the server Pod in a given period.",
"default": "1000m"
},
"memory": {
"type": "string",
"description": "The maximum Memory that will be made available to the server Pod.",
"default": "3Gi"
}
}
},
"serviceAccount": {
"type": "object",
"properties": {
"create": {
"type": "boolean",
"description": "If enabled, a Kubernetes Service Account will be created for this pod.",
"default": true
}
}
},
"monitoring": {
"type": "object",
"properties": {
"apollo": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "(Optional) If enabled, exports metrics from the GraphQL API to Apollo Graphql Studio.",
"default": false
},
"graph_id": {
"type": "string",
"description": "The ID for Speckle that you registered in Apollo Graphql Studio.",
"default": ""
},
"key": {
"type": "object",
"properties": {
"secretName": {
"type": "string",
"description": "The name of the Kubernetes Secret containing the Apollo monitoring key. This is expected to be provided within the Kubernetes cluster as an opaque Kubernetes Secret. Ref: https://kubernetes.io/docs/concepts/configuration/secret/#opaque-secrets",
"default": ""
},
"secretKey": {
"type": "string",
"description": "The key within the Kubernetes Secret holding the Apollo monitoring key as its value.",
"default": ""
}
}
}
}
}
}
},
"sentry_dns": {
"type": "string",
"description": "(Optional) The Data Source Name that was provided by Sentry.io",
"default": ""
},
"disable_tracking": {
"type": "boolean",
"description": "If set to true, will prevent tracking metrics from being collected",
"default": false
},
"disable_tracing": {
"type": "boolean",
"description": "If set to true, will prevent tracing metrics from being collected",
"default": false
},
"networkPolicy": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, will provide additional security be limiting network traffic into and out of the pod to only the required endpoints and ports.",
"default": false
}
}
},
"affinity": {
"type": "object",
"description": "Affinity for Speckle server pods scheduling",
"default": {}
},
"nodeSelector": {
"type": "object",
"description": "Node labels for Speckle server pods scheduling",
"default": {}
},
"tolerations": {
"type": "array",
"description": "Tolerations for Speckle server pods scheduling",
"default": [],
"items": {
"type": "object"
}
},
"topologySpreadConstraints": {
"type": "array",
"description": "Spread Constraints for Speckle server pod scheduling",
"default": [],
"items": {
"type": "object"
}
}
}
},
"frontend": {
"type": "object",
"properties": {
"replicas": {
"type": "number",
"description": "The number of instances of the Frontend pod to be deployed within the cluster.",
"default": 1
},
"requests": {
"type": "object",
"properties": {
"cpu": {
"type": "string",
"description": "The CPU that should be available on a node when scheduling this pod.",
"default": "250m"
},
"memory": {
"type": "string",
"description": "The Memory that should be available on a node when scheduling this pod.",
"default": "256Mi"
}
}
},
"limits": {
"type": "object",
"properties": {
"cpu": {
"type": "string",
"description": "The maximum CPU that will be made available to the frontend Pod in a given period.",
"default": "1000m"
},
"memory": {
"type": "string",
"description": "The maximum Memory that will be made available to the frontend Pod.",
"default": "512Mi"
}
}
},
"networkPolicy": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, will provide additional security be limiting network traffic into and out of the pod to only the required endpoints and ports.",
"default": false
}
}
},
"affinity": {
"type": "object",
"description": "Affinity for Speckle frontend pod scheduling",
"default": {}
},
"nodeSelector": {
"type": "object",
"description": "Node labels for Speckle frontend pods scheduling",
"default": {}
},
"tolerations": {
"type": "array",
"description": "Tolerations for Speckle frontend pods scheduling",
"default": [],
"items": {
"type": "object"
}
},
"topologySpreadConstraints": {
"type": "array",
"description": "Spread Constraints for Speckle frontend pod scheduling",
"default": [],
"items": {
"type": "object"
}
},
"serviceAccount": {
"type": "object",
"properties": {
"create": {
"type": "boolean",
"description": "If enabled, a Kubernetes Service Account will be created for this pod.",
"default": true
}
}
}
}
},
"preview_service": {
"type": "object",
"properties": {
"replicas": {
"type": "number",
"description": "The number of instances of the Preview Service pod to be deployed within the cluster.",
"default": 1
},
"requests": {
"type": "object",
"properties": {
"cpu": {
"type": "string",
"description": "The CPU that should be available on a node when scheduling this pod.",
"default": "500m"
},
"memory": {
"type": "string",
"description": "The Memory that should be available on a node when scheduling this pod.",
"default": "2Gi"
}
}
},
"limits": {
"type": "object",
"properties": {
"cpu": {
"type": "string",
"description": "The maximum CPU that will be made available to the Preview Service Pod in a given period.",
"default": "1000m"
},
"memory": {
"type": "string",
"description": "The maximum Memory that will be made available to the Preview Service Pod.",
"default": "4Gi"
}
}
},
"networkPolicy": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, will provide additional security be limiting network traffic into and out of the pod to only the required endpoints and ports.",
"default": false
}
}
},
"affinity": {
"type": "object",
"description": "Affinity for Speckle Preview Service pod scheduling",
"default": {}
},
"nodeSelector": {
"type": "object",
"description": "Node labels for Speckle Preview Service pods scheduling",
"default": {}
},
"tolerations": {
"type": "array",
"description": "Tolerations for Speckle Preview Service pods scheduling",
"default": [],
"items": {
"type": "object"
}
},
"topologySpreadConstraints": {
"type": "array",
"description": "Spread Constraints for Speckle Preview Service pod scheduling",
"default": [],
"items": {
"type": "object"
}
},
"serviceAccount": {
"type": "object",
"properties": {
"create": {
"type": "boolean",
"description": "If enabled, a Kubernetes Service Account will be created for this pod.",
"default": true
}
}
}
}
},
"webhook_service": {
"type": "object",
"properties": {
"replicas": {
"type": "number",
"description": "The number of instances of the Webhook Service pod to be deployed within the cluster.",
"default": 1
},
"requests": {
"type": "object",
"properties": {
"cpu": {
"type": "string",
"description": "The CPU that should be available on a node when scheduling this pod.",
"default": "500m"
},
"memory": {
"type": "string",
"description": "The Memory that should be available on a node when scheduling this pod.",
"default": "2Gi"
}
}
},
"limits": {
"type": "object",
"properties": {
"cpu": {
"type": "string",
"description": "The maximum CPU that will be made available to the Webhook Service Pod in a given period.",
"default": "1000m"
},
"memory": {
"type": "string",
"description": "The maximum Memory that will be made available to the Webhook Service Pod.",
"default": "4Gi"
}
}
},
"networkPolicy": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, will provide additional security be limiting network traffic into and out of the pod to only the required endpoints and ports.",
"default": false
}
}
},
"affinity": {
"type": "object",
"description": "Affinity for Speckle Webhook Service pod scheduling",
"default": {}
},
"nodeSelector": {
"type": "object",
"description": "Node labels for Speckle Webhook Service pods scheduling",
"default": {}
},
"tolerations": {
"type": "array",
"description": "Tolerations for Speckle Webhook Service pods scheduling",
"default": [],
"items": {
"type": "object"
}
},
"topologySpreadConstraints": {
"type": "array",
"description": "Spread Constraints for Speckle Webhook Service pod scheduling",
"default": [],
"items": {
"type": "object"
}
},
"serviceAccount": {
"type": "object",
"properties": {
"create": {
"type": "boolean",
"description": "If enabled, a Kubernetes Service Account will be created for this pod.",
"default": true
}
}
}
}
},
"fileimport_service": {
"type": "object",
"properties": {
"replicas": {
"type": "number",
"description": "The number of instances of the FileImport Service pod to be deployed within the cluster.",
"default": 1
},
"requests": {
"type": "object",
"properties": {
"cpu": {
"type": "string",
"description": "The CPU that should be available on a node when scheduling this pod.",
"default": "100m"
},
"memory": {
"type": "string",
"description": "The Memory that should be available on a node when scheduling this pod.",
"default": "512Mi"
}
}
},
"limits": {
"type": "object",
"properties": {
"cpu": {
"type": "string",
"description": "The maximum CPU that will be made available to the FileImport Service Pod in a given period.",
"default": "1000m"
},
"memory": {
"type": "string",
"description": "The maximum Memory that will be made available to the FileImport Service Pod.",
"default": "2Gi"
}
}
},
"networkPolicy": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, will provide additional security be limiting network traffic into and out of the pod to only the required endpoints and ports.",
"default": false
}
}
},
"affinity": {
"type": "object",
"description": "Affinity for Speckle FileImport Service pod scheduling",
"default": {}
},
"nodeSelector": {
"type": "object",
"description": "Node labels for Speckle FileImport Service pods scheduling",
"default": {}
},
"tolerations": {
"type": "array",
"description": "Tolerations for Speckle FileImport Service pods scheduling",
"default": [],
"items": {
"type": "object"
}
},
"topologySpreadConstraints": {
"type": "array",
"description": "Spread Constraints for Speckle FileImport Service pod scheduling",
"default": [],
"items": {
"type": "object"
}
},
"serviceAccount": {
"type": "object",
"properties": {
"create": {
"type": "boolean",
"description": "If enabled, a Kubernetes Service Account will be created for this pod.",
"default": true
}
}
},
"time_limit_min": {
"type": "number",
"description": "The maximum time that a file can take to be processed by the FileImport Service.",
"default": 10
}
}
},
"monitoring": {
"type": "object",
"properties": {
"replicas": {
"type": "number",
"description": "The number of instances of the Monitoring pod to be deployed within the cluster.",
"default": 1
},
"requests": {
"type": "object",
"properties": {
"cpu": {
"type": "string",
"description": "The CPU that should be available on a node when scheduling this pod.",
"default": "100m"
},
"memory": {
"type": "string",
"description": "The Memory that should be available on a node when scheduling this pod.",
"default": "64Mi"
}
}
},
"limits": {
"type": "object",
"properties": {
"cpu": {
"type": "string",
"description": "The maximum CPU that will be made available to the Monitoring Pod in a given period.",
"default": "200m"
},
"memory": {
"type": "string",
"description": "The maximum Memory that will be made available to the Monitoring Pod.",
"default": "512Mi"
}
}
},
"networkPolicy": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, will provide additional security be limiting network traffic into and out of the pod to only the required endpoints and ports.",
"default": false
}
}
},
"affinity": {
"type": "object",
"description": "Affinity for Speckle Monitoring pod scheduling",
"default": {}
},
"nodeSelector": {
"type": "object",
"description": "Node labels for Speckle Monitoring pods scheduling",
"default": {}
},
"tolerations": {
"type": "array",
"description": "Tolerations for Speckle Monitoring pods scheduling",
"default": [],
"items": {
"type": "object"
}
},
"topologySpreadConstraints": {
"type": "array",
"description": "Spread Constraints for Speckle Monitoring pod scheduling",
"default": [],
"items": {
"type": "object"
}
},
"serviceAccount": {
"type": "object",
"properties": {
"create": {
"type": "boolean",
"description": "If enabled, a Kubernetes Service Account will be created for this pod.",
"default": true
}
}
}
}
},
"helm_test_enabled": {
"type": "boolean",
"description": "If enabled, an additional pod is deployed which verifies some functionality of Speckle to determine if it is deployed correctly",
"default": true
},
"test": {
"type": "object",
"properties": {
"requests": {
"type": "object",
"properties": {
"cpu": {
"type": "string",
"description": "The CPU that should be available on a node when scheduling this pod.",
"default": "100m"
},
"memory": {
"type": "string",
"description": "The Memory that should be available on a node when scheduling this pod.",
"default": "64Mi"
}
}
},
"limits": {
"type": "object",
"properties": {
"cpu": {
"type": "string",
"description": "The maximum CPU that will be made available to the Test Pod in a given period.",
"default": "200m"
},
"memory": {
"type": "string",
"description": "The maximum Memory that will be made available to the Test Pod.",
"default": "512Mi"
}
}
},
"networkPolicy": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "If enabled, will provide additional security be limiting network traffic into and out of the pod to only the required endpoints and ports.",
"default": false
}
}
},
"serviceAccount": {
"type": "object",
"properties": {
"create": {
"type": "boolean",
"description": "If enabled, a Kubernetes Service Account will be created for this pod.",
"default": true
}
}
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink