andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/kasten/k10/6.5.401/values.schema.json

2540 lines
97 KiB
JSON
Raw Blame History

{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"type": "object",
"properties": {
"rbac": {
"type": "object",
"title": "RBAC configuration",
"description": "Create RBAC seetings",
"properties": {
"create": {
"title": "Enable RBAC creation",
"description": "Toggle RBAC resource creation",
"type": "boolean",
"default": true
}
}
},
"serviceAccount": {
"type": "object",
"title": "ServiceAccount details",
"description": "Configure ServiceAccount",
"properties": {
"create": {
"type": "boolean",
"default": true,
"title": "Create a ServiceAccount",
"description": "Specifies whether a ServiceAccount should be created"
},
"name": {
"type": "string",
"default": "",
"title": "The name of the ServiceAccount",
"description": "The name of the ServiceAccount to use. If not set and create is true, a name is derived using the release and chart names"
}
}
},
"scc": {
"type": "object",
"title": "Security Context Constraints details",
"description": "Configure Security Context Constraints",
"properties": {
"create": {
"type": "boolean",
"default": false,
"title": "Create K10 SSC",
"description": "Whether to create a SecurityContextConstraints for K10 ServiceAccounts"
}
}
},
"networkPolicy": {
"type": "object",
"title": "NetworkPolicy details",
"description": "Configure NetworkPolicy",
"properties": {
"create": {
"type": "boolean",
"default": true,
"title": "Create NetworkPolicies",
"description": "Whether to create NetworkPolicies for the K10 services"
}
}
},
"global": {
"type": "object",
"title": "Global settings",
"properties": {
"image": {
"type": "object",
"title": "K10 image configurations",
"description": "Change K10 image settings",
"properties": {
"registry": {
"type": "string",
"default": "gcr.io/kasten-images",
"title": "K10 image registry",
"description": "Change default K10 image registry"
},
"tag": {
"type": "string",
"default": "",
"title": "K10 image tag",
"description": "Change default K10 tag"
},
"pullPolicy": {
"type": "string",
"default": "Always",
"title": "Container images pullPolicy",
"description": "Change default pullPolicy for all the images",
"enum": [
"IfNotPresent",
"Always",
"Never"
]
}
}
},
"airgapped": {
"type": "object",
"title": "Airgapped offline installation",
"description": "Configure Airgapped offline installation",
"properties": {
"repository": {
"type": "string",
"default": "",
"title": "helm repository",
"description": "The helm repository for offline (airgapped) installation"
}
}
},
"persistence": {
"type": "object",
"title": "Persistent Volume global details",
"description": "Configure global settings for Persistent Volume",
"properties": {
"mountPath": {
"type": "string",
"default": "/mnt/k10state",
"title": "Persistent Volume global mount path",
"description": "Change default path for Persistent Volume mount"
},
"enabled": {
"type": "boolean",
"default": true,
"title": "Enable Persistent Volume",
"description": "Create Persistent Volumes"
},
"storageClass": {
"type": "string",
"default": "",
"title": "Persistent Volume global Storageclass",
"description": "If set to '-', dynamic provisioning is disabled. If undefined (the default) or set to null, the default provisioner is used. (e.g gp2 on AWS, standard on GKE, AWS & OpenStack)"
},
"accessMode": {
"type": "string",
"default": "ReadWriteOnce",
"title": "Persistent Volume global AccessMode",
"description": "Change default AccessMode for Persistent Volumes",
"enum": [
"ReadWriteOnce",
"ReadOnlyMany",
"ReadWriteMany"
]
},
"size": {
"type": "string",
"default": "20Gi",
"title": "Persistent Volume size",
"description": "Change default size for Persistent Volumes"
},
"metering": {
"type": "object",
"title": "Metering service Persistent Volume details",
"description": "Configure Persistence Volume for metering service",
"properties": {
"size": {
"type": "string",
"default": "2Gi",
"title": "Metering service Persistent Volume size",
"description": "If not set, global.persistence.size is used"
}
}
},
"catalog": {
"type": "object",
"title": "Catalog service Persistent Volume details",
"description": "Configure Persistence Volume for catalog service",
"properties": {
"size": {
"type": "string",
"default": "",
"title": "Catalog service Persistent Volume size",
"description": "If not set, global.persistence.size is used."
}
}
},
"jobs": {
"type": "object",
"title": "Jobs service Persistent Volume details",
"description": "Configure Persistence Volume for jobs service",
"properties": {
"size": {
"type": "string",
"default": "",
"title": "Jobs service Persistent Volume size",
"description": "If not set, global.persistence.size is used."
}
}
},
"logging": {
"type": "object",
"title": "Logging service Persistent Volume details",
"description": "Configure Persistence Volume for logging service",
"properties": {
"size": {
"type": "string",
"default": "",
"title": "Logging service Persistent Volume size",
"description": "If not set, global.persistence.size is used."
}
}
},
"grafana": {
"type": "object",
"title": "Grafana service Persistent Volume details",
"description": "Configure Persistence Volume for grafana service",
"properties": {
"size": {
"type": "string",
"default": "5Gi",
"title": "Grafana service Persistent Volume size",
"description": "If not set, global.persistence.size is used."
}
}
}
}
},
"rhMarketPlace": {
"type": "boolean",
"default": false,
"title": "RedHat marketplace config",
"description": "Set it to true while generating helm operator"
},
"images": {
"type": "object",
"title": "Global image settings",
"properties": {
"admin": {
"type": "string",
"default": "",
"title": "Admin service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
},
"aggregatedapis": {
"type": "string",
"default": "",
"title": "Aggregatedapis service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
},
"auth": {
"type": "string",
"default": "",
"title": "Auth service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
},
"bloblifecyclemanager": {
"type": "string",
"default": "",
"title": "Bloblifecyclemanager service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
},
"catalog": {
"type": "string",
"default": "",
"title": "Catalog service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
},
"configmap-reload": {
"type": "string",
"title": "Configmap-reload service container image",
"default": "",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes."
},
"controllermanager": {
"type": "string",
"default": "",
"title": "Controllermanager service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
},
"crypto": {
"type": "string",
"default": "",
"title": "Crypto service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
},
"dashboardbff": {
"type": "string",
"default": "",
"title": "Dashboardbff service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
},
"datamover": {
"type": "string",
"default": "",
"title": "Datamover service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes."
},
"dex": {
"type": "string",
"default": "",
"title": "Dex service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes."
},
"emissary": {
"type": "string",
"default": "",
"title": "Emissary service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
},
"events": {
"type": "string",
"default": "",
"title": "Events service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
},
"executor": {
"type": "string",
"default": "",
"title": "Executor service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
},
"frontend": {
"type": "string",
"default": "",
"title": "Frontend service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
},
"grafana": {
"type": "string",
"title": "Grafana service container image",
"default": "",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes."
},
"init": {
"type": "string",
"title": "Generic init container image",
"default": "",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes."
},
"jobs": {
"type": "string",
"default": "",
"title": "Jobs service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
},
"kanister-tools": {
"type": "string",
"default": "",
"title": "Kanister-tools service container image",
"description": "Kanister-tools service container image contains set of tools, required for all kanister related operations. It is used for debug, troubleshooting, primer purposes as well"
},
"kanister": {
"type": "string",
"default": "",
"title": "Kanister service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
},
"logging": {
"type": "string",
"default": "",
"title": "Logging service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
},
"metering": {
"type": "string",
"default": "",
"title": "Metering service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
},
"paygo_daemonset": {
"type": "string",
"default": "",
"title": "Paygo_daemonset service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes."
},
"prometheus": {
"type": "string",
"default": "",
"title": "Prometheus service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes."
},
"repositories": {
"type": "string",
"default": "",
"title": "Repositories service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
},
"state": {
"type": "string",
"default": "",
"title": "State service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
},
"upgrade": {
"type": "string",
"default": "",
"title": "Upgrade service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/<service-name>:(Chart.AppVersion)|(image.tag)'"
},
"vbrintegrationapi": {
"type": "string",
"default": "",
"title": "Vbrintegrationapi service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes."
},
"garbagecollector": {
"type": "string",
"default": "",
"title": "Garbagecollector service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes."
},
"metric-sidecar": {
"type": "string",
"default": "",
"title": "Metric-sidecar service container image",
"description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes."
}
}
},
"imagePullSecret": {
"type": "string",
"default": "",
"title": "Container image pull secret",
"description": "Secret which contains docker config for private repository. Use `k10-ecr` when secrets.dockerConfigPath is used."
},
"prometheus": {
"type": "object",
"title": "Prometheus settings",
"description": "Global prometheus settings",
"properties": {
"external": {
"type": "object",
"title": "External prometheus settings",
"description": "Configure prometheus",
"properties": {
"host": {
"type": "string",
"default": "",
"title": "External prometheus host name",
"description": "Set prometheus host name"
},
"port": {
"type": "string",
"default": "",
"title": "External prometheus port number",
"description": "Set prometheus port number"
},
"baseURL": {
"type": "string",
"default": "",
"title": "External prometheus baseURL",
"description": "Set prometheus baseURL"
}
}
}
}
},
"network": {
"type": "object",
"title": "Network settings",
"description": "Global network settings",
"properties": {
"enable_ipv6": {
"type": "boolean",
"default": false,
"title": "Enable ipv6",
"description": "Set true to enable ipv6"
}
}
}
}
},
"route": {
"type": "object",
"title": "OpenShift route configuration",
"description": "Configure OpenShift Route",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"title": "Exposed dashboard via route",
"description": "Whether the K10 dashboard should be exposed via route"
},
"host": {
"type": "string",
"default": "",
"title": "Host name",
"description": "Set Host name for the route"
},
"path": {
"type": "string",
"default": "",
"title": "Route path",
"description": "Set Path for the route"
},
"annotations": {
"type": "object",
"default": {},
"title": "Route annotations",
"description": "Set annotations for the route",
"examples": [
{
"kubernetes.io/tls-acme": "true",
"haproxy.router.openshift.io/disable_cookies": "true",
"haproxy.router.openshift.io/balance": "roundrobin"
}
]
},
"labels": {
"type": "object",
"default": {},
"title": "Route label",
"description": "Set Labels for the route resource",
"examples": [
{
"foo": "bar"
}
]
},
"tls": {
"type": "object",
"title": "Route TLS configuration",
"description": "Set TLS configuration for the route",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"title": "Enable TLS",
"description": "Whether to enable TLS"
},
"insecureEdgeTerminationPolicy": {
"type": "string",
"default": "Redirect",
"title": "Route Termination Policy",
"description": "What to do in case of an insecure traffic edge termination",
"enum": [
"None",
"Allow",
"Redirect",
""
]
},
"termination": {
"type": "string",
"default": "edge",
"title": "Termination Schema",
"description": "Set termination Schema",
"enum": [
"edge",
"passthrough",
"reencrypt"
]
}
}
}
}
},
"dexImage": {
"type": "object",
"title": "Dex image config",
"description": "Specify Dex image config",
"properties": {
"registry": {
"type": "string",
"default": "ghcr.io",
"title": "Dex image registry",
"description": "Change default image registry for Dex images"
},
"repository": {
"type": "string",
"default": "dexidp",
"title": "Dex image repository",
"description": "Change default image repository for Dex images"
},
"image": {
"type": "string",
"default": "dex",
"title": "Dex image name",
"description": "Change default image name for Dex images"
}
}
},
"kanisterToolsImage": {
"type": "object",
"title": "kanister tools image config",
"description": "Set kanister tools image config",
"properties": {
"registry": {
"type": "string",
"default": "ghcr.io",
"title": "kanister-tools image registry",
"description": "Change default image registry for kanister-tools images"
},
"repository": {
"type": "string",
"default": "kanisterio",
"title": "kanister-tools image repository",
"description": "Change default image repository for kanister-tools images"
},
"image": {
"type": "string",
"default": "kanister-tools",
"title": "Kanister tools image name",
"description": "Change default image name for kanister-tools images"
},
"pullPolicy": {
"type": "string",
"default": "Always",
"title": "Kanister tools image pullPolicy",
"description": "Change kanister-tools image pullPolicy",
"enum": [
"IfNotPresent",
"Always",
"Never"
]
}
}
},
"ingress": {
"type": "object",
"title": "Ingress configuration",
"description": "Add ingress resource configuration",
"properties": {
"create": {
"type": "boolean",
"default": false,
"title": "Expose dashboard via ingress",
"description": "whether the K10 dashboard should be exposed via ingress"
},
"tls": {
"type": "object",
"title": "TLS configuration for ingress",
"description": "Set TLS configuration for ingress",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"title": "Enable TLS",
"description": "Configures a TLS use for ingress.host"
}
}
},
"class": {
"type": "string",
"default": "",
"title": "Ingress controller class",
"description": "Cluster ingress controller class: nginx, GCE"
},
"host": {
"type": "string",
"default": "",
"title": "Ingress host name",
"description": "FQDN for name-based virtual host",
"examples": [
"/k10.example.com"
]
},
"urlPath": {
"type": "string",
"default": "",
"title": "Ingress URL path",
"description": "URL path for K10 Dashboard",
"examples": [
"/k10"
]
},
"pathType": {
"type": "string",
"default": "ImplementationSpecific",
"title": "Ingress path type",
"description": "Set the path type for the ingress resource",
"enum": [
"Exact",
"Prefix",
"ImplementationSpecific"
]
}
}
},
"eula": {
"type": "object",
"title": "EULA configuration",
"properties": {
"accept": {
"type": "boolean",
"default": false,
"title": "Enable accept EULA before installation",
"description": "An End-User license agreement (EULA) is a legal agreement that grants a user a license to use an application or software. Users must consent to the EULA before purchasing, installing, or downloading an application or software owned by the service provider."
}
}
},
"license": {
"type": "string",
"default": "",
"title": "License from Kasten",
"description": "Add license string obtained from Kasten"
},
"cluster": {
"type": "object",
"title": "Cluster configuration",
"description": "Set cluster configuration",
"properties": {
"domainName": {
"type": "string",
"default": "cluster.local",
"title": "Domain name of the cluster",
"description": "Change default domain name of the cluster"
}
}
},
"multicluster": {
"type": "object",
"title": "Multi-cluster configuration",
"description": "Configure the multi-cluster system",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"title": "Enable the multi-cluster system",
"description": "Choose whether to enable the multi-cluster system components and capabilities"
}
}
},
"prometheus": {
"type": "object",
"title": "Internal Prometheus configuration",
"description": "Configure internal Prometheus",
"properties": {
"rbac": {
"type": "object",
"title": "Prometheus rbac",
"description": "Configure Prometheus rbac resources",
"properties": {
"create": {
"type": "boolean",
"default": false,
"title": "Enable Prometheus rbac. Warning - cluster wide permissions",
"description": "Choose whether to create Prometheus RBAC configuration. Warning: Enabling this action will allow Prometheus permission to scrape pods in all K8s namespaces."
}
}
},
"server": {
"type": "object",
"title": "Prometheus Server",
"description": "Configure Prometheus Server",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"title": "Enable Prometheus server",
"description": "Create Prometheus server"
},
"securityContext": {
"type": "object",
"title": "Prometheus server securityContext",
"description": "Configure Prometheus server securityContext",
"properties": {
"runAsUser": {
"type": "integer",
"default": 65534,
"title": "runAsUser ID",
"description": "Set securityContext runAsUser ID"
},
"runAsNonRoot": {
"type": "boolean",
"default": true,
"title": "Enable runAsNonRoot",
"description": "Enable securityContext runAsNonRoot"
},
"runAsGroup": {
"type": "integer",
"default": 65534,
"title": "runAsGroup ID",
"description": "Set securityContext runAsGroup ID"
},
"fsGroup": {
"type": "integer",
"default": 65534,
"title": "fsGroup ID",
"description": "Set securityContext fsGroup ID"
}
}
},
"retention": {
"type": "string",
"default": "30d",
"title": "Prometheus retention",
"description": "Set retention period for Prometheus"
},
"persistentVolume": {
"type": "object",
"title": "Prometheus persistent volume",
"description": "Configure Prometheus persistent volume",
"properties": {
"storageClass": {
"type": "string",
"default": "",
"title": "StorageClassName used to create Prometheus PVC",
"description": "Setting this option overwrites global StorageClass value"
}
}
},
"fullnameOverride": {
"type": "string",
"default": "prometheus-server",
"title": "Prometheus server deployment name",
"description": "Override default Prometheus server deployment name"
},
"baseURL": {
"type": "string",
"default": "/k10/prometheus/",
"title": "Prometheus external url path",
"description": "Prometheus external url path at which the server can be accessed"
},
"prefixURL": {
"type": "string",
"default": "/k10/prometheus",
"title": "Prometheus prefix slug",
"description": "Prometheus prefix slug at which the server can be accessed"
}
}
}
}
},
"jaeger": {
"type": "object",
"title": "Jaeger configuration",
"description": "Jaeger tracing settings",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"title": "Enable Jaeger tracing",
"description": "Set true to enable Jaeger tracing"
},
"agentDNS": {
"type": "string",
"default": "",
"title": "Jaeger agentDNS",
"description": "Set agentDNS for Jaeger tracing"
}
}
},
"service": {
"type": "object",
"title": "K10 K8s services config",
"properties": {
"externalPort": {
"type": "integer",
"default": 8000,
"title": "externalPort for K10 services",
"description": "Override default 8000 externalPort for K10 services"
},
"internalPort": {
"type": "integer",
"default": 8000,
"title": "internalPort for K10 services",
"description": "Override default 8000 internalPort for K10 services"
},
"aggregatedApiPort": {
"type": "integer",
"default": 10250,
"title": "aggregatedApiPort for aggapi service",
"description": "Override default 10250 port for aggapi service"
},
"gatewayAdminPort": {
"type": "integer",
"default": 8877,
"title": "Gateway admin port",
"description": "Override default 8877 gateway admin port"
}
}
},
"secrets": {
"type": "object",
"title": "K10 secrets",
"description": "K10 secrets configuration",
"properties": {
"awsAccessKeyId": {
"type": "string",
"default": "",
"title": "AWS access key ID",
"description": "Set AWS access key ID required for AWS deployment"
},
"awsSecretAccessKey": {
"type": "string",
"default": "",
"title": "AWS secret access key",
"description": "Set AWS access key secret"
},
"awsIamRole": {
"type": "string",
"default": "",
"title": "AWS IAM Role",
"description": "ARN of the AWS IAM role assumed by K10 to perform any AWS operation"
},
"googleApiKey": {
"type": "string",
"default": "",
"title": "Google API Key",
"description": "Non-default base64 encoded GCP Service Account key"
},
"googleProjectId": {
"type": "string",
"default": "",
"title": "Google Project ID",
"description": "Set Google Project ID other than the one in the GCP Service Account"
},
"tlsSecret": {
"type": "string",
"default": "",
"title": "K8s TLS secret name contains for k10 Gateway service",
"description": "Specify a Secret directly instead of having to provide both the cert and key. This reduces the security risk a bit by not caching the certs and keys in the bash history."
},
"dockerConfig": {
"type": "string",
"default": "",
"title": "Docker config",
"description": "base64 representation of your Docker credentials to pull docker images from a private registry"
},
"dockerConfigPath": {
"type": "string",
"default": "",
"title": "Docker config path",
"description": "Path to Docker config file to create secret from"
},
"azureTenantId": {
"type": "string",
"default": "",
"title": "Azure tenant ID",
"description": "Azure tenant ID required for Azure deployment"
},
"azureClientId": {
"type": "string",
"default": "",
"title": "Azure client ID",
"description": "Azure Service App ID"
},
"azureClientSecret": {
"type": "string",
"default": "",
"title": "Azure client Secret",
"description": "Azure Service APP secret"
},
"azureResourceGroup": {
"type": "string",
"default": "",
"title": "Azure resource group",
"description": "Resource Group name that was created for the Kubernetes cluster"
},
"azureSubscriptionID": {
"type": "string",
"default": "",
"title": "Azure subscription ID",
"description": "Subscription ID in your Azure tenant"
},
"azureResourceMgrEndpoint": {
"type": "string",
"default": "",
"title": "Azure resource manager endpoint",
"description": "Resource management endpoint for the Azure Stack instance"
},
"azureADEndpoint": {
"type": "string",
"default": "",
"title": "Azure AD endpoint",
"description": "Azure Active Directory login endpoint"
},
"azureADResourceID": {
"type": "string",
"default": "",
"title": "Azure Active Directory resource ID",
"description": "Azure Active Directory resource ID to obtain AD tokens"
},
"azureCloudEnvID": {
"type": "string",
"default": "",
"title": "Azure Cloud Environment ID",
"description": "Azure Cloud Environment ID"
},
"apiTlsCrt": {
"type": "string",
"default": "",
"title": "API TLS Certificate",
"description": "K8s API server TLS certificate"
},
"apiTlsKey": {
"type": "string",
"default": "",
"title": "API TLS Key",
"description": "K8s API server TLS key"
},
"vsphereEndpoint": {
"type": "string",
"default": "",
"title": "vSphere endpoint",
"description": "vSphere endpoint for login"
},
"vsphereUsername": {
"type": "string",
"default": "",
"title": "",
"description": ""
},
"vspherePassword": {
"type": "string",
"default": "",
"title": "vSphere password",
"description": "vSphere password for login"
}
}
},
"metering": {
"type": "object",
"title": "Metering service config",
"description": "Metering service settings",
"properties": {
"reportingKey": {
"type": "string",
"default": "",
"title": "Reporting key",
"description": "Base64 encoded reporting key"
},
"consumerId": {
"type": "string",
"default": "",
"title": "Consumer ID",
"description": "Consumer ID in the format project:<project_id>"
},
"awsRegion": {
"type": "string",
"default": "",
"title": "AWS Region",
"description": "Set AWS_REGION for metering service"
},
"awsMarketPlaceIamRole": {
"type": "string",
"default": "",
"title": "AWS Marketplace IAM Role",
"description": "Set AWS marketplace IAM Role"
},
"awsMarketplace": {
"type": "boolean",
"default": false,
"title": "AWS Marketplace",
"description": "Set AWS cloud metering license mode"
},
"awsManagedLicense": {
"type": "boolean",
"default": false,
"title": "AWS managed license",
"description": "Set AWS managed license mode"
},
"licenseConfigSecretName": {
"type": "string",
"default": "",
"title": "License config secret name",
"description": "AWS managed license config secret"
},
"serviceAccount": {
"type": "object",
"title": "Metering service serviceAccount",
"description": "Configuration for metering service serviceAccount",
"properties": {
"create": {
"type": "boolean",
"default": false,
"title": "Create metering service serviceAccount",
"description": "Create metering service serviceAccount"
},
"name": {
"type": "string",
"default": "",
"title": "Metering ServiceAccount name",
"description": "Set name for metering ServiceAccount"
}
}
},
"mode": {
"type": "string",
"default": "",
"title": "Control license reporting",
"description": "Set to `airgap` for private-network installs"
},
"redhatMarketplacePayg": {
"type": "boolean",
"default": false,
"title": "Red Hat cloud metering",
"description": "Set Red Hat cloud metering license mode"
},
"reportCollectionPeriod": {
"type": "integer",
"default": 1800,
"title": "Report collection period",
"description": "Metric report collection period (in seconds)"
},
"reportPushPeriod": {
"type": "integer",
"default": 3600,
"title": "Report push period",
"description": "Metric report push period (in seconds)"
},
"promoID": {
"type": "string",
"default": "",
"title": "K10 promotion ID",
"description": "K10 promotion ID from marketing campaigns"
}
}
},
"clusterName": {
"type": "string",
"default": "",
"title": "Cluster name",
"description": "Cluster name for better logs visibility"
},
"executorReplicas": {
"type": "integer",
"default": 3,
"title": "Number of executor service pod replicas",
"description": "Set number of executor service pod replicas for better performance"
},
"logLevel": {
"type": "string",
"default": "info",
"title": "Log level",
"description": "Change default log level"
},
"externalGateway": {
"type": "object",
"title": "External gateway",
"description": "Configure external gateway for K10 API services",
"properties": {
"create": {
"type": "boolean",
"default": false,
"title": "Enable external gateway",
"description": "Create external gateway service"
},
"annotations": {
"type": "object",
"title": "The annotations Schema",
"default": {},
"description": "Standard annotations for the services"
},
"fqdn": {
"type": "object",
"title": "Host and domain name for the K10 API services",
"description": "Configure host and domain name for the K10 API services",
"properties": {
"name": {
"type": "string",
"default": "",
"title": "Domain name for the K10 API services",
"description": "Domain name for the K10 API services"
},
"type": {
"type": "string",
"default": "",
"title": "Gateway type",
"description": "Supported gateway type: route53-mapper or external-dns"
}
}
},
"awsSSLCertARN": {
"type": "string",
"default": "",
"title": "AWS SSL Cert ARN",
"description": "ARN for the AWS ACM SSL certificate used in the K10 API server"
}
}
},
"auth": {
"type": "object",
"title": "Authentication settings",
"description": "Configure K10 dashboard authentication",
"properties": {
"groupAllowList": {
"type": "array",
"default": [],
"items": {
"type": "string"
},
"title": "List of groups allowed to access K10 dashboard",
"description": "A list of groups whose members are allowed access to K10's dashboard",
"examples": [
[
"group1",
"group2"
]
]
},
"basicAuth": {
"type": "object",
"title": "Basic authentication for the K10 dashboard",
"description": "Configure basic authentication for the K10 dashboard",
"properties": {
"enabled": {
"title": "Enable basic authentication",
"description": "Enables basic authentication to the K10 dashboard that allows users to login with username and password",
"type": "boolean",
"default": false
},
"secretName": {
"type": "string",
"default": "",
"title": "Secret with basic auth creds",
"description": "Name of an existing Secret that contains a file generated with htpasswd"
},
"htpasswd": {
"type": "string",
"default": "",
"title": "Basic authentication creds",
"description": "A username and password pair separated by a colon character"
}
}
},
"tokenAuth": {
"type": "object",
"title": "Token based authentication",
"description": "Configuration for Token based authentication for the K10 dashboard",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"title": "Enable token based authentication",
"description": "Enable token based authentication to access K10 dashboard"
}
}
},
"oidcAuth": {
"type": "object",
"default": {},
"title": "Open ID Connect based authentication",
"description": "Configuration for Open ID Connect based authentication for the K10 dashboard",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"title": "Enable Open ID Connect based authentication",
"description": "Enable Open ID Connect based authentication to access K10 dashboard"
},
"providerURL": {
"type": "string",
"default": "",
"title": "OIDC Provider URL",
"description": "URL for the OIDC Provider"
},
"redirectURL": {
"type": "string",
"default": "",
"title": "K10 gateway service URL",
"description": "URL to the K10 gateway service"
},
"scopes": {
"type": "string",
"default": "",
"title": "OIDC scopes",
"description": "Space separated OIDC scopes required for userinfo",
"examples": [
"profile email"
]
},
"prompt": {
"type": "string",
"title": "OIDC prompt type",
"description": "The type of prompt to be used during authentication",
"default": "select_account",
"enum": [
"none",
"consent",
"login",
"select_account"
]
},
"clientID": {
"type": "string",
"default": "",
"title": "OIDC client ID",
"description": "Client ID given by the OIDC provider"
},
"clientSecret": {
"type": "string",
"default": "",
"title": "OIDC client secret",
"description": "Client secret given by the OIDC provider"
},
"usernameClaim": {
"type": "string",
"default": "",
"title": "OIDC username claim",
"description": "The claim to be used as the username"
},
"usernamePrefix": {
"type": "string",
"default": "",
"title": "OIDC username prefix",
"description": "Prefix that has to be used with the username obtained from the username claim"
},
"groupClaim": {
"type": "string",
"default": "",
"title": "OIDC group claim",
"description": "Name of a custom OpenID Connect claim for specifying user groups"
},
"groupPrefix": {
"type": "string",
"default": "",
"title": "OIDC group prefix",
"description": "All groups will be prefixed with this value to prevent conflicts"
},
"logoutURL": {
"type": "string",
"default": "",
"title": "OIDC logout endpoint",
"description": "URL to your OIDC provider's logout endpoint"
},
"secretName": {
"type": "string",
"default": "",
"title": "OIDC config based existing secret",
"description": "Must include providerURL, redirectURL, scopes, clientID/secret and logoutURL"
},
"sessionDuration": {
"type": "string",
"default": "1h",
"title": "OIDC session duration",
"description": "Maximum OIDC session duration. Default value is 1 hour"
},
"refreshTokenSupport": {
"type": "boolean",
"default": false,
"title": "OIDC Refresh Token support",
"description": "Enable OIDC Refresh Token support. Disabled by default."
}
}
},
"dex": {
"type": "object",
"title": "Dex based authentication",
"description": "Configure Dex based authentication to access K10 dashboard",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"title": "Enable Dex based authentication",
"description": "Enable Dex based authentication to access K10 dashboard"
},
"providerURL": {
"type": "string",
"default": "",
"title": "Dex provider URL",
"description": "Set Dex provider URL"
},
"redirectURL": {
"type": "string",
"default": "",
"title": "K10 gateway service URL",
"description": "URL to the K10 gateway service"
}
}
},
"openshift": {
"type": "object",
"title": "OpenShift OAuth server based authentication",
"description": "OpenShift OAuth server based authentication for K10 dashboard",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"title": "Enable OpenShift OAuth server based authentication",
"description": "Enable OpenShift OAuth server based authentication to access K10 dashboard"
},
"serviceAccount": {
"type": "string",
"default": "",
"title": "Service account that represents an OAuth client",
"description": "Name of the service account that represents an OAuth client"
},
"clientSecret": {
"type": "string",
"default": "",
"title": "Service account token",
"description": "The token corresponding to the service account"
},
"clientSecretName": {
"type": "string",
"default": "",
"title": "Service account token secret",
"description": "The secret that contains the token corresponding to the service account"
},
"dashboardURL": {
"type": "string",
"default": "",
"title": "K10 dashboard URL",
"description": "The URL used for accessing K10's dashboard"
},
"openshiftURL": {
"type": "string",
"default": "",
"title": "OpenShift URL",
"description": "The URL for accessing OpenShift's API server"
},
"insecureCA": {
"type": "boolean",
"default": false,
"title": "Disable SSL verification of connections to OpenShift",
"description": "Set true to turn off SSL verification of connections to OpenShift"
},
"useServiceAccountCA": {
"type": "boolean",
"default": false,
"title": "use the CA certificate corresponding to the Service Account",
"description": "Usually found at ``/var/run/secrets/kubernetes.io/serviceaccount/ca.crt``"
},
"secretName": {
"type": "string",
"default": "",
"title": "The Kubernetes Secret that contains OIDC settings",
"description": "Specify Kubernetes Secret that contains OIDC settings"
},
"usernameClaim": {
"type": "string",
"default": "email",
"title": "Username claim",
"description": "The claim to be used as the username"
},
"usernamePrefix": {
"type": "string",
"default": "",
"title": "Username prefix",
"description": "Prefix that has to be used with the username obtained from the username claim"
},
"groupnameClaim": {
"type": "string",
"default": "groups",
"title": "custom OpenID Connect claim name for specifying user groups",
"description": "Name of a custom OpenID Connect claim for specifying user groups"
},
"groupnamePrefix": {
"type": "string",
"default": "",
"title": "User group name prefix",
"description": "Prefix for user group name"
}
}
},
"ldap": {
"type": "object",
"title": "Active Directory/LDAP based authentication ",
"description": "Active Directory/LDAP based authentication for the K10 dashboard",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"title": "Enable Active Directory/LDAP based authentication",
"description": "Enable Active Directory/LDAP based authentication to access K10 dashboard"
},
"restartPod": {
"type": "boolean",
"default": false,
"title": "force a restart of the authentication service pod",
"description": "force a restart of the authentication service pod (useful when updating authentication config)"
},
"dashboardURL": {
"type": "string",
"default": "",
"title": "K10 dashboard URL",
"description": "The URL used for accessing K10's dashboard"
},
"host": {
"type": "string",
"default": "",
"title": "Host and port of the AD/LDAP server",
"description": "Host and optional port of the AD/LDAP server in the form `host:port`"
},
"insecureNoSSL": {
"type": "boolean",
"default": false,
"title": "Insecure AD/LDAP host",
"description": "Set if the AD/LDAP host is not using TLS"
},
"insecureSkipVerifySSL": {
"type": "boolean",
"default": false,
"title": "Skip SSL verification of connections to the AD/LDAP host",
"description": "Turn off SSL verification of connections to the AD/LDAP host"
},
"startTLS": {
"type": "boolean",
"default": false,
"title": "TLS protocol",
"description": "When set to true, ldap:// is used to connect to the server followed by creation of a TLS session. When set to false, ldaps:// is used."
},
"bindDN": {
"type": "string",
"default": "",
"title": "Username for connecting to the AD/LDAP host",
"description": "The Distinguished Name(username) used for connecting to the AD/LDAP host"
},
"bindPW": {
"type": "string",
"default": "",
"title": "The password for `bindDN`",
"description": "The password corresponding to the `bindDN` for connecting to the AD/LDAP host"
},
"bindPWSecretName": {
"type": "string",
"default": "",
"title": "Secret name containing the password",
"description": "Secret name containing the password corresponding to the `bindDN` for connecting to the AD/LDAP host"
},
"userSearch": {
"type": "object",
"title": "User search config",
"description": "AD/LDAP user search config",
"properties": {
"baseDN": {
"type": "string",
"default": "",
"title": "The base username to start the AD/LDAP search from",
"description": "The base Distinguished Name to start the AD/LDAP search from"
},
"filter": {
"type": "string",
"default": "",
"title": "filter to apply when searching",
"description": "Optional filter to apply when searching the directory"
},
"username": {
"type": "string",
"default": "",
"title": "Username to search in the directory",
"description": "Attribute used for comparing user entries when searching the directory"
},
"idAttr": {
"type": "string",
"default": "",
"title": "Attribute in a user's entry that should map to the user ID field in a token",
"description": "AD/LDAP attribute in a user's entry that should map to the user ID field in a token"
},
"emailAttr": {
"type": "string",
"default": "",
"title": "Attribute in a user's entry that should map to the email field in a token",
"description": "AD/LDAP attribute in a user's entry that should map to the email field in a token"
},
"nameAttr": {
"type": "string",
"default": "",
"title": "Attribute in a user's entry that should map to the name field in a token",
"description": "Attribute in a user's entry that should map to the name field in a token"
},
"preferredUsernameAttr": {
"type": "string",
"default": "",
"title": "Attribute in a user's entry that should map to the preferred_username field in a token",
"description": "AD/LDAP attribute in a user's entry that should map to the preferred_username field in a token"
}
}
},
"groupSearch": {
"type": "object",
"title": "AD/LDAP group search config",
"description": "AD/LDAP group search config",
"properties": {
"baseDN": {
"type": "string",
"default": "",
"title": "The base Distinguished Name",
"description": "The base Distinguished Name to start the AD/LDAP group search from"
},
"filter": {
"type": "string",
"default": "",
"title": "Search filter",
"description": "filter to apply when searching the directory for groups"
},
"userMatchers": {
"type": "array",
"items": {
"type": "object",
"properties": {
"userAttr": {
"type": "string",
"default": "",
"title": "Attribute in the user's entry",
"description": "Attribute in the user's entry that must match the groupAttr when searching for groups"
},
"groupAttr": {
"type": "string",
"default": "",
"title": "Attribute in the group's entry",
"description": "Attribute in the group's entry that must match the userAttr when searching for groups"
}
}
},
"default": [],
"title": "List of field pairs that are used to match a user to a group",
"description": "List of field pairs that are used to match a user to a group"
},
"nameAttr": {
"type": "string",
"default": "",
"title": "Attribute that represents a group's name in the directory",
"description": "The AD/LDAP attribute that represents a group's name in the directory"
}
}
},
"secretName": {
"type": "string",
"default": "",
"title": "The Kubernetes Secret with OIDC settings",
"description": "The Kubernetes Secret that contains OIDC settings"
},
"usernameClaim": {
"type": "string",
"default": "email",
"title": "Username claim",
"description": "The claim to be used as the username"
},
"usernamePrefix": {
"type": "string",
"default": "",
"title": "Username prefix",
"description": "Prefix that has to be used with the username obtained from the username claim"
},
"groupnameClaim": {
"type": "string",
"default": "groups",
"title": "Name of a custom OpenID Connect claim for specifying user groups",
"description": "Name of a custom OpenID Connect claim for specifying user groups"
},
"groupnamePrefix": {
"type": "string",
"default": "",
"title": "Group name prefix",
"description": "Prefix for user group name"
}
}
},
"k10AdminUsers": {
"type": "array",
"items": {
"type": "string"
},
"default": [],
"title": "Admin users list",
"description": "A list of users who are granted admin level access to K10's dashboard"
},
"k10AdminGroups": {
"type": "array",
"items": {
"type": "string"
},
"default": [],
"title": "Admin groups list",
"description": "A list of groups whose members are granted admin level access to K10's dashboard"
}
}
},
"optionalColocatedServices": {
"type": "object",
"title": "Optional Colocated services config",
"description": "Settings to enable optional colocated services",
"properties": {
"vbrintegrationapi": {
"title": "VBRIntegratipnAPI service",
"description": "Settings for VBRIntegratipnAPI service",
"type": "object",
"properties": {
"enabled": {
"title": "Enable VBRIntegratipnAPI service",
"description": "Set true to enable VBRIntegratipnAPI service",
"type": "boolean",
"default": true
}
}
}
}
},
"cacertconfigmap": {
"type": "object",
"title": "CA Certificate ConfigMap",
"description": "ConfigMap containing a certificate for a trusted root certificate authority",
"properties": {
"name": {
"title": "Name of the configmap",
"description": "Name of the K8s ConfigMap containing a certificate for a trusted root certificate authority",
"type": "string",
"default": ""
}
}
},
"apiservices": {
"type": "object",
"title": "Skip APIService objects creation",
"describe": "Skip APIService objects creation if already exists",
"properties": {
"deployed": {
"type": "boolean",
"default": true,
"title": "Whether APIService object are deployed",
"description": "Set true if APIService objects exists. Setting false will recreate the objects"
}
}
},
"injectKanisterSidecar": {
"type": "object",
"title": "Kanister sidecar injection for workload pods",
"description": "Configure Kanister sidecar injection for workload pods",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"title": "Enable Kanister sidecar injection for workload pods",
"description": "Set true to enable Kanister sidecar injection for workload pods"
},
"namespaceSelector": {
"type": "object",
"title": "namespaceSelector config",
"description": "Configure namespaceSelector for namespace containing the workloads to inject Kansiter Sidecar",
"properties": {
"matchLabels": {
"type": "object",
"default": {},
"title": "namespaceSelector matchLabels",
"description": "Set of labels to select namespaces in which sidecar injection is enabled for workloads"
}
}
},
"objectSelector": {
"type": "object",
"title": "objectSelector config",
"description": "Configure objectSelector for the workloads to inject Kansiter Sidecar",
"properties": {
"matchLabels": {
"type": "object",
"default": {},
"title": "objectSelector matchLabels",
"description": "Set of labels to filter workload objects in which the sidecar is injected"
}
}
},
"webhookServer": {
"type": "object",
"title": "Sidecar injector webhook server",
"description": "Configure sidecar injector webhook server",
"properties": {
"port": {
"type": "integer",
"default": 8080,
"title": "Mutating webhook server port number",
"description": "Port number on which the mutating webhook server accepts request"
}
}
}
}
},
"kanisterPodCustomLabels": {
"type": "string",
"default": "",
"title": "Kanister pod custom labels",
"description": "Custom labels for pods managed by Kanister"
},
"kanisterPodCustomAnnotations": {
"type": "string",
"default": "",
"title": "Kanister pod custom annotations",
"description": "Custom annotations added to pods managed by Kanister"
},
"kanisterPodMetricSidecar": {
"type": "object",
"title": "Metric sidecar for ephemeral pods",
"description": "Sidecar container for gathering metrics from ephemeral pods",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"title": "Enable sidecar container",
"description": "Enable sidecar container for gathering metrics from ephemeral pods"
},
"metricLifetime": {
"type": "string",
"default": "2m",
"title": "The period we check if there are metrics which should be removed",
"description": "The period we check if there are metrics which should be removed"
},
"pushGatewayInterval": {
"type": "string",
"default": "30s",
"title": "Pushgateway metrics interval",
"description": "The interval of sending metrics into the Pushgateway"
},
"resources": {
"type": "object",
"title": "Kanister pod metric sidecar resource config",
"description": "Configure resource requests and limits for kanister pod metric sidecar",
"properties": {
"requests": {
"type": "object",
"title": "Kanister pod metric sidecar resource requests",
"description": "Kanister pod metric sidecar resource requests configuration",
"properties": {
"memory": {
"type": "string",
"default": "",
"title": "Kanister pod metric sidecar memory request",
"description": "Kanister pod metric sidecar memory request",
"examples": [
"1Gi"
]
},
"cpu": {
"type": "string",
"default": "",
"title": "Kanister pod metric sidecars cpu request",
"description": "Kanister pod metric sidecars cpu request",
"examples": [
"1"
]
}
}
},
"limits": {
"type": "object",
"title": "Kanister pod metric sidecar resource limits",
"description": "Kanister pod metric sidecar resource limits configuration",
"properties": {
"memory": {
"type": "string",
"default": "",
"title": "Kanister pod metric sidecars memory limit",
"description": "Kanister pod metric sidecars memory limit",
"examples": [
"1Gi"
]
},
"cpu": {
"type": "string",
"default": "",
"title": "Kanister pod metric sidecars cpu limit",
"description": "Kanister pod metric sidecars cpu limit",
"examples": [
"1"
]
}
}
}
}
}
}
},
"genericStorageBackup": {
"type": "object",
"title": "Generic Storage backup activation config",
"properties": {
"token": {
"type": "string",
"title": "Generic volume snapshot activation token",
"description": "Token to enable generic volume snapshot",
"default": ""
}
}
},
"genericVolumeSnapshot": {
"type": "object",
"title": "Generic Volume Snapshot restore pods config",
"description": "Resource configuration for Generic Volume Snapshot restore pods",
"properties": {
"resources": {
"type": "object",
"title": "Generic Volume Snapshot restore pod resource config",
"description": "Configure resource request and limits by Generic Volume Snapshot restore pods",
"properties": {
"requests": {
"type": "object",
"title": "Generic Volume Snapshot resource requests",
"description": "Generic Volume Snapshot resource requests configuration",
"properties": {
"memory": {
"type": "string",
"default": "",
"title": "Generic Volume Snapshot restore pods memory request",
"description": "Generic Volume Snapshot restore pods memory request",
"examples": [
"1Gi"
]
},
"cpu": {
"type": "string",
"default": "",
"title": "Generic Volume Snapshot restore pods cpu request",
"description": "Generic Volume Snapshot restore pods cpu request",
"examples": [
"1"
]
}
}
},
"limits": {
"type": "object",
"title": "Generic Volume Snapshot resource limits",
"description": "Generic Volume Snapshot resource limits configuration",
"properties": {
"memory": {
"type": "string",
"default": "",
"title": "Generic Volume Snapshot restore pods memory limit",
"description": "Generic Volume Snapshot restore pods memory limit",
"examples": [
"1Gi"
]
},
"cpu": {
"type": "string",
"default": "",
"title": "Generic Volume Snapshot restore pods cpu limit",
"description": "Generic Volume Snapshot restore pods cpu limit",
"examples": [
"1"
]
}
}
}
}
}
}
},
"garbagecollector": {
"type": "object",
"title": "garbage collection",
"description": "Configure garbage collection settings",
"properties": {
"daemonPeriod": {
"type": "integer",
"default": 21600,
"title": "Garbage collection period",
"description": "Set garbage collection period (in seconds)"
},
"keepMaxActions": {
"type": "integer",
"default": 1000,
"title": "Max actions to keep",
"description": "Sets maximum actions to keep"
},
"actions": {
"type": "object",
"title": "action collectors config",
"description": "Configure action garbage collectors",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"title": "Enable action collectors",
"description": "Set true to enable action collectors"
}
}
}
}
},
"resources": {
"type": "object",
"default": {},
"title": "K10 pods resource config",
"description": "Resource management for K10 pods"
},
"services": {
"type": "object",
"title": "K10 services config",
"description": "Settings for K10 services",
"properties": {
"executor": {
"type": "object",
"title": "executor service config",
"description": "Configuration for K10 executor service",
"properties": {
"hostNetwork": {
"type": "boolean",
"default": false,
"title": "Enable node network usage",
"description": "Whether the executor pods may use the node network"
},
"workerCount": {
"type": "integer",
"default": 8,
"title": "Executor workers count",
"description": "Count of running executor workers"
},
"maxConcurrentRestoreCsiSnapshots": {
"type": "integer",
"default": 3,
"title": "Concurrent restore CSI snapshots operations",
"description": "Limit of concurrent restore CSI snapshots operations per each restore action"
},
"maxConcurrentRestoreGenericVolumeSnapshots": {
"type": "integer",
"default": 3,
"title": "Concurrent restore generic volume snapshots operations",
"description": "Limit of concurrent restore generic volume snapshots operations per each restore action"
},
"maxConcurrentRestoreWorkloads": {
"type": "integer",
"default": 3,
"title": "Concurrent restore workloads operations",
"description": "Limit of concurrent restore workloads operations per each restore action"
}
}
},
"dashboardbff": {
"type": "object",
"title": "dashboardbff service config",
"properties": {
"hostNetwork": {
"type": "boolean",
"default": false,
"title": "Enable node network usage",
"description": "Whether the dashboardbff pods may use the node network"
}
}
},
"securityContext": {
"type": "object",
"title": "securityContext for K10 service containers",
"description": "Custom securityContext for K10 service containers",
"properties": {
"runAsUser": {
"type": "integer",
"default": 1000,
"title": "runAsUser ID",
"description": "User ID K10 service containers run as"
},
"fsGroup": {
"type": "integer",
"default": 1000,
"title": "FSGroup ID",
"description": "FSGroup that owns K10 service container volumes"
},
"runAsNonRoot": {
"type": "boolean",
"default": true,
"title": "RunAsNonRoot",
"description": "Indicates that K10 service containers should run as non-root user."
},
"seccompProfile": {
"type": "object",
"title": "Seccomp Profile object",
"description": "Sets the Seccomp profile for K10 service containers",
"properties": {
"type": {
"type": "string",
"default": "RuntimeDefault",
"title": "Seccomp profile type",
"description": "Sets the Seccomp profile type for K10 service containers"
}
}
}
}
},
"aggregatedapis": {
"type": "object",
"title": "K10 aggregatedapis service config",
"properties": {
"hostNetwork": {
"type": "boolean",
"default": false,
"title": "Enable node network usage",
"description": "Whether the aggregatedapis pods may use the node network"
}
}
}
}
},
"siem": {
"type": "object",
"title": "siem",
"description": "siem settings",
"properties": {
"logging": {
"type": "object",
"title": "logging",
"description": "siem logging settings",
"properties": {
"cluster": {
"type": "object",
"title": "cluster",
"description": "In-cluster agent log slurping settings",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"title": "Enable in-cluster agent-based audit logging",
"description": "Enabled in-cluster agent-based audit logging for K10 events"
}
}
},
"cloud": {
"type": "object",
"title": "cloud",
"description": "siem cloud logging settings",
"properties": {
"path": {
"type": "string",
"default": "k10audit/",
"title": "Directory path in cloud object storage for saving logs",
"description": "Directory path in cloud object storage for saving logs when writing K10 events"
},
"awsS3": {
"type": "object",
"title": "awsS3",
"description": "AWS S3 log slurping settings",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"title": "Enable AWS S3 audit logging",
"description": "Enable AWS S3 audit logging for K10 events"
}
}
}
}
}
}
}
}
},
"apigateway": {
"type": "object",
"title": "APIGateway",
"description": "APIGateway settings",
"properties": {
"serviceResolver": {
"type": "string",
"default": "dns",
"title": "Resolver used for service discovery",
"description": "The resolver used for service discovery in the API gateway",
"enum": [
"dns",
"endpoint"
]
}
}
},
"limiter": {
"type": "object",
"title": "Limiter",
"description": "Limits set on several operations",
"properties": {
"concurrentSnapConversions": {
"type": "integer",
"default": 3,
"title": "Concurrent snapshot conversions",
"description": "Limit of concurrent snapshots to convert during export "
},
"genericVolumeSnapshots": {
"type": "integer",
"default": 10,
"title": "Concurrent generic volume snapshot creation",
"description": "Limit of concurrent generic volume snapshot create operations"
},
"genericVolumeCopies": {
"type": "integer",
"default": 10,
"title": "Concurrent generic volume snapshot copy",
"description": "Limit of concurrent generic volume snapshot copy operations"
},
"genericVolumeRestores": {
"type": "integer",
"default": 10,
"title": "Concurrent generic volume snapshot restore",
"description": "Limit of concurrent generic volume snapshot restore operations"
},
"csiSnapshots": {
"type": "integer",
"default": 10,
"title": "Concurrent CSI snapshot create",
"description": "Limit of concurrent CSI snapshot create operations"
},
"providerSnapshots": {
"type": "integer",
"default": 10,
"title": "Concurrent cloud provider create",
"description": "Limit of concurrent cloud provider create operations"
}
}
},
"gateway": {
"type": "object",
"title": "Gateway config",
"description": "Configure Gateway service",
"properties": {
"insecureDisableSSLVerify": {
"type": "boolean",
"default": false,
"title": "Disable SSL verification for gateway pods",
"description": "Whether to disable SSL verification for gateway pods"
},
"exposeAdminPort": {
"type": "boolean",
"default": true,
"title": "Expose Admin port",
"description": "Whether to expose Admin port for gateway service"
},
"service": {
"type": "object",
"title": "gateway service config",
"properties": {
"externalPort": {
"type": "integer",
"default": 80,
"title": "externalPort for the gateway service",
"description": "Override default 80 externalPort for the gateway service"
}
}
},
"resources": {
"type": "object",
"title": "Gateway pod resource config",
"description": "Configure resource request and limits by Gateway pod",
"properties": {
"requests": {
"type": "object",
"title": "Gateway resource requests",
"description": "Gateway resource requests configuration",
"properties": {
"memory": {
"type": "string",
"default": "300Mi",
"title": "Gateway pod memory request",
"description": "Gateway pod memory request",
"examples": [
"1Gi"
]
},
"cpu": {
"type": "string",
"default": "200m",
"title": "Gateway pod cpu request",
"description": "Gateway pod cpu request",
"examples": [
"1"
]
}
}
},
"limits": {
"type": "object",
"title": "Gateway resource limits",
"description": "Gateway resource limits configuration",
"properties": {
"memory": {
"type": "string",
"default": "1Gi",
"title": "Gateway pod memory limit",
"description": "Gateway pod memory limit",
"examples": [
"1Gi"
]
},
"cpu": {
"type": "string",
"default": "1000m",
"title": "Gateway pod cpu limit",
"description": "Gateway pod cpu limit",
"examples": [
"1"
]
}
}
}
}
}
}
},
"kanister": {
"type": "object",
"title": "Kanister config",
"description": "Configuration for Kanister service",
"properties": {
"backupTimeout": {
"type": "integer",
"default": 45,
"title": "Timeout on Kanister backup operations",
"description": "Timeout on Kanister backup operations in mins"
},
"restoreTimeout": {
"type": "integer",
"default": 600,
"title": "Timeout for Kanister restore operations",
"description": "Timeout for Kanister restore operations in mins"
},
"deleteTimeout": {
"type": "integer",
"default": 45,
"title": "Timeout for Kanister delete operations",
"description": "Timeout for Kanister delete operations in mins"
},
"hookTimeout": {
"type": "integer",
"default": 20,
"title": "Timeout for Kanister pre-hook and post-hook operations",
"description": "Timeout for Kanister pre-hook and post-hook operations in minutes"
},
"checkRepoTimeout": {
"type": "integer",
"default": 20,
"title": "Timeout for Kanister checkRepo operations",
"description": "Specify timeout to set on Kanister checkRepo operations in minutes"
},
"statsTimeout": {
"type": "integer",
"default": 20,
"title": "Timeout for Kanister stats operations",
"description": "Timeout for Kanister stats operations in minutes"
},
"efsPostRestoreTimeout": {
"type": "integer",
"default": 45,
"title": "Timeout for Kanister efsPostRestore operations",
"description": "Timeout for Kanister efsPostRestore operations in minutes"
},
"podReadyWaitTimeout": {
"type": "integer",
"default": 15,
"title": "Timeout for Kanister tooling pods to be ready",
"description": "Timeout for Kanister tooling pods to be ready during operations in minutes"
},
"managedDataServicesBlueprintsEnabled": {
"type": "boolean",
"default": true,
"title": "Enable built-in Kanister Blueprints for data services",
"description": "Whether to enable built-in Kanister Blueprints for data services such as Crunchy Data Postgres Operator and K8ssandra"
}
}
},
"awsConfig": {
"type": "object",
"title": "AWS config",
"description": "AWS config",
"properties": {
"assumeRoleDuration": {
"type": "string",
"default": "",
"title": "Duration of a session token generated by AWS for an IAM role",
"description": "The minimum value is 15 minutes, and the maximum value is determined by the maximum session duration setting for that IAM role. For documentation on how to view and edit the maximum session duration for an IAM role, refer to https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session. The value accepts a number followed by a single character, 'm' (for minutes) or 'h' (for hours). Examples include: 60m or 2h"
},
"efsBackupVaultName": {
"type": "string",
"default": "k10vault",
"title": "the AWS EFS backup vault name",
"description": "Set the AWS EFS backup vault name"
}
}
},
"azure": {
"type": "object",
"title": "Azure config",
"description": "Azure config",
"properties": {
"useDefaultMSI": {
"type": "boolean",
"default": false,
"title": "Use the default Managed Identity",
"description": "Set to true - profile does not need a secret, Default Managed Identity will be used"
}
}
},
"google": {
"type": "object",
"title": "Google config",
"description": "Google auth config",
"properties": {
"workloadIdentityFederation": {
"type": "object",
"title": "Google Workload Identity Federation config",
"description": "config for Google Workload Identity Federation",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"title": "Enable Google Workload Identity Federation (GWIF) for K10",
"description": "Set to true - Google Workload Identity Federation is enabled for K10"
},
"idp": {
"type": "object",
"title": "Identity Provider config",
"description": "Identity Provider config",
"properties": {
"type": {
"type": "string",
"default": "",
"title": "Type of the Identity Provider for GWIF",
"description": "Set the type of IdP for GWIF"
},
"aud": {
"type": "string",
"default": "",
"title": "The audience that ID token is intended for",
"description": "Set the name of the audience that ID token is intended for"
}
}
}
}
}
}
},
"grafana": {
"type": "object",
"title": "Grafana config",
"description": "Settings for Grafana service",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"title": "Enable Grafana service",
"description": "Deploy Grafana service. If false Grafana will not be available"
}
}
},
"encryption": {
"type": "object",
"title": "Encryption config",
"description": "Encryption config",
"properties": {
"primaryKey": {
"type": "object",
"title": "primaryKey for encrypting of K10 primary key",
"description": "primaryKey is used for enabling encryption of K10 primary key",
"properties": {
"awsCmkKeyId": {
"type": "string",
"default": "",
"title": "The AWS CMK key ID for encrypting K10 Primary Key",
"description": "Ensures AWS CMK is used for encrypting K10 primary key"
},
"vaultTransitKeyName": {
"type": "string",
"default": "",
"title": "Vault transit Key Name",
"description": "Vault Transit key name for Vault integration"
},
"vaultTransitPath": {
"type": "string",
"default": "",
"title": "Vault transit path",
"description": "Vault transit path for Vault integration"
}
}
}
}
},
"vmWare": {
"type": "object",
"title": "VMWare integration config",
"properties": {
"taskTimeoutMin": {
"type": "integer",
"default": 60,
"title": "the timeout for VMWare operations",
"description": "the timeout for VMWare operations in minutes"
}
}
},
"vault": {
"type": "object",
"title": "Vault config",
"description": "Vault integration configuration",
"properties": {
"secretName": {
"type": "string",
"default": "",
"title": "Vault secret name",
"description": "Vault secret name"
},
"address": {
"type": "string",
"default": "http://vault.vault.svc:8200",
"title": "Vault address",
"description": "Specify Vault endpoint"
},
"role": {
"type": "string",
"default": "",
"title": "Vault Service Account Role",
"description": "Role that was bound to the service account name and namespace from cluster"
},
"serviceAccountTokenPath": {
"type": "string",
"default": "",
"title": "Token path for Vault Service Account Role",
"description": "Default: '/var/run/secrets/kubernetes.io/serviceaccount/token'"
}
}
},
"kubeVirtVMs": {
"type": "object",
"properties": {
"snapshot": {
"type": "object",
"properties": {
"unfreezeTimeout": {
"type": "string",
"title": "Unfreeze timeout for Virtual Machines",
"description": "Time within which K10 is expected to complete the Virtual Machine's backup and thaw the Virtual Machine.",
"default": "5m"
}
}
}
}
},
"excludedApps": {
"type": "array",
"items": {
"type": "string"
},
"default": [
"kube-system",
"kube-ingress",
"kube-node-lease",
"kube-public",
"kube-rook-ceph"
],
"title": "List of applications to be excluded",
"description": "List of applications to be excluded from the dashboard & compliance considerations"
},
"reporting": {
"type": "object",
"properties": {
"pdfReports": {
"title": "Enable PDF reports",
"description": "Enable download of PDF reports in the Dashboard",
"type": "boolean",
"default": true
}
}
},
"maxJobWaitDuration": {
"type": "string",
"default": "",
"title": "Maximum duration for jobs in minutes",
"description": "Set a maximum duration of waiting for child jobs. If the execution of the subordinate jobs exceeds this value, the parent job will be canceled. If no value is set, a default of 10 hours will be used"
},
"forceRootInKanisterHooks": {
"type": "boolean",
"default": true,
"title": "Run Kanister Hooks as root",
"description": "Forces Kanister Execution Hooks to run with root privileges"
}
}
}
Reference in New Issue View Git Blame Copy Permalink