diff --git a/charts/camunda-platform-alpha/README.md b/charts/camunda-platform-alpha/README.md index 91c2deebd7..f6fdb2c61d 100644 --- a/charts/camunda-platform-alpha/README.md +++ b/charts/camunda-platform-alpha/README.md @@ -1171,142 +1171,142 @@ Please see the corresponding [release guide](../../docs/release.md) to find out ### Orchestration Core Parameters -| Name | Description | Value | -| -------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `core` | configuration for the Orchestration Core. | | -| `core.enabled` | if true, all related resources are deployed via the helm release | `true` | -| `core.debug` | if true, extra info is printed. | `false` | -| `core.image` | configuration to configure the image specifics | | -| `core.image.registry` | can be used to set container image registry. | `""` | -| `core.image.repository` | defines which image repository to use | `camunda/camunda` | -| `core.image.tag` | can be set to overwrite the global tag, which should be used in that chart | `8.7.0-alpha1` | -| `core.image.pullSecrets` | can be used to configure image pull secrets https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod | `[]` | -| `core.sidecars` | can be used to attach extra containers to the deployment | `[]` | -| `core.clusterSize` | defines the amount of brokers (=replicas), which are deployed via helm | `3` | -| `core.partitionCount` | defines how many partitions are set up in the cluster | `3` | -| `core.replicationFactor` | defines how each partition is replicated, the value defines the number of nodes | `3` | -| `core.env` | can be used to set extra environment variables in each broker container | `[]` | -| `core.envFrom` | list of environment variables to import from configMapRef and secretRef | `[]` | -| `core.configMap` | configuration which will be applied to the mounted config map. | | -| `core.configMap.defaultMode` | can be used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. see https://github.com/kubernetes/api/blob/master/core/v1/types.go#L1615-L1623 | `754` | -| `core.command` | can be used to override the default command provided by the container image. See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/ | `[]` | -| `core.logLevel` | defines the log level which is used | `info` | -| `core.log4j2` | can be used to overwrite the log4j2 configuration | `""` | -| `core.javaOpts` | can be used to set java options | `-XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/usr/local/zeebe/data -XX:ErrorFile=/usr/local/zeebe/data/zeebe_error%p.log -XX:+ExitOnOutOfMemoryError` | -| `core.service` | configuration for the broker service | | -| `core.service.annotations` | can be used to define annotations, which will be applied to the service | `{}` | -| `core.service.type` | defines the type of the service https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | `ClusterIP` | -| `core.service.httpPort` | defines the port of the http endpoint, where for example metrics are provided | `8080` | -| `core.service.httpName` | defines the name of the http endpoint, where for example metrics are provided | `http` | -| `core.service.commandPort` | defines the port of the command api endpoint, where the broker commands are sent to | `26501` | -| `core.service.commandName` | defines the name of the command api endpoint, where the broker commands are sent to | `command` | -| `core.service.internalPort` | defines the port of the internal api endpoint, which is used for internal communication | `26502` | -| `core.service.internalName` | defines the name of the internal api endpoint, which is used for internal communication | `internal` | -| `core.service.extraPorts` | can be used to expose any other ports which are required. Can be useful for exporters | `[]` | -| `core.service.grpcPort` | defines the port of the gateway gRPC endpoint, where client commands (grpc) are sent to | `26500` | -| `core.service.grpcName` | defines the name of the gateway gRPC endpoint, where client commands (grpc) are sent to | `gateway` | -| `core.service.managementPort` | | `9600` | -| `core.service.managementName` | | `server` | -| `global.core.ServiceAccount` | configuration for the service account where the broker pods are assigned to | | -| `core.serviceAccount.enabled` | if true, enables the broker service account | `true` | -| `core.serviceAccount.name` | can be used to set the name of the broker service account | `""` | -| `core.serviceAccount.annotations` | can be used to set the annotations of the broker service account | `{}` | -| `core.serviceAccount.automountServiceAccountToken` | can be used to control whether the service account token should be automatically mounted | `false` | -| `core.ingress.grpc.enabled` | if true, an ingress resource is deployed with the Zeebe gateway deployment. Only useful if an ingress controller is available, like nginx. | `false` | -| `core.ingress.grpc.className` | defines the class or configuration of ingress which should be used by the controller | `nginx` | -| `core.ingress.grpc.annotations` | defines the ingress related annotations, consumed mostly by the ingress controller | `{}` | -| `core.ingress.grpc.path` | defines the path which is associated with the Zeebe gateway's gRPC service and port https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | `/` | -| `core.ingress.grpc.pathType` | can be used to define the Ingress path type. https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types | `Prefix` | -| `core.ingress.grpc.host` | can be used to define the host of the ingress rule. https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | `""` | -| `core.ingress.grpc.tls` | configuration for tls on the ingress resource https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | | -| `core.ingress.grpc.tls.enabled` | if true, then tls is configured on the ingress resource. If enabled the Ingress.host need to be defined. | `false` | -| `core.ingress.grpc.tls.secretName` | defines the secret name which contains the TLS private key and certificate | `camunda-platform-core-grpc` | -| `core.ingress.http.enabled` | if true, an ingress resource is deployed with the Zeebe gateway deployment. Only useful if an ingress controller is available, like nginx. | `false` | -| `core.ingress.http.className` | defines the class or configuration of ingress which should be used by the controller | `nginx` | -| `core.ingress.http.annotations` | defines the ingress related annotations, consumed mostly by the ingress controller | `{}` | -| `core.ingress.http.path` | defines the path which is associated with the Core HTTP service and port https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | `/` | -| `core.ingress.http.pathType` | can be used to define the Ingress path type. https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types | `Prefix` | -| `core.ingress.http.host` | can be used to define the host of the ingress rule. https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | `""` | -| `core.ingress.http.tls` | configuration for tls on the ingress resource https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | | -| `core.ingress.http.tls.enabled` | if true, then tls is configured on the ingress resource. If enabled the Ingress.host need to be defined. | `false` | -| `core.ingress.http.tls.secretName` | defines the secret name which contains the TLS private key and certificate | `camunda-platform-core-http` | -| `core.contextPath` | can be used to make Core web application works on a custom sub-path. This is mainly used to run Camunda web applications under a single domain. | `""` | -| `core.cpuThreadCount` | defines how many threads can be used for the processing on each broker pod | `3` | -| `core.ioThreadCount` | defines how many threads can be used for the exporting on each broker pod | `3` | -| `core.resources` | configuration to set request and limit configuration for the container https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits | | -| `core.resources.requests` | | | -| `core.resources.requests.cpu` | | `800m` | -| `core.resources.requests.memory` | | `1200Mi` | -| `core.resources.limits.cpu` | | `960m` | -| `core.resources.limits.memory` | | `1920Mi` | -| `core.persistenceType` | defines the type of persistence which is used by core. Possible values are: disk, local and memory. | `disk` | -| `core.pvc.size` | defines the persistent volume claim size, which is used by each broker pod https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims | `32Gi` | -| `core.pvc.accessModes` | can be used to configure the persistent volume claim access mode https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes | `["ReadWriteOnce"]` | -| `core.pvc.storageClassName` | can be used to set the storage class name which should be used by the persistent volume claim. | `""` | -| `core.pvc.annotations` | can be used to specify custom annotations for persistent volume claims, enhancing storage configuration flexibility. | `{}` | -| `core.pvc.selector` | can be used to specify a label selector for persistent volume claims for further filtering of the set of persistent volumes to select. | `{}` | -| `core.extraVolumes` | can be used to define extra volumes for the broker pods, useful for additional exporters | `[]` | -| `core.extraVolumeMounts` | can be used to mount extra volumes for the broker pods, useful for additional exporters | `[]` | -| `core.extraInitContainers` | (Deprecated - use `initContainers` instead) ExtraInitContainers can be used to set up extra init containers for the broker pods, useful for additional exporters | `[]` | -| `core.initContainers` | can be used to set up extra init containers for the application Pod | `[]` | -| `core.podAnnotations` | can be used to define extra broker pod annotations | `{}` | -| `core.podLabels` | can be used to define extra broker pod labels | `{}` | -| `core.podDisruptionBudget` | configuration to configure a pod disruption budget for the broker pods https://kubernetes.io/docs/tasks/run-application/configure-pdb/ | | -| `core.podDisruptionBudget.enabled` | if true a pod disruption budget is defined for the brokers | `false` | -| `core.podDisruptionBudget.minAvailable` | can be used to set how many pods should be available. Be aware that if minAvailable is set, maxUnavailable will not be set (they are mutually exclusive). | `nil` | -| `core.podDisruptionBudget.maxUnavailable` | can be used to set how many pods should be at max. unavailable | `1` | -| `core.podSecurityContext` | defines the security options the pod should be run with | | -| `core.podSecurityContext.runAsNonRoot` | run as non root | `true` | -| `core.podSecurityContext.fsGroup` | | `1001` | -| `core.podSecurityContext.seccompProfile` | | | -| `core.podSecurityContext.seccompProfile.type` | | `RuntimeDefault` | -| `core.containerSecurityContext` | defines the security options the container should be run with | | -| `core.containerSecurityContext.allowPrivilegeEscalation` | | `false` | -| `core.containerSecurityContext.privileged` | | `false` | -| `core.containerSecurityContext.readOnlyRootFilesystem` | | `true` | -| `core.containerSecurityContext.runAsNonRoot` | | `true` | -| `core.containerSecurityContext.runAsUser` | | `1001` | -| `core.containerSecurityContext.seccompProfile` | | | -| `core.containerSecurityContext.seccompProfile.type` | | `RuntimeDefault` | -| `core.startupProbe` | configuration | | -| `core.startupProbe.enabled` | if true, the startup probe is enabled in app container | `false` | -| `core.startupProbe.scheme` | defines the startup probe schema used on calling the probePath | `HTTP` | -| `core.startupProbe.probePath` | defines the startup probe route used on the app | `/actuator/health/startup` | -| `core.startupProbe.initialDelaySeconds` | defines the number of seconds after the container has started before the probe is initiated. | `30` | -| `core.startupProbe.periodSeconds` | defines how often the probe is executed | `30` | -| `core.startupProbe.successThreshold` | defines how often it needs to be true to be marked as ready, after failure | `1` | -| `core.startupProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | -| `core.startupProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | -| `core.readinessProbe` | configuration | | -| `core.readinessProbe.enabled` | if true, the readiness probe is enabled in app container | `true` | -| `core.readinessProbe.scheme` | defines the startup probe schema used on calling the probePath | `HTTP` | -| `core.readinessProbe.probePath` | defines the readiness probe route used on the app | `/actuator/health/readiness` | -| `core.readinessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | -| `core.readinessProbe.periodSeconds` | defines how often the probe is executed | `30` | -| `core.readinessProbe.successThreshold` | defines how often it needs to be true to be marked as ready, after failure | `1` | -| `core.readinessProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | -| `core.readinessProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | -| `core.livenessProbe` | configuration | | -| `core.livenessProbe.enabled` | if true, the liveness probe is enabled in app container | `false` | -| `core.livenessProbe.scheme` | defines the startup probe schema used on calling the probePath | `HTTP` | -| `core.livenessProbe.probePath` | defines the liveness probe route used on the app. The path is intended to be the same as the readinessProbe. Refer to this issue for more details: https://github.com/camunda/camunda-platform-helm/issues/1849 | `/actuator/health/readiness` | -| `core.livenessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | -| `core.livenessProbe.periodSeconds` | defines how often the probe is executed | `30` | -| `core.livenessProbe.successThreshold` | defines how often it needs to be true to be considered successful after having failed | `1` | -| `core.livenessProbe.failureThreshold` | defines when the probe is considered as failed so the container will be restarted | `5` | -| `core.livenessProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | -| `core.metrics.prometheus` | Prometheus metrics endpoint | `/actuator/prometheus` | -| `core.nodeSelector` | can be used to define on which nodes the broker pods should run | `{}` | -| `core.tolerations` | can be used to define pod toleration's https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | `[]` | -| `global.core.Affinity` | can be used to define pod affinity or anti-affinity https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | | -| `core.priorityClassName` | can be used to define the broker pods priority https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass | `""` | -| `core.retention.enabled` | if true, the ILM Policy is created and applied to the index templates. | `false` | -| `core.retention.minimumAge` | defines how old the data must be, before the data is deleted as a duration. | `30d` | -| `core.retention.policyName` | defines the name of the created and applied ILM policy. | `core-record-retention-policy` | -| `core.configuration` | if specified, contents will be used as the application.yaml | `""` | -| `core.extraConfiguration` | if specified, contents will be used for any extra configuration files such as log4j2.xml | `{}` | -| `core.dnsPolicy` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy | `""` | -| `core.dnsConfig` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config | `{}` | +| Name | Description | Value | +| -------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `core` | configuration for the Orchestration Core. | | +| `core.enabled` | if true, all related resources are deployed via the helm release | `true` | +| `core.debug` | if true, extra info is printed. | `false` | +| `core.image` | configuration to configure the image specifics | | +| `core.image.registry` | can be used to set container image registry. | `""` | +| `core.image.repository` | defines which image repository to use | `camunda/camunda` | +| `core.image.tag` | can be set to overwrite the global tag, which should be used in that chart | `8.7.0-alpha1` | +| `core.image.pullSecrets` | can be used to configure image pull secrets https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod | `[]` | +| `core.sidecars` | can be used to attach extra containers to the deployment | `[]` | +| `core.clusterSize` | defines the amount of brokers (=replicas), which are deployed via helm | `3` | +| `core.partitionCount` | defines how many partitions are set up in the cluster | `3` | +| `core.replicationFactor` | defines how each partition is replicated, the value defines the number of nodes | `3` | +| `core.env` | can be used to set extra environment variables in each broker container | `[]` | +| `core.envFrom` | list of environment variables to import from configMapRef and secretRef | `[]` | +| `core.configMap` | configuration which will be applied to the mounted config map. | | +| `core.configMap.defaultMode` | can be used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. see https://github.com/kubernetes/api/blob/master/core/v1/types.go#L1615-L1623 | `754` | +| `core.command` | can be used to override the default command provided by the container image. See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/ | `[]` | +| `core.logLevel` | defines the log level which is used | `info` | +| `core.log4j2` | can be used to overwrite the log4j2 configuration | `""` | +| `core.javaOpts` | can be used to set java options | `-XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/usr/local/camunda/data -XX:ErrorFile=/usr/local/camunda/data/zeebe_error%p.log -XX:+ExitOnOutOfMemoryError` | +| `core.service` | configuration for the broker service | | +| `core.service.annotations` | can be used to define annotations, which will be applied to the service | `{}` | +| `core.service.type` | defines the type of the service https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | `ClusterIP` | +| `core.service.httpPort` | defines the port of the http endpoint, where for example metrics are provided | `8080` | +| `core.service.httpName` | defines the name of the http endpoint, where for example metrics are provided | `http` | +| `core.service.commandPort` | defines the port of the command api endpoint, where the broker commands are sent to | `26501` | +| `core.service.commandName` | defines the name of the command api endpoint, where the broker commands are sent to | `command` | +| `core.service.internalPort` | defines the port of the internal api endpoint, which is used for internal communication | `26502` | +| `core.service.internalName` | defines the name of the internal api endpoint, which is used for internal communication | `internal` | +| `core.service.extraPorts` | can be used to expose any other ports which are required. Can be useful for exporters | `[]` | +| `core.service.grpcPort` | defines the port of the gateway gRPC endpoint, where client commands (grpc) are sent to | `26500` | +| `core.service.grpcName` | defines the name of the gateway gRPC endpoint, where client commands (grpc) are sent to | `gateway` | +| `core.service.managementPort` | | `9600` | +| `core.service.managementName` | | `server` | +| `global.core.ServiceAccount` | configuration for the service account where the broker pods are assigned to | | +| `core.serviceAccount.enabled` | if true, enables the broker service account | `true` | +| `core.serviceAccount.name` | can be used to set the name of the broker service account | `""` | +| `core.serviceAccount.annotations` | can be used to set the annotations of the broker service account | `{}` | +| `core.serviceAccount.automountServiceAccountToken` | can be used to control whether the service account token should be automatically mounted | `false` | +| `core.ingress.grpc.enabled` | if true, an ingress resource is deployed with the Zeebe gateway deployment. Only useful if an ingress controller is available, like nginx. | `false` | +| `core.ingress.grpc.className` | defines the class or configuration of ingress which should be used by the controller | `nginx` | +| `core.ingress.grpc.annotations` | defines the ingress related annotations, consumed mostly by the ingress controller | `{}` | +| `core.ingress.grpc.path` | defines the path which is associated with the Zeebe gateway's gRPC service and port https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | `/` | +| `core.ingress.grpc.pathType` | can be used to define the Ingress path type. https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types | `Prefix` | +| `core.ingress.grpc.host` | can be used to define the host of the ingress rule. https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | `""` | +| `core.ingress.grpc.tls` | configuration for tls on the ingress resource https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | | +| `core.ingress.grpc.tls.enabled` | if true, then tls is configured on the ingress resource. If enabled the Ingress.host need to be defined. | `false` | +| `core.ingress.grpc.tls.secretName` | defines the secret name which contains the TLS private key and certificate | `camunda-platform-core-grpc` | +| `core.ingress.http.enabled` | if true, an ingress resource is deployed with the Zeebe gateway deployment. Only useful if an ingress controller is available, like nginx. | `false` | +| `core.ingress.http.className` | defines the class or configuration of ingress which should be used by the controller | `nginx` | +| `core.ingress.http.annotations` | defines the ingress related annotations, consumed mostly by the ingress controller | `{}` | +| `core.ingress.http.path` | defines the path which is associated with the Core HTTP service and port https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | `/` | +| `core.ingress.http.pathType` | can be used to define the Ingress path type. https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types | `Prefix` | +| `core.ingress.http.host` | can be used to define the host of the ingress rule. https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | `""` | +| `core.ingress.http.tls` | configuration for tls on the ingress resource https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | | +| `core.ingress.http.tls.enabled` | if true, then tls is configured on the ingress resource. If enabled the Ingress.host need to be defined. | `false` | +| `core.ingress.http.tls.secretName` | defines the secret name which contains the TLS private key and certificate | `camunda-platform-core-http` | +| `core.contextPath` | can be used to make Core web application works on a custom sub-path. This is mainly used to run Camunda web applications under a single domain. | `""` | +| `core.cpuThreadCount` | defines how many threads can be used for the processing on each broker pod | `3` | +| `core.ioThreadCount` | defines how many threads can be used for the exporting on each broker pod | `3` | +| `core.resources` | configuration to set request and limit configuration for the container https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits | | +| `core.resources.requests` | | | +| `core.resources.requests.cpu` | | `800m` | +| `core.resources.requests.memory` | | `1200Mi` | +| `core.resources.limits.cpu` | | `960m` | +| `core.resources.limits.memory` | | `1920Mi` | +| `core.persistenceType` | defines the type of persistence which is used by core. Possible values are: disk, local and memory. | `disk` | +| `core.pvc.size` | defines the persistent volume claim size, which is used by each broker pod https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims | `32Gi` | +| `core.pvc.accessModes` | can be used to configure the persistent volume claim access mode https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes | `["ReadWriteOnce"]` | +| `core.pvc.storageClassName` | can be used to set the storage class name which should be used by the persistent volume claim. | `""` | +| `core.pvc.annotations` | can be used to specify custom annotations for persistent volume claims, enhancing storage configuration flexibility. | `{}` | +| `core.pvc.selector` | can be used to specify a label selector for persistent volume claims for further filtering of the set of persistent volumes to select. | `{}` | +| `core.extraVolumes` | can be used to define extra volumes for the broker pods, useful for additional exporters | `[]` | +| `core.extraVolumeMounts` | can be used to mount extra volumes for the broker pods, useful for additional exporters | `[]` | +| `core.extraInitContainers` | (Deprecated - use `initContainers` instead) ExtraInitContainers can be used to set up extra init containers for the broker pods, useful for additional exporters | `[]` | +| `core.initContainers` | can be used to set up extra init containers for the application Pod | `[]` | +| `core.podAnnotations` | can be used to define extra broker pod annotations | `{}` | +| `core.podLabels` | can be used to define extra broker pod labels | `{}` | +| `core.podDisruptionBudget` | configuration to configure a pod disruption budget for the broker pods https://kubernetes.io/docs/tasks/run-application/configure-pdb/ | | +| `core.podDisruptionBudget.enabled` | if true a pod disruption budget is defined for the brokers | `false` | +| `core.podDisruptionBudget.minAvailable` | can be used to set how many pods should be available. Be aware that if minAvailable is set, maxUnavailable will not be set (they are mutually exclusive). | `nil` | +| `core.podDisruptionBudget.maxUnavailable` | can be used to set how many pods should be at max. unavailable | `1` | +| `core.podSecurityContext` | defines the security options the pod should be run with | | +| `core.podSecurityContext.runAsNonRoot` | run as non root | `true` | +| `core.podSecurityContext.fsGroup` | | `1001` | +| `core.podSecurityContext.seccompProfile` | | | +| `core.podSecurityContext.seccompProfile.type` | | `RuntimeDefault` | +| `core.containerSecurityContext` | defines the security options the container should be run with | | +| `core.containerSecurityContext.allowPrivilegeEscalation` | | `false` | +| `core.containerSecurityContext.privileged` | | `false` | +| `core.containerSecurityContext.readOnlyRootFilesystem` | | `true` | +| `core.containerSecurityContext.runAsNonRoot` | | `true` | +| `core.containerSecurityContext.runAsUser` | | `1001` | +| `core.containerSecurityContext.seccompProfile` | | | +| `core.containerSecurityContext.seccompProfile.type` | | `RuntimeDefault` | +| `core.startupProbe` | configuration | | +| `core.startupProbe.enabled` | if true, the startup probe is enabled in app container | `false` | +| `core.startupProbe.scheme` | defines the startup probe schema used on calling the probePath | `HTTP` | +| `core.startupProbe.probePath` | defines the startup probe route used on the app | `/actuator/health/startup` | +| `core.startupProbe.initialDelaySeconds` | defines the number of seconds after the container has started before the probe is initiated. | `30` | +| `core.startupProbe.periodSeconds` | defines how often the probe is executed | `30` | +| `core.startupProbe.successThreshold` | defines how often it needs to be true to be marked as ready, after failure | `1` | +| `core.startupProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | +| `core.startupProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | +| `core.readinessProbe` | configuration | | +| `core.readinessProbe.enabled` | if true, the readiness probe is enabled in app container | `true` | +| `core.readinessProbe.scheme` | defines the startup probe schema used on calling the probePath | `HTTP` | +| `core.readinessProbe.probePath` | defines the readiness probe route used on the app | `/actuator/health/readiness` | +| `core.readinessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | +| `core.readinessProbe.periodSeconds` | defines how often the probe is executed | `30` | +| `core.readinessProbe.successThreshold` | defines how often it needs to be true to be marked as ready, after failure | `1` | +| `core.readinessProbe.failureThreshold` | defines when the probe is considered as failed so the Pod will be marked Unready | `5` | +| `core.readinessProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | +| `core.livenessProbe` | configuration | | +| `core.livenessProbe.enabled` | if true, the liveness probe is enabled in app container | `false` | +| `core.livenessProbe.scheme` | defines the startup probe schema used on calling the probePath | `HTTP` | +| `core.livenessProbe.probePath` | defines the liveness probe route used on the app. The path is intended to be the same as the readinessProbe. Refer to this issue for more details: https://github.com/camunda/camunda-platform-helm/issues/1849 | `/actuator/health/readiness` | +| `core.livenessProbe.initialDelaySeconds` | defines the number of seconds after the container has started before | `30` | +| `core.livenessProbe.periodSeconds` | defines how often the probe is executed | `30` | +| `core.livenessProbe.successThreshold` | defines how often it needs to be true to be considered successful after having failed | `1` | +| `core.livenessProbe.failureThreshold` | defines when the probe is considered as failed so the container will be restarted | `5` | +| `core.livenessProbe.timeoutSeconds` | defines the seconds after the probe times out | `1` | +| `core.metrics.prometheus` | Prometheus metrics endpoint | `/actuator/prometheus` | +| `core.nodeSelector` | can be used to define on which nodes the broker pods should run | `{}` | +| `core.tolerations` | can be used to define pod toleration's https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | `[]` | +| `global.core.Affinity` | can be used to define pod affinity or anti-affinity https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | | +| `core.priorityClassName` | can be used to define the broker pods priority https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass | `""` | +| `core.retention.enabled` | if true, the ILM Policy is created and applied to the index templates. | `false` | +| `core.retention.minimumAge` | defines how old the data must be, before the data is deleted as a duration. | `30d` | +| `core.retention.policyName` | defines the name of the created and applied ILM policy. | `core-record-retention-policy` | +| `core.configuration` | if specified, contents will be used as the application.yaml | `""` | +| `core.extraConfiguration` | if specified, contents will be used for any extra configuration files such as log4j2.xml | `{}` | +| `core.dnsPolicy` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy | `""` | +| `core.dnsConfig` | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config | `{}` | ### Optimize Parameters diff --git a/charts/camunda-platform-alpha/templates/service-monitor/core-service-monitor.yaml b/charts/camunda-platform-alpha/templates/service-monitor/core-service-monitor.yaml index 1a9d40ab46..ffcad4f8ad 100644 --- a/charts/camunda-platform-alpha/templates/service-monitor/core-service-monitor.yaml +++ b/charts/camunda-platform-alpha/templates/service-monitor/core-service-monitor.yaml @@ -13,6 +13,6 @@ spec: endpoints: - honorLabels: true path: {{ .Values.core.contextPath }}{{ .Values.core.metrics.prometheus }} - port: http + port: {{ default "server" .Values.core.service.managementName }} interval: {{ .Values.prometheusServiceMonitor.scrapeInterval }} {{- end }} diff --git a/charts/camunda-platform-alpha/test/unit/camunda/golden/core-service-monitor.golden.yaml b/charts/camunda-platform-alpha/test/unit/camunda/golden/core-service-monitor.golden.yaml index 20799a96ed..6dda1b4640 100644 --- a/charts/camunda-platform-alpha/test/unit/camunda/golden/core-service-monitor.golden.yaml +++ b/charts/camunda-platform-alpha/test/unit/camunda/golden/core-service-monitor.golden.yaml @@ -19,5 +19,5 @@ spec: endpoints: - honorLabels: true path: /actuator/prometheus - port: http + port: server interval: 10s \ No newline at end of file diff --git a/charts/camunda-platform-alpha/test/unit/core/golden/statefulset.golden.yaml b/charts/camunda-platform-alpha/test/unit/core/golden/statefulset.golden.yaml index 4e4c857b89..e4ac15dc9d 100644 --- a/charts/camunda-platform-alpha/test/unit/core/golden/statefulset.golden.yaml +++ b/charts/camunda-platform-alpha/test/unit/core/golden/statefulset.golden.yaml @@ -80,7 +80,7 @@ spec: name: camunda-platform-test-core-identity-secret key: core-secret - name: JAVA_TOOL_OPTIONS - value: "-XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/usr/local/zeebe/data -XX:ErrorFile=/usr/local/zeebe/data/zeebe_error%p.log -XX:+ExitOnOutOfMemoryError" + value: "-XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/usr/local/camunda/data -XX:ErrorFile=/usr/local/camunda/data/zeebe_error%p.log -XX:+ExitOnOutOfMemoryError" - name: K8S_POD_NAME valueFrom: fieldRef: diff --git a/charts/camunda-platform-alpha/values.yaml b/charts/camunda-platform-alpha/values.yaml index 603c4c217b..6197a575b4 100644 --- a/charts/camunda-platform-alpha/values.yaml +++ b/charts/camunda-platform-alpha/values.yaml @@ -2044,8 +2044,8 @@ core: ## @param core.javaOpts can be used to set java options javaOpts: >- -XX:+HeapDumpOnOutOfMemoryError - -XX:HeapDumpPath=/usr/local/zeebe/data - -XX:ErrorFile=/usr/local/zeebe/data/zeebe_error%p.log + -XX:HeapDumpPath=/usr/local/camunda/data + -XX:ErrorFile=/usr/local/camunda/data/zeebe_error%p.log -XX:+ExitOnOutOfMemoryError ## @extra core.service configuration for the broker service