@rulebricks/cli 2.1.7 → 2.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +51 -16
- package/cluster-setup/aws/README.md +96 -47
- package/cluster-setup/aws/check-aws-access.sh +216 -52
- package/cluster-setup/aws/parameters.json +13 -0
- package/cluster-setup/aws/rulebricks-cluster.cfn.yaml +355 -0
- package/cluster-setup/azure/README.md +103 -55
- package/cluster-setup/azure/check-aks-prereqs.sh +236 -56
- package/cluster-setup/azure/parameters.json +30 -0
- package/cluster-setup/azure/rulebricks-cluster.bicep +546 -0
- package/cluster-setup/gcp/README.md +51 -34
- package/cluster-setup/gcp/check-gke-prereqs.sh +222 -60
- package/dist/commands/backup.d.ts +5 -0
- package/dist/commands/backup.js +104 -0
- package/dist/commands/deploy.d.ts +3 -1
- package/dist/commands/deploy.js +226 -326
- package/dist/commands/destroy.d.ts +1 -1
- package/dist/commands/destroy.js +73 -123
- package/dist/commands/init.d.ts +5 -1
- package/dist/commands/init.js +78 -54
- package/dist/commands/list.d.ts +1 -0
- package/dist/commands/list.js +74 -0
- package/dist/commands/open.d.ts +1 -1
- package/dist/commands/open.js +4 -12
- package/dist/commands/redeploy.d.ts +6 -0
- package/dist/commands/redeploy.js +310 -0
- package/dist/commands/restore.d.ts +5 -0
- package/dist/commands/restore.js +338 -0
- package/dist/commands/status.js +62 -49
- package/dist/commands/upgrade.js +74 -51
- package/dist/components/DNSWaitScreen.d.ts +5 -1
- package/dist/components/DNSWaitScreen.js +47 -41
- package/dist/components/Wizard/WizardContext.d.ts +157 -36
- package/dist/components/Wizard/WizardContext.js +872 -160
- package/dist/components/Wizard/steps/CloudProviderStep.js +192 -107
- package/dist/components/Wizard/steps/DomainStep.js +5 -24
- package/dist/components/Wizard/steps/ExternalServicesStep.d.ts +6 -0
- package/dist/components/Wizard/steps/ExternalServicesStep.js +645 -0
- package/dist/components/Wizard/steps/FeatureConfigStep.d.ts +2 -1
- package/dist/components/Wizard/steps/FeatureConfigStep.js +739 -425
- package/dist/components/Wizard/steps/FeaturesStep.js +31 -35
- package/dist/components/Wizard/steps/ObservabilityStep.d.ts +6 -0
- package/dist/components/Wizard/steps/ObservabilityStep.js +137 -0
- package/dist/components/Wizard/steps/ReviewStep.d.ts +2 -1
- package/dist/components/Wizard/steps/ReviewStep.js +56 -12
- package/dist/components/Wizard/steps/StorageStep.d.ts +9 -0
- package/dist/components/Wizard/steps/StorageStep.js +592 -0
- package/dist/components/Wizard/steps/SupabaseCredentialsStep.js +20 -21
- package/dist/components/Wizard/steps/VersionStep.js +45 -23
- package/dist/components/Wizard/steps/index.d.ts +3 -3
- package/dist/components/Wizard/steps/index.js +3 -3
- package/dist/components/common/CommandApproval.d.ts +12 -0
- package/dist/components/common/CommandApproval.js +91 -0
- package/dist/components/common/DeploymentPicker.d.ts +14 -0
- package/dist/components/common/DeploymentPicker.js +16 -0
- package/dist/components/common/index.d.ts +2 -0
- package/dist/components/common/index.js +2 -0
- package/dist/index.js +94 -62
- package/dist/lib/cloudCli.d.ts +134 -63
- package/dist/lib/cloudCli.js +512 -220
- package/dist/lib/clusterSetupDefaults.d.ts +30 -0
- package/dist/lib/clusterSetupDefaults.js +64 -0
- package/dist/lib/commandApproval.d.ts +26 -0
- package/dist/lib/commandApproval.js +114 -0
- package/dist/lib/config.d.ts +12 -10
- package/dist/lib/config.js +91 -33
- package/dist/lib/configFixtures.d.ts +5 -0
- package/dist/lib/configFixtures.js +513 -0
- package/dist/lib/deploymentHealth.d.ts +32 -0
- package/dist/lib/deploymentHealth.js +157 -0
- package/dist/lib/dns.d.ts +1 -1
- package/dist/lib/dns.js +19 -1
- package/dist/lib/dns.test.d.ts +1 -0
- package/dist/lib/dns.test.js +27 -0
- package/dist/lib/dockerHub.d.ts +12 -1
- package/dist/lib/dockerHub.js +18 -8
- package/dist/lib/helm.d.ts +4 -0
- package/dist/lib/helm.js +16 -0
- package/dist/lib/helmValues.d.ts +25 -0
- package/dist/lib/helmValues.js +1762 -289
- package/dist/lib/helmValues.test.d.ts +1 -0
- package/dist/lib/helmValues.test.js +966 -0
- package/dist/lib/htpasswd.d.ts +1 -0
- package/dist/lib/htpasswd.js +15 -0
- package/dist/lib/kubernetes.d.ts +124 -17
- package/dist/lib/kubernetes.js +576 -145
- package/dist/lib/secrets.d.ts +23 -0
- package/dist/lib/secrets.js +158 -0
- package/dist/lib/validateValues.d.ts +31 -0
- package/dist/lib/validateValues.js +253 -0
- package/dist/lib/versions.d.ts +82 -11
- package/dist/lib/versions.js +131 -31
- package/dist/lib/versions.test.d.ts +1 -0
- package/dist/lib/versions.test.js +81 -0
- package/dist/lib/wizardSteps.d.ts +14 -0
- package/dist/lib/wizardSteps.js +23 -0
- package/dist/lib/workloadIdentity.d.ts +26 -0
- package/dist/lib/workloadIdentity.js +323 -0
- package/dist/lib/workloadIdentity.test.d.ts +1 -0
- package/dist/lib/workloadIdentity.test.js +57 -0
- package/dist/types/index.d.ts +1860 -164
- package/dist/types/index.js +518 -295
- package/package.json +9 -4
- package/schema/values.schema.json +1934 -0
- package/cluster-setup/aws/cluster.yaml +0 -33
- package/cluster-setup/azure/main.bicep +0 -282
- package/cluster-setup/azure/main.parameters.json +0 -21
- package/dist/components/Wizard/steps/CredentialsStep.d.ts +0 -6
- package/dist/components/Wizard/steps/CredentialsStep.js +0 -22
- package/dist/components/Wizard/steps/DeploymentModeStep.d.ts +0 -5
- package/dist/components/Wizard/steps/DeploymentModeStep.js +0 -26
- package/dist/components/Wizard/steps/TierStep.d.ts +0 -6
- package/dist/components/Wizard/steps/TierStep.js +0 -29
- package/dist/lib/terraform.d.ts +0 -66
- package/dist/lib/terraform.js +0 -754
- package/terraform/aws/main.tf +0 -355
- package/terraform/azure/main.tf +0 -371
- package/terraform/gcp/main.tf +0 -407
|
@@ -0,0 +1,1934 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
3
|
+
"title": "Rulebricks Chart Values",
|
|
4
|
+
"description": "Configuration values for the Rulebricks umbrella chart.",
|
|
5
|
+
"type": "object",
|
|
6
|
+
"required": ["global"],
|
|
7
|
+
"properties": {
|
|
8
|
+
"global": {
|
|
9
|
+
"type": "object",
|
|
10
|
+
"required": ["domain", "email"],
|
|
11
|
+
"properties": {
|
|
12
|
+
"domain": {
|
|
13
|
+
"type": "string",
|
|
14
|
+
"minLength": 1,
|
|
15
|
+
"description": "Base domain for the deployment (e.g., rb.example.com)"
|
|
16
|
+
},
|
|
17
|
+
"email": {
|
|
18
|
+
"type": "string",
|
|
19
|
+
"minLength": 1,
|
|
20
|
+
"description": "Admin email (required for TLS certificates)"
|
|
21
|
+
},
|
|
22
|
+
"licenseKey": {
|
|
23
|
+
"type": "string",
|
|
24
|
+
"description": "Rulebricks license key"
|
|
25
|
+
},
|
|
26
|
+
"version": {
|
|
27
|
+
"type": "string",
|
|
28
|
+
"pattern": "^$|^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z.-]+)?$",
|
|
29
|
+
"description": "Rulebricks product version used by app, HPS, HPS worker, and migration images"
|
|
30
|
+
},
|
|
31
|
+
"imageRegistry": {
|
|
32
|
+
"type": "string",
|
|
33
|
+
"description": "Single registry host override applied to every image (empty = docker.io/rulebricks/*). Replaces the host, keeps the rulebricks/<name> path."
|
|
34
|
+
},
|
|
35
|
+
"imageDigests": {
|
|
36
|
+
"type": "object",
|
|
37
|
+
"description": "Generated name->sha256 digest map (scripts/images/render-digests.sh); when a name is present the image helper pins @sha256 instead of :tag",
|
|
38
|
+
"additionalProperties": { "type": "string" }
|
|
39
|
+
},
|
|
40
|
+
"images": {
|
|
41
|
+
"type": "object",
|
|
42
|
+
"description": "Shared leaf images (init/hook/test utilities) as {registry, repository, tag} dicts rendered through the image helper",
|
|
43
|
+
"additionalProperties": {
|
|
44
|
+
"type": "object",
|
|
45
|
+
"properties": {
|
|
46
|
+
"registry": { "type": "string" },
|
|
47
|
+
"repository": { "type": "string" },
|
|
48
|
+
"tag": { "type": "string" },
|
|
49
|
+
"digest": { "type": "string" }
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
},
|
|
53
|
+
"imagePullSecrets": {
|
|
54
|
+
"type": "array",
|
|
55
|
+
"description": "Pull secrets for the private rulebricks/* images (and any custom registry the imageRegistry override points at)",
|
|
56
|
+
"items": { "type": "object" }
|
|
57
|
+
},
|
|
58
|
+
"tlsEnabled": {
|
|
59
|
+
"type": "boolean",
|
|
60
|
+
"description": "Enable TLS/HTTPS"
|
|
61
|
+
},
|
|
62
|
+
"externalDnsEnabled": {
|
|
63
|
+
"type": "boolean",
|
|
64
|
+
"description": "Enable external-dns integration for automatic DNS record management"
|
|
65
|
+
},
|
|
66
|
+
"priorityClasses": {
|
|
67
|
+
"type": "object",
|
|
68
|
+
"description": "Release-scoped scheduling priority tiers: <release>-critical (1000000) for stateful infrastructure and <release>-burst (-5) for the worker fleet, so critical pods always preempt burst workers.",
|
|
69
|
+
"properties": {
|
|
70
|
+
"enabled": { "type": "boolean", "default": true }
|
|
71
|
+
}
|
|
72
|
+
},
|
|
73
|
+
"storage": {
|
|
74
|
+
"type": "object",
|
|
75
|
+
"description": "Shared object storage: one provider, one identity, and one bucket/container with per-purpose path prefixes",
|
|
76
|
+
"properties": {
|
|
77
|
+
"provider": { "type": "string", "enum": ["s3", "azure-blob", "gcs"], "default": "s3" },
|
|
78
|
+
"bucket": { "type": "string", "description": "Single bucket (S3/GCS) or storage account (azure-blob) holding all Rulebricks data" },
|
|
79
|
+
"region": { "type": "string" },
|
|
80
|
+
"s3": {
|
|
81
|
+
"type": "object",
|
|
82
|
+
"properties": {
|
|
83
|
+
"iamRoleArn": { "type": "string" },
|
|
84
|
+
"existingSecret": {
|
|
85
|
+
"type": "object",
|
|
86
|
+
"properties": {
|
|
87
|
+
"name": { "type": "string" }
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
},
|
|
92
|
+
"azure": {
|
|
93
|
+
"type": "object",
|
|
94
|
+
"properties": {
|
|
95
|
+
"authMode": { "type": "string", "enum": ["workload-identity", "connection-string"], "default": "workload-identity" },
|
|
96
|
+
"clientId": { "type": "string" },
|
|
97
|
+
"tenantId": { "type": "string" },
|
|
98
|
+
"container": { "type": "string", "description": "Single blob container holding all path prefixes" },
|
|
99
|
+
"connectionStringSecretRef": {
|
|
100
|
+
"type": "object",
|
|
101
|
+
"properties": {
|
|
102
|
+
"name": { "type": "string" },
|
|
103
|
+
"key": { "type": "string" }
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
},
|
|
108
|
+
"gcp": {
|
|
109
|
+
"type": "object",
|
|
110
|
+
"properties": {
|
|
111
|
+
"serviceAccountEmail": { "type": "string" }
|
|
112
|
+
}
|
|
113
|
+
},
|
|
114
|
+
"paths": {
|
|
115
|
+
"type": "object",
|
|
116
|
+
"description": "Per-purpose key prefixes within the single bucket/container",
|
|
117
|
+
"properties": {
|
|
118
|
+
"decisionLogs": { "type": "string" },
|
|
119
|
+
"dbBackups": { "type": "string" }
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
},
|
|
124
|
+
"smtp": {
|
|
125
|
+
"type": "object",
|
|
126
|
+
"description": "SMTP Configuration",
|
|
127
|
+
"properties": {
|
|
128
|
+
"host": { "type": "string" },
|
|
129
|
+
"port": { "type": "integer" },
|
|
130
|
+
"user": { "type": "string" },
|
|
131
|
+
"pass": { "type": "string" },
|
|
132
|
+
"from": { "type": "string" },
|
|
133
|
+
"fromName": { "type": "string" }
|
|
134
|
+
}
|
|
135
|
+
},
|
|
136
|
+
"supabase": {
|
|
137
|
+
"type": "object",
|
|
138
|
+
"description": "Auth/Database Configuration",
|
|
139
|
+
"properties": {
|
|
140
|
+
"anonKey": { "type": "string" },
|
|
141
|
+
"serviceKey": { "type": "string" },
|
|
142
|
+
"url": { "type": "string" },
|
|
143
|
+
"projectRef": { "type": "string" },
|
|
144
|
+
"accessToken": { "type": "string" },
|
|
145
|
+
"jwtSecret": { "type": "string" },
|
|
146
|
+
"emails": {
|
|
147
|
+
"type": "object",
|
|
148
|
+
"properties": {
|
|
149
|
+
"subjects": { "type": "object" },
|
|
150
|
+
"templates": { "type": "object" }
|
|
151
|
+
}
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
},
|
|
155
|
+
"ai": {
|
|
156
|
+
"type": "object",
|
|
157
|
+
"description": "AI Features Configuration",
|
|
158
|
+
"properties": {
|
|
159
|
+
"enabled": { "type": "boolean" },
|
|
160
|
+
"openaiApiKey": { "type": "string" }
|
|
161
|
+
}
|
|
162
|
+
},
|
|
163
|
+
"secrets": {
|
|
164
|
+
"type": "object",
|
|
165
|
+
"description": "Secrets Configuration",
|
|
166
|
+
"properties": {
|
|
167
|
+
"secretRef": { "type": "string" },
|
|
168
|
+
"secretRefKeys": { "type": "object" }
|
|
169
|
+
}
|
|
170
|
+
},
|
|
171
|
+
"sso": {
|
|
172
|
+
"type": "object",
|
|
173
|
+
"description": "Enterprise SSO Configuration",
|
|
174
|
+
"properties": {
|
|
175
|
+
"enabled": { "type": "boolean" },
|
|
176
|
+
"provider": {
|
|
177
|
+
"type": "string",
|
|
178
|
+
"enum": ["azure", "google", "okta", "keycloak", "ory", "other", ""]
|
|
179
|
+
},
|
|
180
|
+
"url": { "type": "string" },
|
|
181
|
+
"clientId": { "type": "string" },
|
|
182
|
+
"clientSecret": { "type": "string" }
|
|
183
|
+
}
|
|
184
|
+
},
|
|
185
|
+
"externalAuth": {
|
|
186
|
+
"type": "object",
|
|
187
|
+
"description": "External Authentication / Token Passthrough for proxy-gated deployments",
|
|
188
|
+
"properties": {
|
|
189
|
+
"enabled": { "type": "boolean", "default": false },
|
|
190
|
+
"header": { "type": "string", "default": "Authorization" },
|
|
191
|
+
"claims": {
|
|
192
|
+
"type": "object",
|
|
193
|
+
"properties": {
|
|
194
|
+
"id": { "type": "string", "default": "sub" },
|
|
195
|
+
"email": { "type": "string", "default": "email" },
|
|
196
|
+
"name": { "type": "string", "default": "name" }
|
|
197
|
+
}
|
|
198
|
+
},
|
|
199
|
+
"publicPaths": {
|
|
200
|
+
"type": "array",
|
|
201
|
+
"items": { "type": "string" },
|
|
202
|
+
"description": "URL-path prefixes that bypass the token check"
|
|
203
|
+
}
|
|
204
|
+
}
|
|
205
|
+
},
|
|
206
|
+
"clickstack": {
|
|
207
|
+
"type": "object",
|
|
208
|
+
"description": "Cross-chart switch for the built-in ClickStack observability backend.",
|
|
209
|
+
"properties": {
|
|
210
|
+
"enabled": { "type": "boolean", "default": true }
|
|
211
|
+
}
|
|
212
|
+
},
|
|
213
|
+
"tracing": {
|
|
214
|
+
"type": "object",
|
|
215
|
+
"description": "Distributed tracing: in-cluster OpenTelemetry Collector that forwards OTLP spans from the app/HPS/workers/Traefik to a pluggable backend (Elastic APM, a generic OTLP/HTTP endpoint, or Azure Monitor).",
|
|
216
|
+
"properties": {
|
|
217
|
+
"enabled": { "type": "boolean", "default": false },
|
|
218
|
+
"destination": { "type": "string", "enum": ["elastic", "otlp", "azure-monitor"], "default": "elastic" },
|
|
219
|
+
"samplingRatio": { "type": "number", "minimum": 0, "maximum": 1, "default": 1 },
|
|
220
|
+
"collector": {
|
|
221
|
+
"type": "object",
|
|
222
|
+
"properties": {
|
|
223
|
+
"image": {
|
|
224
|
+
"type": "object",
|
|
225
|
+
"description": "RB image dict for the OpenTelemetry collector, rendered through the rulebricks.image helper (registry host overridable by global.imageRegistry).",
|
|
226
|
+
"properties": {
|
|
227
|
+
"registry": { "type": "string" },
|
|
228
|
+
"repository": { "type": "string" },
|
|
229
|
+
"tag": { "type": "string" },
|
|
230
|
+
"digest": { "type": "string" }
|
|
231
|
+
}
|
|
232
|
+
},
|
|
233
|
+
"replicas": { "type": "integer", "minimum": 1, "default": 1 },
|
|
234
|
+
"memoryLimitMiB": { "type": "integer", "minimum": 64, "default": 400 },
|
|
235
|
+
"resources": { "$ref": "#/definitions/resources" },
|
|
236
|
+
"podLabels": { "type": "object", "additionalProperties": { "type": "string" } },
|
|
237
|
+
"nodeSelector": { "type": "object", "additionalProperties": { "type": "string" } },
|
|
238
|
+
"tolerations": { "type": "array", "items": { "$ref": "#/definitions/toleration" } },
|
|
239
|
+
"affinity": { "type": "object" }
|
|
240
|
+
}
|
|
241
|
+
},
|
|
242
|
+
"elastic": {
|
|
243
|
+
"type": "object",
|
|
244
|
+
"description": "Customer-managed Elastic APM target for OTLP spans (destination: elastic).",
|
|
245
|
+
"properties": {
|
|
246
|
+
"endpoint": { "type": "string", "description": "OTLP endpoint of the Elastic APM server / managed integration" },
|
|
247
|
+
"authMode": { "type": "string", "enum": ["secret-token", "api-key", "none"], "default": "secret-token" },
|
|
248
|
+
"secretToken": { "type": "string" },
|
|
249
|
+
"apiKey": { "type": "string" },
|
|
250
|
+
"existingSecret": {
|
|
251
|
+
"type": "object",
|
|
252
|
+
"properties": {
|
|
253
|
+
"name": { "type": "string" },
|
|
254
|
+
"secretTokenKey": { "type": "string", "default": "secret-token" },
|
|
255
|
+
"apiKeyKey": { "type": "string", "default": "api-key" }
|
|
256
|
+
}
|
|
257
|
+
},
|
|
258
|
+
"tlsInsecureSkipVerify": { "type": "boolean", "default": false }
|
|
259
|
+
}
|
|
260
|
+
},
|
|
261
|
+
"otlp": {
|
|
262
|
+
"type": "object",
|
|
263
|
+
"description": "Generic OTLP/HTTP backend (destination: otlp).",
|
|
264
|
+
"properties": {
|
|
265
|
+
"endpoint": { "type": "string", "description": "OTLP/HTTP traces endpoint of the backend" },
|
|
266
|
+
"authMode": { "type": "string", "enum": ["none", "bearer", "api-key", "header"], "default": "none" },
|
|
267
|
+
"headerName": { "type": "string", "default": "Authorization" },
|
|
268
|
+
"token": { "type": "string" },
|
|
269
|
+
"apiKey": { "type": "string" },
|
|
270
|
+
"headerValue": { "type": "string" },
|
|
271
|
+
"existingSecret": {
|
|
272
|
+
"type": "object",
|
|
273
|
+
"properties": {
|
|
274
|
+
"name": { "type": "string" },
|
|
275
|
+
"tokenKey": { "type": "string", "default": "token" }
|
|
276
|
+
}
|
|
277
|
+
},
|
|
278
|
+
"headers": { "type": "object", "additionalProperties": { "type": "string" } },
|
|
279
|
+
"tlsInsecureSkipVerify": { "type": "boolean", "default": false }
|
|
280
|
+
}
|
|
281
|
+
},
|
|
282
|
+
"azureMonitor": {
|
|
283
|
+
"type": "object",
|
|
284
|
+
"description": "Azure Monitor / Application Insights target (destination: azure-monitor).",
|
|
285
|
+
"properties": {
|
|
286
|
+
"connectionString": { "type": "string", "description": "Application Insights connection string" },
|
|
287
|
+
"existingSecret": {
|
|
288
|
+
"type": "object",
|
|
289
|
+
"properties": {
|
|
290
|
+
"name": { "type": "string" },
|
|
291
|
+
"connectionStringKey": { "type": "string", "default": "connection-string" }
|
|
292
|
+
}
|
|
293
|
+
}
|
|
294
|
+
}
|
|
295
|
+
}
|
|
296
|
+
},
|
|
297
|
+
"allOf": [
|
|
298
|
+
{
|
|
299
|
+
"comment": "Default/absent destination is treated as elastic.",
|
|
300
|
+
"if": {
|
|
301
|
+
"properties": { "enabled": { "const": true } },
|
|
302
|
+
"required": ["enabled"],
|
|
303
|
+
"not": { "required": ["destination"] }
|
|
304
|
+
},
|
|
305
|
+
"then": {
|
|
306
|
+
"required": ["elastic"],
|
|
307
|
+
"properties": {
|
|
308
|
+
"elastic": { "type": "object", "required": ["endpoint"], "properties": { "endpoint": { "type": "string", "minLength": 1 } } }
|
|
309
|
+
}
|
|
310
|
+
}
|
|
311
|
+
},
|
|
312
|
+
{
|
|
313
|
+
"if": {
|
|
314
|
+
"properties": { "enabled": { "const": true }, "destination": { "const": "elastic" } },
|
|
315
|
+
"required": ["enabled", "destination"]
|
|
316
|
+
},
|
|
317
|
+
"then": {
|
|
318
|
+
"required": ["elastic"],
|
|
319
|
+
"properties": {
|
|
320
|
+
"elastic": { "type": "object", "required": ["endpoint"], "properties": { "endpoint": { "type": "string", "minLength": 1 } } }
|
|
321
|
+
}
|
|
322
|
+
}
|
|
323
|
+
},
|
|
324
|
+
{
|
|
325
|
+
"if": {
|
|
326
|
+
"properties": { "enabled": { "const": true }, "destination": { "const": "otlp" } },
|
|
327
|
+
"required": ["enabled", "destination"]
|
|
328
|
+
},
|
|
329
|
+
"then": {
|
|
330
|
+
"required": ["otlp"],
|
|
331
|
+
"properties": {
|
|
332
|
+
"otlp": { "type": "object", "required": ["endpoint"], "properties": { "endpoint": { "type": "string", "minLength": 1 } } }
|
|
333
|
+
}
|
|
334
|
+
}
|
|
335
|
+
},
|
|
336
|
+
{
|
|
337
|
+
"if": {
|
|
338
|
+
"properties": { "enabled": { "const": true }, "destination": { "const": "azure-monitor" } },
|
|
339
|
+
"required": ["enabled", "destination"]
|
|
340
|
+
},
|
|
341
|
+
"then": {
|
|
342
|
+
"required": ["azureMonitor"],
|
|
343
|
+
"properties": {
|
|
344
|
+
"azureMonitor": { "type": "object", "required": ["connectionString"], "properties": { "connectionString": { "type": "string", "minLength": 1 } } }
|
|
345
|
+
}
|
|
346
|
+
}
|
|
347
|
+
}
|
|
348
|
+
]
|
|
349
|
+
},
|
|
350
|
+
"labels": {
|
|
351
|
+
"type": "object",
|
|
352
|
+
"description": "Global labels applied to all resources",
|
|
353
|
+
"additionalProperties": { "type": "string" }
|
|
354
|
+
},
|
|
355
|
+
"annotations": {
|
|
356
|
+
"type": "object",
|
|
357
|
+
"description": "Global annotations applied to all resources",
|
|
358
|
+
"additionalProperties": { "type": "string" }
|
|
359
|
+
},
|
|
360
|
+
"podLabels": {
|
|
361
|
+
"type": "object",
|
|
362
|
+
"description": "Labels applied to all pod templates",
|
|
363
|
+
"additionalProperties": { "type": "string" }
|
|
364
|
+
},
|
|
365
|
+
"podAnnotations": {
|
|
366
|
+
"type": "object",
|
|
367
|
+
"description": "Annotations applied to all pod templates",
|
|
368
|
+
"additionalProperties": { "type": "string" }
|
|
369
|
+
},
|
|
370
|
+
"scheduling": {
|
|
371
|
+
"type": "object",
|
|
372
|
+
"description": "Opt-in scheduling defaults for Rulebricks workloads and migration jobs; dependency subcharts may require their own scheduling values",
|
|
373
|
+
"properties": {
|
|
374
|
+
"nodeSelector": {
|
|
375
|
+
"type": "object",
|
|
376
|
+
"description": "Node selector applied to workloads that inherit global scheduling",
|
|
377
|
+
"additionalProperties": { "type": "string" }
|
|
378
|
+
},
|
|
379
|
+
"tolerations": {
|
|
380
|
+
"type": "array",
|
|
381
|
+
"description": "Tolerations applied to workloads that inherit global scheduling",
|
|
382
|
+
"items": { "$ref": "#/definitions/toleration" }
|
|
383
|
+
},
|
|
384
|
+
"affinity": {
|
|
385
|
+
"type": "object",
|
|
386
|
+
"description": "Affinity rules applied to workloads that inherit global scheduling; prefer soft rules unless your platform requires hard placement"
|
|
387
|
+
}
|
|
388
|
+
}
|
|
389
|
+
}
|
|
390
|
+
}
|
|
391
|
+
},
|
|
392
|
+
"backup": {
|
|
393
|
+
"type": "object",
|
|
394
|
+
"description": "Periodic self-hosted Supabase Postgres backups to shared object storage",
|
|
395
|
+
"properties": {
|
|
396
|
+
"enabled": { "type": "boolean", "default": false },
|
|
397
|
+
"schedule": { "type": "string", "default": "0 2 * * *" },
|
|
398
|
+
"retentionDays": { "type": "integer", "minimum": 1, "default": 30 },
|
|
399
|
+
"superuser": {
|
|
400
|
+
"type": "string",
|
|
401
|
+
"default": "supabase_admin",
|
|
402
|
+
"description": "Postgres superuser role used for logical dumps/restores so it can read schemas owned by supabase_admin (auth, storage, realtime, etc.)"
|
|
403
|
+
},
|
|
404
|
+
"ttlSecondsAfterFinished": {
|
|
405
|
+
"type": "integer",
|
|
406
|
+
"minimum": 0,
|
|
407
|
+
"default": 2592000,
|
|
408
|
+
"description": "Time to keep completed backup jobs and their pod logs (seconds)"
|
|
409
|
+
},
|
|
410
|
+
"serverName": { "type": "string", "default": "supabase" },
|
|
411
|
+
"image": {
|
|
412
|
+
"type": "object",
|
|
413
|
+
"properties": {
|
|
414
|
+
"repository": { "type": "string" },
|
|
415
|
+
"tag": { "type": "string" },
|
|
416
|
+
"pullPolicy": { "type": "string" }
|
|
417
|
+
}
|
|
418
|
+
},
|
|
419
|
+
"resources": { "$ref": "#/definitions/resources" },
|
|
420
|
+
"jobHistory": {
|
|
421
|
+
"type": "object",
|
|
422
|
+
"properties": {
|
|
423
|
+
"successful": { "type": "integer", "minimum": 0, "default": 30 },
|
|
424
|
+
"failed": { "type": "integer", "minimum": 0, "default": 30 }
|
|
425
|
+
}
|
|
426
|
+
}
|
|
427
|
+
}
|
|
428
|
+
},
|
|
429
|
+
"externalSecrets": {
|
|
430
|
+
"type": "object",
|
|
431
|
+
"description": "Overlay-facing External Secrets metadata (not rendered directly by this chart)",
|
|
432
|
+
"properties": {
|
|
433
|
+
"enabled": { "type": "boolean", "default": false },
|
|
434
|
+
"secretStoreRef": {
|
|
435
|
+
"type": "object",
|
|
436
|
+
"properties": {
|
|
437
|
+
"name": { "type": "string" },
|
|
438
|
+
"kind": { "type": "string", "enum": ["SecretStore", "ClusterSecretStore"] }
|
|
439
|
+
}
|
|
440
|
+
},
|
|
441
|
+
"refreshInterval": { "type": "string", "default": "1h" },
|
|
442
|
+
"remoteRefs": {
|
|
443
|
+
"type": "object",
|
|
444
|
+
"description": "Map local keys to remote secret paths",
|
|
445
|
+
"additionalProperties": { "type": "string" }
|
|
446
|
+
},
|
|
447
|
+
"targetSecretName": { "type": "string" }
|
|
448
|
+
}
|
|
449
|
+
},
|
|
450
|
+
"rulebricks": {
|
|
451
|
+
"type": "object",
|
|
452
|
+
"properties": {
|
|
453
|
+
"metrics": {
|
|
454
|
+
"type": "object",
|
|
455
|
+
"description": "Prometheus metrics scraping for the app and HPS",
|
|
456
|
+
"properties": {
|
|
457
|
+
"enabled": { "type": "boolean" },
|
|
458
|
+
"serviceMonitor": {
|
|
459
|
+
"type": "object",
|
|
460
|
+
"properties": {
|
|
461
|
+
"enabled": { "type": "boolean" },
|
|
462
|
+
"interval": { "type": "string" },
|
|
463
|
+
"scrapeTimeout": { "type": "string" }
|
|
464
|
+
}
|
|
465
|
+
},
|
|
466
|
+
"app": {
|
|
467
|
+
"type": "object",
|
|
468
|
+
"properties": { "path": { "type": "string" } }
|
|
469
|
+
},
|
|
470
|
+
"hps": {
|
|
471
|
+
"type": "object",
|
|
472
|
+
"properties": { "path": { "type": "string" } }
|
|
473
|
+
}
|
|
474
|
+
}
|
|
475
|
+
},
|
|
476
|
+
"app": {
|
|
477
|
+
"type": "object",
|
|
478
|
+
"properties": {
|
|
479
|
+
"image": {
|
|
480
|
+
"type": "object",
|
|
481
|
+
"properties": {
|
|
482
|
+
"repository": { "type": "string" },
|
|
483
|
+
"tag": { "type": "string" },
|
|
484
|
+
"pullPolicy": { "type": "string" }
|
|
485
|
+
}
|
|
486
|
+
},
|
|
487
|
+
"replicas": { "type": "integer", "minimum": 0 },
|
|
488
|
+
"resources": { "$ref": "#/definitions/resources" },
|
|
489
|
+
"podLabels": {
|
|
490
|
+
"type": "object",
|
|
491
|
+
"additionalProperties": { "type": "string" }
|
|
492
|
+
},
|
|
493
|
+
"nodeSelector": {
|
|
494
|
+
"type": "object",
|
|
495
|
+
"description": "Node selector for Rulebricks app pods",
|
|
496
|
+
"additionalProperties": { "type": "string" }
|
|
497
|
+
},
|
|
498
|
+
"tolerations": {
|
|
499
|
+
"type": "array",
|
|
500
|
+
"description": "Tolerations for Rulebricks app pods",
|
|
501
|
+
"items": { "$ref": "#/definitions/toleration" }
|
|
502
|
+
},
|
|
503
|
+
"affinity": {
|
|
504
|
+
"type": "object",
|
|
505
|
+
"description": "Affinity for Rulebricks app pods. Prefer soft rules unless your platform requires hard placement."
|
|
506
|
+
},
|
|
507
|
+
"logging": {
|
|
508
|
+
"type": "object",
|
|
509
|
+
"properties": {
|
|
510
|
+
"enabled": { "type": "boolean" },
|
|
511
|
+
"kafkaBrokers": { "type": "string" },
|
|
512
|
+
"kafkaTopic": { "type": "string" },
|
|
513
|
+
"kafkaTopicPrefix": {
|
|
514
|
+
"type": "string",
|
|
515
|
+
"description": "Prefix namespacing all Kafka topic names (e.g. com.rulebricks.). Empty string disables prefixing."
|
|
516
|
+
},
|
|
517
|
+
"kafkaSsl": { "type": "boolean" },
|
|
518
|
+
"kafkaSasl": {
|
|
519
|
+
"type": "object",
|
|
520
|
+
"properties": {
|
|
521
|
+
"mechanism": {
|
|
522
|
+
"type": "string",
|
|
523
|
+
"enum": ["aws-iam", "oauthbearer", "scram-sha-256", "scram-sha-512", "plain", ""]
|
|
524
|
+
},
|
|
525
|
+
"region": { "type": "string" },
|
|
526
|
+
"username": { "type": "string" },
|
|
527
|
+
"password": { "type": "string" },
|
|
528
|
+
"existingSecret": { "type": "string" },
|
|
529
|
+
"existingSecretUsernameKey": { "type": "string" },
|
|
530
|
+
"existingSecretPasswordKey": { "type": "string" }
|
|
531
|
+
}
|
|
532
|
+
}
|
|
533
|
+
}
|
|
534
|
+
},
|
|
535
|
+
"serviceAccount": {
|
|
536
|
+
"type": "object",
|
|
537
|
+
"properties": {
|
|
538
|
+
"create": { "type": "boolean" },
|
|
539
|
+
"annotations": { "type": "object", "additionalProperties": { "type": "string" } },
|
|
540
|
+
"automount": { "type": "boolean" },
|
|
541
|
+
"name": { "type": "string" }
|
|
542
|
+
}
|
|
543
|
+
},
|
|
544
|
+
"podDisruptionBudget": {
|
|
545
|
+
"$ref": "#/definitions/podDisruptionBudget"
|
|
546
|
+
}
|
|
547
|
+
}
|
|
548
|
+
},
|
|
549
|
+
"hps": {
|
|
550
|
+
"type": "object",
|
|
551
|
+
"properties": {
|
|
552
|
+
"enabled": { "type": "boolean" },
|
|
553
|
+
"image": {
|
|
554
|
+
"type": "object",
|
|
555
|
+
"properties": {
|
|
556
|
+
"repository": { "type": "string" },
|
|
557
|
+
"tag": { "type": "string" },
|
|
558
|
+
"pullPolicy": { "type": "string" }
|
|
559
|
+
}
|
|
560
|
+
},
|
|
561
|
+
"replicas": { "type": "integer", "minimum": 0 },
|
|
562
|
+
"keda": {
|
|
563
|
+
"type": "object",
|
|
564
|
+
"description": "Gather-plane autoscaler: scales HPS on response-topic lag. Conservative one-pod-at-a-time behavior because HPS scale events rebalance the response consumer group and can time out in-flight requests.",
|
|
565
|
+
"properties": {
|
|
566
|
+
"enabled": { "type": "boolean" },
|
|
567
|
+
"minReplicaCount": { "type": "integer", "minimum": 0 },
|
|
568
|
+
"maxReplicaCount": { "type": "integer", "minimum": 0 },
|
|
569
|
+
"pollingInterval": { "type": "integer", "minimum": 1 },
|
|
570
|
+
"cooldownPeriod": { "type": "integer", "minimum": 0 },
|
|
571
|
+
"lagThreshold": { "type": ["integer", "string"] },
|
|
572
|
+
"cpuThreshold": { "type": ["integer", "string"] }
|
|
573
|
+
}
|
|
574
|
+
},
|
|
575
|
+
"imagePrepull": {
|
|
576
|
+
"type": "object",
|
|
577
|
+
"description": "DaemonSet that pre-pulls the HPS server + worker images onto every node so burst scale-outs skip the image pull on fresh nodes.",
|
|
578
|
+
"properties": {
|
|
579
|
+
"enabled": { "type": "boolean", "default": true },
|
|
580
|
+
"pauseImage": { "type": "string" },
|
|
581
|
+
"nodeSelector": {
|
|
582
|
+
"type": "object",
|
|
583
|
+
"description": "Node selector for the prepull DaemonSet; empty by default so it reaches every node.",
|
|
584
|
+
"additionalProperties": { "type": "string" }
|
|
585
|
+
},
|
|
586
|
+
"tolerations": {
|
|
587
|
+
"type": "array",
|
|
588
|
+
"description": "Tolerations for the prepull DaemonSet; defaults to the Rulebricks burst-pool taint only. Add explicit architecture tolerations as needed; avoid bare {operator: Exists} because it also tolerates shutdown, out-of-service, and unreachable nodes.",
|
|
589
|
+
"items": { "$ref": "#/definitions/toleration" }
|
|
590
|
+
},
|
|
591
|
+
"resources": {
|
|
592
|
+
"type": "object",
|
|
593
|
+
"description": "Per-container resources for the prepull DaemonSet (near-zero by default so it never affects bin-packing).",
|
|
594
|
+
"properties": {
|
|
595
|
+
"init": { "$ref": "#/definitions/resources" },
|
|
596
|
+
"pause": { "$ref": "#/definitions/resources" }
|
|
597
|
+
}
|
|
598
|
+
}
|
|
599
|
+
}
|
|
600
|
+
},
|
|
601
|
+
"resources": { "$ref": "#/definitions/resources" },
|
|
602
|
+
"podLabels": {
|
|
603
|
+
"type": "object",
|
|
604
|
+
"additionalProperties": { "type": "string" }
|
|
605
|
+
},
|
|
606
|
+
"nodeSelector": {
|
|
607
|
+
"type": "object",
|
|
608
|
+
"description": "Node selector for HPS pods",
|
|
609
|
+
"additionalProperties": { "type": "string" }
|
|
610
|
+
},
|
|
611
|
+
"tolerations": {
|
|
612
|
+
"type": "array",
|
|
613
|
+
"description": "Tolerations for HPS pods",
|
|
614
|
+
"items": { "$ref": "#/definitions/toleration" }
|
|
615
|
+
},
|
|
616
|
+
"affinity": {
|
|
617
|
+
"type": "object",
|
|
618
|
+
"description": "Affinity for HPS pods. Prefer soft rules unless your platform requires hard placement."
|
|
619
|
+
},
|
|
620
|
+
"topologySpreadConstraints": {
|
|
621
|
+
"type": "array",
|
|
622
|
+
"description": "Optional custom topology spread constraints for HPS pods. Unset by default so HPS can prefer non-infrastructure nodes.",
|
|
623
|
+
"items": { "type": "object" }
|
|
624
|
+
},
|
|
625
|
+
"serviceAccount": {
|
|
626
|
+
"type": "object",
|
|
627
|
+
"properties": {
|
|
628
|
+
"create": { "type": "boolean" },
|
|
629
|
+
"annotations": { "type": "object", "additionalProperties": { "type": "string" } },
|
|
630
|
+
"automount": { "type": "boolean" },
|
|
631
|
+
"name": { "type": "string" }
|
|
632
|
+
}
|
|
633
|
+
},
|
|
634
|
+
"podDisruptionBudget": {
|
|
635
|
+
"$ref": "#/definitions/podDisruptionBudget"
|
|
636
|
+
},
|
|
637
|
+
"workers": {
|
|
638
|
+
"type": "object",
|
|
639
|
+
"properties": {
|
|
640
|
+
"enabled": { "type": "boolean" },
|
|
641
|
+
"replicas": { "type": "integer", "minimum": 0 },
|
|
642
|
+
"resources": { "$ref": "#/definitions/resources" },
|
|
643
|
+
"solutionPartitions": {
|
|
644
|
+
"type": "integer",
|
|
645
|
+
"minimum": 1,
|
|
646
|
+
"description": "Partition count of the (prefixed) solution request topic. Must match kafka.provisioning.topics for the solution topic; hard ceiling on worker fleet concurrency, so keda.maxReplicaCount must not exceed it."
|
|
647
|
+
},
|
|
648
|
+
"podLabels": {
|
|
649
|
+
"type": "object",
|
|
650
|
+
"additionalProperties": { "type": "string" }
|
|
651
|
+
},
|
|
652
|
+
"priorityClassName": {
|
|
653
|
+
"type": "string",
|
|
654
|
+
"description": "PriorityClass for worker pods; defaults to the release-scoped burst class (<release>-burst) when global.priorityClasses.enabled, making workers the first preemption victims."
|
|
655
|
+
},
|
|
656
|
+
"keda": {
|
|
657
|
+
"type": "object",
|
|
658
|
+
"properties": {
|
|
659
|
+
"enabled": { "type": "boolean" },
|
|
660
|
+
"minReplicaCount": { "type": "integer", "minimum": 0 },
|
|
661
|
+
"maxReplicaCount": { "type": "integer", "minimum": 0 },
|
|
662
|
+
"pollingInterval": { "type": "integer", "minimum": 1 },
|
|
663
|
+
"cooldownPeriod": { "type": "integer", "minimum": 0 },
|
|
664
|
+
"lagThreshold": { "type": ["integer", "string"] },
|
|
665
|
+
"cpuThreshold": { "type": ["integer", "string"] },
|
|
666
|
+
"scalingBehavior": {
|
|
667
|
+
"type": "object",
|
|
668
|
+
"description": "Optional HPA scaling behavior override (scaleUp/scaleDown) rendered into the worker ScaledObject; omit to use the chart's exponential scale-up / smooth scale-down defaults."
|
|
669
|
+
}
|
|
670
|
+
}
|
|
671
|
+
},
|
|
672
|
+
"nodeSelector": {
|
|
673
|
+
"type": "object",
|
|
674
|
+
"description": "Node selector for HPS worker pods",
|
|
675
|
+
"additionalProperties": { "type": "string" }
|
|
676
|
+
},
|
|
677
|
+
"tolerations": {
|
|
678
|
+
"type": "array",
|
|
679
|
+
"description": "Tolerations for HPS worker pods",
|
|
680
|
+
"items": { "$ref": "#/definitions/toleration" }
|
|
681
|
+
},
|
|
682
|
+
"affinity": {
|
|
683
|
+
"type": "object",
|
|
684
|
+
"description": "Affinity for HPS worker pods. Prefer soft rules unless your platform requires hard placement."
|
|
685
|
+
},
|
|
686
|
+
"topologySpreadConstraints": {
|
|
687
|
+
"type": "array",
|
|
688
|
+
"description": "Optional custom topology spread constraints for HPS worker pods. Unset by default so workers can prefer non-infrastructure nodes.",
|
|
689
|
+
"items": { "type": "object" }
|
|
690
|
+
},
|
|
691
|
+
"serviceAccount": {
|
|
692
|
+
"type": "object",
|
|
693
|
+
"properties": {
|
|
694
|
+
"create": { "type": "boolean" },
|
|
695
|
+
"annotations": { "type": "object", "additionalProperties": { "type": "string" } },
|
|
696
|
+
"automount": { "type": "boolean" },
|
|
697
|
+
"name": { "type": "string" }
|
|
698
|
+
}
|
|
699
|
+
},
|
|
700
|
+
"podDisruptionBudget": {
|
|
701
|
+
"$ref": "#/definitions/podDisruptionBudget"
|
|
702
|
+
}
|
|
703
|
+
}
|
|
704
|
+
}
|
|
705
|
+
}
|
|
706
|
+
},
|
|
707
|
+
"ingress": {
|
|
708
|
+
"type": "object",
|
|
709
|
+
"properties": {
|
|
710
|
+
"enabled": { "type": "boolean" },
|
|
711
|
+
"className": { "type": "string" },
|
|
712
|
+
"paths": {
|
|
713
|
+
"type": "array",
|
|
714
|
+
"items": {
|
|
715
|
+
"type": "object",
|
|
716
|
+
"properties": {
|
|
717
|
+
"path": { "type": "string" },
|
|
718
|
+
"pathType": { "type": "string" }
|
|
719
|
+
}
|
|
720
|
+
}
|
|
721
|
+
},
|
|
722
|
+
"app": {
|
|
723
|
+
"type": "object",
|
|
724
|
+
"properties": {
|
|
725
|
+
"enabled": { "type": "boolean" }
|
|
726
|
+
}
|
|
727
|
+
}
|
|
728
|
+
}
|
|
729
|
+
},
|
|
730
|
+
"redis": {
|
|
731
|
+
"type": "object",
|
|
732
|
+
"description": "Valkey/Redis-compatible configuration. The redis key is retained for compatibility. Set enabled: false to use an external/managed endpoint.",
|
|
733
|
+
"properties": {
|
|
734
|
+
"enabled": { "type": "boolean", "default": true },
|
|
735
|
+
"tag": { "type": "string" },
|
|
736
|
+
"podLabels": {
|
|
737
|
+
"type": "object",
|
|
738
|
+
"additionalProperties": { "type": "string" }
|
|
739
|
+
},
|
|
740
|
+
"resources": { "$ref": "#/definitions/resources" },
|
|
741
|
+
"persistence": {
|
|
742
|
+
"type": "object",
|
|
743
|
+
"properties": {
|
|
744
|
+
"enabled": { "type": "boolean" },
|
|
745
|
+
"size": { "type": "string" },
|
|
746
|
+
"storageClass": { "type": "string" }
|
|
747
|
+
}
|
|
748
|
+
},
|
|
749
|
+
"external": {
|
|
750
|
+
"type": "object",
|
|
751
|
+
"description": "External Valkey/Redis-compatible connection settings (used when redis.enabled is false).",
|
|
752
|
+
"properties": {
|
|
753
|
+
"host": { "type": "string" },
|
|
754
|
+
"port": { "type": ["integer", "string"], "default": 6379 },
|
|
755
|
+
"password": { "type": "string", "description": "Inline password. Prefer existingSecret for production." },
|
|
756
|
+
"existingSecret": { "type": "string", "description": "Name of an existing secret holding the Valkey/Redis-compatible password." },
|
|
757
|
+
"existingSecretKey": { "type": "string", "default": "redis-password" },
|
|
758
|
+
"tls": {
|
|
759
|
+
"type": "object",
|
|
760
|
+
"properties": {
|
|
761
|
+
"enabled": { "type": "boolean", "default": false }
|
|
762
|
+
}
|
|
763
|
+
},
|
|
764
|
+
"httpApi": {
|
|
765
|
+
"type": "object",
|
|
766
|
+
"description": "Upstash-compatible HTTP API. When enabled, the in-cluster serverless-redis-http bridge is bypassed.",
|
|
767
|
+
"properties": {
|
|
768
|
+
"enabled": { "type": "boolean", "default": false },
|
|
769
|
+
"url": { "type": "string" },
|
|
770
|
+
"token": { "type": "string" },
|
|
771
|
+
"existingSecret": { "type": "string" },
|
|
772
|
+
"existingSecretUrlKey": { "type": "string", "default": "redis-url" },
|
|
773
|
+
"existingSecretTokenKey": { "type": "string", "default": "redis-token" }
|
|
774
|
+
}
|
|
775
|
+
}
|
|
776
|
+
}
|
|
777
|
+
}
|
|
778
|
+
}
|
|
779
|
+
},
|
|
780
|
+
"cache": {
|
|
781
|
+
"type": "object",
|
|
782
|
+
"description": "Optional Valkey observability and management components.",
|
|
783
|
+
"properties": {
|
|
784
|
+
"valkeyAdmin": {
|
|
785
|
+
"type": "object",
|
|
786
|
+
"description": "Official Valkey Admin web console. Disabled by default and internal-only unless explicitly exposed through authenticated ingress.",
|
|
787
|
+
"properties": {
|
|
788
|
+
"enabled": { "type": "boolean", "default": false },
|
|
789
|
+
"replicas": { "type": "integer", "minimum": 1 },
|
|
790
|
+
"exposure": { "type": "string", "enum": ["internal", "ingress"], "default": "internal" },
|
|
791
|
+
"image": {
|
|
792
|
+
"type": "object",
|
|
793
|
+
"properties": {
|
|
794
|
+
"repository": { "type": "string" },
|
|
795
|
+
"tag": { "type": "string" },
|
|
796
|
+
"pullPolicy": { "type": "string" }
|
|
797
|
+
}
|
|
798
|
+
},
|
|
799
|
+
"service": {
|
|
800
|
+
"type": "object",
|
|
801
|
+
"properties": {
|
|
802
|
+
"type": { "type": "string" },
|
|
803
|
+
"port": { "type": ["integer", "string"] }
|
|
804
|
+
}
|
|
805
|
+
},
|
|
806
|
+
"ingress": {
|
|
807
|
+
"type": "object",
|
|
808
|
+
"properties": {
|
|
809
|
+
"enabled": { "type": "boolean", "default": false },
|
|
810
|
+
"className": { "type": "string" },
|
|
811
|
+
"hostname": { "type": "string" },
|
|
812
|
+
"annotations": { "type": "object", "additionalProperties": { "type": "string" } },
|
|
813
|
+
"path": { "type": "string" },
|
|
814
|
+
"pathType": { "type": "string" },
|
|
815
|
+
"allowedIPs": { "type": "array", "items": { "type": "string" } },
|
|
816
|
+
"basicAuth": {
|
|
817
|
+
"type": "object",
|
|
818
|
+
"description": "Traefik BasicAuth credentials. users must be htpasswd-formatted entries; prefer CLI generation.",
|
|
819
|
+
"properties": {
|
|
820
|
+
"users": { "type": "array", "items": { "type": "string" } },
|
|
821
|
+
"existingSecret": { "type": "string" },
|
|
822
|
+
"existingSecretKey": { "type": "string", "default": "users" }
|
|
823
|
+
}
|
|
824
|
+
}
|
|
825
|
+
}
|
|
826
|
+
},
|
|
827
|
+
"resources": { "$ref": "#/definitions/resources" },
|
|
828
|
+
"nodeSelector": { "type": "object", "additionalProperties": { "type": "string" } },
|
|
829
|
+
"tolerations": { "type": "array", "items": { "$ref": "#/definitions/toleration" } },
|
|
830
|
+
"affinity": { "type": "object" },
|
|
831
|
+
"podLabels": { "type": "object", "additionalProperties": { "type": "string" } },
|
|
832
|
+
"podAnnotations": { "type": "object", "additionalProperties": { "type": "string" } }
|
|
833
|
+
}
|
|
834
|
+
},
|
|
835
|
+
"redisExporter": {
|
|
836
|
+
"type": "object",
|
|
837
|
+
"description": "Prometheus exporter for Valkey/Redis-compatible cache metrics.",
|
|
838
|
+
"properties": {
|
|
839
|
+
"enabled": { "type": "boolean", "default": false },
|
|
840
|
+
"image": {
|
|
841
|
+
"type": "object",
|
|
842
|
+
"properties": {
|
|
843
|
+
"repository": { "type": "string" },
|
|
844
|
+
"tag": { "type": "string" },
|
|
845
|
+
"pullPolicy": { "type": "string" }
|
|
846
|
+
}
|
|
847
|
+
},
|
|
848
|
+
"service": {
|
|
849
|
+
"type": "object",
|
|
850
|
+
"properties": { "port": { "type": ["integer", "string"] } }
|
|
851
|
+
},
|
|
852
|
+
"serviceMonitor": {
|
|
853
|
+
"type": "object",
|
|
854
|
+
"properties": {
|
|
855
|
+
"enabled": { "type": "boolean" },
|
|
856
|
+
"interval": { "type": "string" },
|
|
857
|
+
"scrapeTimeout": { "type": "string" }
|
|
858
|
+
}
|
|
859
|
+
},
|
|
860
|
+
"resources": { "$ref": "#/definitions/resources" },
|
|
861
|
+
"nodeSelector": { "type": "object", "additionalProperties": { "type": "string" } },
|
|
862
|
+
"tolerations": { "type": "array", "items": { "$ref": "#/definitions/toleration" } },
|
|
863
|
+
"affinity": { "type": "object" },
|
|
864
|
+
"podLabels": { "type": "object", "additionalProperties": { "type": "string" } },
|
|
865
|
+
"podAnnotations": { "type": "object", "additionalProperties": { "type": "string" } }
|
|
866
|
+
}
|
|
867
|
+
}
|
|
868
|
+
}
|
|
869
|
+
},
|
|
870
|
+
"kafkaExporter": {
|
|
871
|
+
"type": "object",
|
|
872
|
+
"description": "Prometheus exporter for Kafka topic and consumer-group lag metrics.",
|
|
873
|
+
"properties": {
|
|
874
|
+
"enabled": { "type": "boolean", "default": false },
|
|
875
|
+
"image": {
|
|
876
|
+
"type": "object",
|
|
877
|
+
"properties": {
|
|
878
|
+
"repository": { "type": "string" },
|
|
879
|
+
"tag": { "type": "string" },
|
|
880
|
+
"pullPolicy": { "type": "string" }
|
|
881
|
+
}
|
|
882
|
+
},
|
|
883
|
+
"service": {
|
|
884
|
+
"type": "object",
|
|
885
|
+
"properties": { "port": { "type": ["integer", "string"] } }
|
|
886
|
+
},
|
|
887
|
+
"serviceMonitor": {
|
|
888
|
+
"type": "object",
|
|
889
|
+
"properties": {
|
|
890
|
+
"enabled": { "type": "boolean" },
|
|
891
|
+
"interval": { "type": "string" },
|
|
892
|
+
"scrapeTimeout": { "type": "string" }
|
|
893
|
+
}
|
|
894
|
+
},
|
|
895
|
+
"brokers": { "type": "string" },
|
|
896
|
+
"topicFilter": { "type": "string" },
|
|
897
|
+
"groupFilter": { "type": "string" },
|
|
898
|
+
"resources": { "$ref": "#/definitions/resources" },
|
|
899
|
+
"nodeSelector": { "type": "object", "additionalProperties": { "type": "string" } },
|
|
900
|
+
"tolerations": { "type": "array", "items": { "$ref": "#/definitions/toleration" } },
|
|
901
|
+
"affinity": { "type": "object" },
|
|
902
|
+
"podLabels": { "type": "object", "additionalProperties": { "type": "string" } },
|
|
903
|
+
"podAnnotations": { "type": "object", "additionalProperties": { "type": "string" } }
|
|
904
|
+
}
|
|
905
|
+
}
|
|
906
|
+
}
|
|
907
|
+
},
|
|
908
|
+
"supabase": {
|
|
909
|
+
"type": "object",
|
|
910
|
+
"properties": {
|
|
911
|
+
"enabled": { "type": "boolean" },
|
|
912
|
+
"externalDatabase": {
|
|
913
|
+
"type": "object",
|
|
914
|
+
"properties": {
|
|
915
|
+
"enabled": { "type": "boolean" },
|
|
916
|
+
"host": { "type": "string" },
|
|
917
|
+
"port": { "type": ["integer", "string"] },
|
|
918
|
+
"secretRef": { "type": "string" },
|
|
919
|
+
"secretRefKey": {
|
|
920
|
+
"type": "object",
|
|
921
|
+
"properties": {
|
|
922
|
+
"host": { "type": "string" },
|
|
923
|
+
"port": { "type": "string" },
|
|
924
|
+
"username": { "type": "string" },
|
|
925
|
+
"password": { "type": "string" },
|
|
926
|
+
"database": { "type": "string" }
|
|
927
|
+
}
|
|
928
|
+
},
|
|
929
|
+
"bootstrap": {
|
|
930
|
+
"type": "object",
|
|
931
|
+
"properties": {
|
|
932
|
+
"enabled": { "type": "boolean" },
|
|
933
|
+
"masterUsername": { "type": "string" },
|
|
934
|
+
"masterPassword": { "type": "string" },
|
|
935
|
+
"secretRef": { "type": "string" },
|
|
936
|
+
"appRole": { "type": "string" },
|
|
937
|
+
"image": { "type": "string" }
|
|
938
|
+
}
|
|
939
|
+
}
|
|
940
|
+
}
|
|
941
|
+
},
|
|
942
|
+
"studio": {
|
|
943
|
+
"type": "object",
|
|
944
|
+
"properties": {
|
|
945
|
+
"ingress": {
|
|
946
|
+
"type": "object",
|
|
947
|
+
"properties": {
|
|
948
|
+
"enabled": { "type": "boolean" },
|
|
949
|
+
"type": { "type": "string", "enum": ["ingress", "gateway-api"] },
|
|
950
|
+
"className": { "type": "string" },
|
|
951
|
+
"hostname": { "type": "string" },
|
|
952
|
+
"annotations": { "type": "object", "additionalProperties": { "type": "string" } },
|
|
953
|
+
"paths": {
|
|
954
|
+
"type": "array",
|
|
955
|
+
"items": {
|
|
956
|
+
"type": "object",
|
|
957
|
+
"properties": {
|
|
958
|
+
"path": { "type": "string" },
|
|
959
|
+
"pathType": { "type": "string" }
|
|
960
|
+
}
|
|
961
|
+
}
|
|
962
|
+
},
|
|
963
|
+
"gatewayApi": {
|
|
964
|
+
"type": "object",
|
|
965
|
+
"properties": {
|
|
966
|
+
"gatewayName": { "type": "string" },
|
|
967
|
+
"gatewayNamespace": { "type": "string" },
|
|
968
|
+
"sectionName": { "type": "string" }
|
|
969
|
+
}
|
|
970
|
+
},
|
|
971
|
+
"tls": {
|
|
972
|
+
"type": "object",
|
|
973
|
+
"properties": {
|
|
974
|
+
"enabled": { "type": ["boolean", "string"] }
|
|
975
|
+
}
|
|
976
|
+
}
|
|
977
|
+
}
|
|
978
|
+
},
|
|
979
|
+
"podDisruptionBudget": {
|
|
980
|
+
"$ref": "#/definitions/podDisruptionBudget"
|
|
981
|
+
}
|
|
982
|
+
}
|
|
983
|
+
}
|
|
984
|
+
}
|
|
985
|
+
},
|
|
986
|
+
"kafka": {
|
|
987
|
+
"type": "object",
|
|
988
|
+
"properties": {
|
|
989
|
+
"enabled": { "type": "boolean" },
|
|
990
|
+
"provisioning": {
|
|
991
|
+
"type": "object",
|
|
992
|
+
"description": "Explicit topic management (create + idempotent alignment of existing topics via postScript). Topic names must carry the configured kafkaTopicPrefix.",
|
|
993
|
+
"properties": {
|
|
994
|
+
"enabled": { "type": "boolean" },
|
|
995
|
+
"numPartitions": { "type": "integer", "minimum": 1 },
|
|
996
|
+
"replicationFactor": { "type": "integer", "minimum": 1 },
|
|
997
|
+
"postScript": { "type": "string" },
|
|
998
|
+
"topics": {
|
|
999
|
+
"type": "array",
|
|
1000
|
+
"items": {
|
|
1001
|
+
"type": "object",
|
|
1002
|
+
"properties": {
|
|
1003
|
+
"name": { "type": "string" },
|
|
1004
|
+
"partitions": { "type": "integer", "minimum": 1 },
|
|
1005
|
+
"replicationFactor": { "type": "integer", "minimum": 1 },
|
|
1006
|
+
"config": {
|
|
1007
|
+
"type": "object",
|
|
1008
|
+
"additionalProperties": { "type": "string" }
|
|
1009
|
+
}
|
|
1010
|
+
},
|
|
1011
|
+
"required": ["name"]
|
|
1012
|
+
}
|
|
1013
|
+
}
|
|
1014
|
+
}
|
|
1015
|
+
}
|
|
1016
|
+
}
|
|
1017
|
+
},
|
|
1018
|
+
"kafkaBridge": {
|
|
1019
|
+
"type": "object",
|
|
1020
|
+
"description": "Vector Kafka bridge sidecar for token-auth managed Kafka (AWS MSK IAM / GCP OAUTHBEARER) that Vector cannot speak natively.",
|
|
1021
|
+
"properties": {
|
|
1022
|
+
"enabled": { "type": "boolean", "default": false },
|
|
1023
|
+
"provider": { "type": "string", "enum": ["aws", "gcp", ""] },
|
|
1024
|
+
"region": { "type": "string" },
|
|
1025
|
+
"brokers": { "type": "string" },
|
|
1026
|
+
"localPort": { "type": ["integer", "string"], "default": 19092 },
|
|
1027
|
+
"image": { "type": "string" },
|
|
1028
|
+
"awsRoleArn": { "type": "string" },
|
|
1029
|
+
"gcpServiceAccountEmail": { "type": "string" }
|
|
1030
|
+
}
|
|
1031
|
+
},
|
|
1032
|
+
"clickhouse": {
|
|
1033
|
+
"type": "object",
|
|
1034
|
+
"properties": {
|
|
1035
|
+
"enabled": { "type": "boolean", "default": true },
|
|
1036
|
+
"queryLimits": {
|
|
1037
|
+
"type": "object",
|
|
1038
|
+
"properties": {
|
|
1039
|
+
"maxMemoryUsage": { "type": "integer", "minimum": 1, "default": 4294967296 },
|
|
1040
|
+
"maxThreads": { "type": "integer", "minimum": 1, "default": 4 },
|
|
1041
|
+
"maxExecutionTime": { "type": "integer", "minimum": 1, "default": 120 },
|
|
1042
|
+
"maxRowsToRead": { "type": "integer", "minimum": 1, "default": 50000000 },
|
|
1043
|
+
"readOverflowMode": { "type": "string", "enum": ["throw", "break"], "default": "break" }
|
|
1044
|
+
}
|
|
1045
|
+
},
|
|
1046
|
+
"otelQueryLimits": {
|
|
1047
|
+
"type": "object",
|
|
1048
|
+
"properties": {
|
|
1049
|
+
"maxMemoryUsage": { "type": "integer", "minimum": 1, "default": 4294967296 },
|
|
1050
|
+
"maxThreads": { "type": "integer", "minimum": 1, "default": 8 },
|
|
1051
|
+
"maxExecutionTime": { "type": "integer", "minimum": 1, "default": 120 }
|
|
1052
|
+
}
|
|
1053
|
+
},
|
|
1054
|
+
"otelDatabase": { "type": "string", "default": "otel" }
|
|
1055
|
+
}
|
|
1056
|
+
},
|
|
1057
|
+
"clickstack": {
|
|
1058
|
+
"type": "object",
|
|
1059
|
+
"description": "Built-in ClickStack observability backend (HyperDX UI, OTel collectors, FerretDB). The dependency condition uses global.clickstack.enabled so sibling subcharts can share the same switch.",
|
|
1060
|
+
"properties": {
|
|
1061
|
+
"enabled": { "type": "boolean", "default": true },
|
|
1062
|
+
"clickhouse": {
|
|
1063
|
+
"type": "object",
|
|
1064
|
+
"properties": {
|
|
1065
|
+
"database": { "type": "string" },
|
|
1066
|
+
"username": { "type": "string" },
|
|
1067
|
+
"existingSecret": { "type": "string" },
|
|
1068
|
+
"existingSecretKey": { "type": "string" },
|
|
1069
|
+
"retentionDays": { "type": "integer", "minimum": 1, "default": 7 },
|
|
1070
|
+
"ttl": { "type": "string", "description": "Advanced ClickHouse exporter TTL override. Leave empty to derive from retentionDays." }
|
|
1071
|
+
}
|
|
1072
|
+
},
|
|
1073
|
+
"hyperdx": {
|
|
1074
|
+
"type": "object",
|
|
1075
|
+
"properties": {
|
|
1076
|
+
"enabled": { "type": "boolean" },
|
|
1077
|
+
"resources": { "$ref": "#/definitions/resources" },
|
|
1078
|
+
"ingress": { "type": "object" }
|
|
1079
|
+
}
|
|
1080
|
+
},
|
|
1081
|
+
"collector": {
|
|
1082
|
+
"type": "object",
|
|
1083
|
+
"properties": {
|
|
1084
|
+
"memoryLimitMiB": { "type": "integer", "minimum": 64 },
|
|
1085
|
+
"gateway": {
|
|
1086
|
+
"type": "object",
|
|
1087
|
+
"properties": {
|
|
1088
|
+
"replicas": { "type": "integer", "minimum": 1 },
|
|
1089
|
+
"resources": { "$ref": "#/definitions/resources" }
|
|
1090
|
+
}
|
|
1091
|
+
},
|
|
1092
|
+
"agent": {
|
|
1093
|
+
"type": "object",
|
|
1094
|
+
"properties": {
|
|
1095
|
+
"enabled": { "type": "boolean" },
|
|
1096
|
+
"resources": { "$ref": "#/definitions/resources" }
|
|
1097
|
+
}
|
|
1098
|
+
}
|
|
1099
|
+
}
|
|
1100
|
+
},
|
|
1101
|
+
"ferretdb": {
|
|
1102
|
+
"type": "object",
|
|
1103
|
+
"properties": {
|
|
1104
|
+
"enabled": { "type": "boolean" },
|
|
1105
|
+
"persistence": {
|
|
1106
|
+
"type": "object",
|
|
1107
|
+
"properties": {
|
|
1108
|
+
"enabled": { "type": "boolean" },
|
|
1109
|
+
"size": { "type": "string" },
|
|
1110
|
+
"storageClassName": { "type": "string" }
|
|
1111
|
+
}
|
|
1112
|
+
},
|
|
1113
|
+
"resources": {
|
|
1114
|
+
"type": "object",
|
|
1115
|
+
"properties": {
|
|
1116
|
+
"ferretdb": { "$ref": "#/definitions/resources" },
|
|
1117
|
+
"postgres": { "$ref": "#/definitions/resources" }
|
|
1118
|
+
}
|
|
1119
|
+
}
|
|
1120
|
+
}
|
|
1121
|
+
}
|
|
1122
|
+
}
|
|
1123
|
+
},
|
|
1124
|
+
"external-dns": {
|
|
1125
|
+
"type": "object",
|
|
1126
|
+
"properties": {
|
|
1127
|
+
"enabled": { "type": "boolean" }
|
|
1128
|
+
}
|
|
1129
|
+
},
|
|
1130
|
+
"migrations": {
|
|
1131
|
+
"type": "object",
|
|
1132
|
+
"description": "Configuration for database migration jobs",
|
|
1133
|
+
"properties": {
|
|
1134
|
+
"strategy": {
|
|
1135
|
+
"type": "string",
|
|
1136
|
+
"enum": ["hook", "deployment", "manual"],
|
|
1137
|
+
"default": "hook",
|
|
1138
|
+
"description": "Migration job execution strategy"
|
|
1139
|
+
},
|
|
1140
|
+
"ttlSecondsAfterFinished": {
|
|
1141
|
+
"type": "integer",
|
|
1142
|
+
"default": 2592000,
|
|
1143
|
+
"description": "Time to keep completed jobs and their pod logs (seconds)"
|
|
1144
|
+
},
|
|
1145
|
+
"backoffLimit": {
|
|
1146
|
+
"type": "integer",
|
|
1147
|
+
"default": 3,
|
|
1148
|
+
"description": "Number of retries before marking job as failed"
|
|
1149
|
+
},
|
|
1150
|
+
"restartPolicy": {
|
|
1151
|
+
"type": "string",
|
|
1152
|
+
"enum": ["OnFailure", "Never"],
|
|
1153
|
+
"default": "OnFailure"
|
|
1154
|
+
},
|
|
1155
|
+
"nodeSelector": {
|
|
1156
|
+
"type": "object",
|
|
1157
|
+
"additionalProperties": { "type": "string" }
|
|
1158
|
+
},
|
|
1159
|
+
"tolerations": {
|
|
1160
|
+
"type": "array",
|
|
1161
|
+
"description": "Tolerations for migration job pods. Defaults are empty; add ARM64 tolerations only for clusters that taint ARM64 nodes.",
|
|
1162
|
+
"items": { "$ref": "#/definitions/toleration" }
|
|
1163
|
+
},
|
|
1164
|
+
"annotations": {
|
|
1165
|
+
"type": "object",
|
|
1166
|
+
"additionalProperties": { "type": "string" }
|
|
1167
|
+
},
|
|
1168
|
+
"externalDb": {
|
|
1169
|
+
"type": "object",
|
|
1170
|
+
"description": "External database configuration",
|
|
1171
|
+
"properties": {
|
|
1172
|
+
"host": { "type": "string" },
|
|
1173
|
+
"port": { "type": "string", "default": "5432" },
|
|
1174
|
+
"existingSecret": { "type": "string" },
|
|
1175
|
+
"existingSecretKey": { "type": "string", "default": "password" }
|
|
1176
|
+
}
|
|
1177
|
+
}
|
|
1178
|
+
}
|
|
1179
|
+
},
|
|
1180
|
+
"monitoring": {
|
|
1181
|
+
"type": "object",
|
|
1182
|
+
"properties": {
|
|
1183
|
+
"enabled": { "type": "boolean" }
|
|
1184
|
+
}
|
|
1185
|
+
},
|
|
1186
|
+
"kube-prometheus-stack": {
|
|
1187
|
+
"type": "object",
|
|
1188
|
+
"description": "kube-prometheus-stack passthrough. Only remote_write Azure AD auth is validated here; the rest is owned by the subchart.",
|
|
1189
|
+
"properties": {
|
|
1190
|
+
"prometheus": {
|
|
1191
|
+
"type": "object",
|
|
1192
|
+
"properties": {
|
|
1193
|
+
"prometheusSpec": {
|
|
1194
|
+
"type": "object",
|
|
1195
|
+
"properties": {
|
|
1196
|
+
"remoteWrite": {
|
|
1197
|
+
"type": "array",
|
|
1198
|
+
"items": {
|
|
1199
|
+
"type": "object",
|
|
1200
|
+
"properties": {
|
|
1201
|
+
"url": { "type": "string" },
|
|
1202
|
+
"azureAd": {
|
|
1203
|
+
"type": "object",
|
|
1204
|
+
"description": "Azure Monitor managed Prometheus auth. The active identity block must carry a non-empty client ID.",
|
|
1205
|
+
"allOf": [
|
|
1206
|
+
{
|
|
1207
|
+
"if": { "required": ["managedIdentity"] },
|
|
1208
|
+
"then": {
|
|
1209
|
+
"properties": {
|
|
1210
|
+
"managedIdentity": {
|
|
1211
|
+
"type": "object",
|
|
1212
|
+
"required": ["clientId"],
|
|
1213
|
+
"properties": {
|
|
1214
|
+
"clientId": { "type": "string", "minLength": 1 }
|
|
1215
|
+
}
|
|
1216
|
+
}
|
|
1217
|
+
}
|
|
1218
|
+
}
|
|
1219
|
+
},
|
|
1220
|
+
{
|
|
1221
|
+
"if": { "required": ["workloadIdentity"] },
|
|
1222
|
+
"then": {
|
|
1223
|
+
"properties": {
|
|
1224
|
+
"workloadIdentity": {
|
|
1225
|
+
"type": "object",
|
|
1226
|
+
"required": ["clientId", "tenantId"],
|
|
1227
|
+
"properties": {
|
|
1228
|
+
"clientId": { "type": "string", "minLength": 1 },
|
|
1229
|
+
"tenantId": { "type": "string", "minLength": 1 }
|
|
1230
|
+
}
|
|
1231
|
+
}
|
|
1232
|
+
}
|
|
1233
|
+
}
|
|
1234
|
+
},
|
|
1235
|
+
{
|
|
1236
|
+
"if": { "required": ["oauth"] },
|
|
1237
|
+
"then": {
|
|
1238
|
+
"properties": {
|
|
1239
|
+
"oauth": {
|
|
1240
|
+
"type": "object",
|
|
1241
|
+
"required": ["clientId", "tenantId", "clientSecret"],
|
|
1242
|
+
"properties": {
|
|
1243
|
+
"clientId": { "type": "string", "minLength": 1 },
|
|
1244
|
+
"tenantId": { "type": "string", "minLength": 1 }
|
|
1245
|
+
}
|
|
1246
|
+
}
|
|
1247
|
+
}
|
|
1248
|
+
}
|
|
1249
|
+
}
|
|
1250
|
+
]
|
|
1251
|
+
}
|
|
1252
|
+
}
|
|
1253
|
+
}
|
|
1254
|
+
}
|
|
1255
|
+
}
|
|
1256
|
+
}
|
|
1257
|
+
}
|
|
1258
|
+
}
|
|
1259
|
+
}
|
|
1260
|
+
}
|
|
1261
|
+
},
|
|
1262
|
+
"allOf": [
|
|
1263
|
+
{
|
|
1264
|
+
"title": "Managed Supabase Validation",
|
|
1265
|
+
"description": "If Supabase subchart is disabled (managed mode), URL and Access Token are required and must not be empty.",
|
|
1266
|
+
"if": {
|
|
1267
|
+
"properties": {
|
|
1268
|
+
"supabase": {
|
|
1269
|
+
"type": "object",
|
|
1270
|
+
"properties": {
|
|
1271
|
+
"enabled": { "const": false }
|
|
1272
|
+
},
|
|
1273
|
+
"required": ["enabled"]
|
|
1274
|
+
}
|
|
1275
|
+
},
|
|
1276
|
+
"required": ["supabase"]
|
|
1277
|
+
},
|
|
1278
|
+
"then": {
|
|
1279
|
+
"properties": {
|
|
1280
|
+
"global": {
|
|
1281
|
+
"type": "object",
|
|
1282
|
+
"properties": {
|
|
1283
|
+
"supabase": {
|
|
1284
|
+
"type": "object",
|
|
1285
|
+
"required": ["url"],
|
|
1286
|
+
"properties": {
|
|
1287
|
+
"url": { "type": "string", "minLength": 1 }
|
|
1288
|
+
}
|
|
1289
|
+
}
|
|
1290
|
+
}
|
|
1291
|
+
}
|
|
1292
|
+
},
|
|
1293
|
+
"anyOf": [
|
|
1294
|
+
{
|
|
1295
|
+
"properties": {
|
|
1296
|
+
"global": {
|
|
1297
|
+
"type": "object",
|
|
1298
|
+
"properties": {
|
|
1299
|
+
"secrets": {
|
|
1300
|
+
"type": "object",
|
|
1301
|
+
"required": ["secretRef"],
|
|
1302
|
+
"properties": {
|
|
1303
|
+
"secretRef": { "type": "string", "minLength": 1 }
|
|
1304
|
+
}
|
|
1305
|
+
}
|
|
1306
|
+
},
|
|
1307
|
+
"required": ["secrets"]
|
|
1308
|
+
}
|
|
1309
|
+
}
|
|
1310
|
+
},
|
|
1311
|
+
{
|
|
1312
|
+
"properties": {
|
|
1313
|
+
"global": {
|
|
1314
|
+
"type": "object",
|
|
1315
|
+
"properties": {
|
|
1316
|
+
"supabase": {
|
|
1317
|
+
"type": "object",
|
|
1318
|
+
"required": ["accessToken"],
|
|
1319
|
+
"properties": {
|
|
1320
|
+
"accessToken": { "type": "string", "minLength": 1 }
|
|
1321
|
+
}
|
|
1322
|
+
}
|
|
1323
|
+
}
|
|
1324
|
+
}
|
|
1325
|
+
}
|
|
1326
|
+
}
|
|
1327
|
+
]
|
|
1328
|
+
}
|
|
1329
|
+
},
|
|
1330
|
+
{
|
|
1331
|
+
"title": "Self-hosted Supabase Validation",
|
|
1332
|
+
"description": "If Supabase subchart is enabled (self-hosted mode), JWT Secret is required and must not be empty.",
|
|
1333
|
+
"if": {
|
|
1334
|
+
"properties": {
|
|
1335
|
+
"supabase": {
|
|
1336
|
+
"type": "object",
|
|
1337
|
+
"properties": {
|
|
1338
|
+
"enabled": { "const": true }
|
|
1339
|
+
},
|
|
1340
|
+
"required": ["enabled"]
|
|
1341
|
+
}
|
|
1342
|
+
},
|
|
1343
|
+
"required": ["supabase"]
|
|
1344
|
+
},
|
|
1345
|
+
"then": {
|
|
1346
|
+
"anyOf": [
|
|
1347
|
+
{
|
|
1348
|
+
"properties": {
|
|
1349
|
+
"global": {
|
|
1350
|
+
"type": "object",
|
|
1351
|
+
"properties": {
|
|
1352
|
+
"secrets": {
|
|
1353
|
+
"type": "object",
|
|
1354
|
+
"required": ["secretRef"],
|
|
1355
|
+
"properties": {
|
|
1356
|
+
"secretRef": { "type": "string", "minLength": 1 }
|
|
1357
|
+
}
|
|
1358
|
+
}
|
|
1359
|
+
},
|
|
1360
|
+
"required": ["secrets"]
|
|
1361
|
+
}
|
|
1362
|
+
}
|
|
1363
|
+
},
|
|
1364
|
+
{
|
|
1365
|
+
"properties": {
|
|
1366
|
+
"global": {
|
|
1367
|
+
"type": "object",
|
|
1368
|
+
"properties": {
|
|
1369
|
+
"supabase": {
|
|
1370
|
+
"type": "object",
|
|
1371
|
+
"required": ["jwtSecret"],
|
|
1372
|
+
"properties": {
|
|
1373
|
+
"jwtSecret": { "type": "string", "minLength": 1 }
|
|
1374
|
+
}
|
|
1375
|
+
}
|
|
1376
|
+
}
|
|
1377
|
+
}
|
|
1378
|
+
}
|
|
1379
|
+
}
|
|
1380
|
+
]
|
|
1381
|
+
}
|
|
1382
|
+
},
|
|
1383
|
+
{
|
|
1384
|
+
"title": "External Kafka Validation",
|
|
1385
|
+
"description": "If Kafka subchart is disabled, external brokers must be specified in rulebricks.app.logging.kafkaBrokers and must not be empty.",
|
|
1386
|
+
"if": {
|
|
1387
|
+
"properties": {
|
|
1388
|
+
"kafka": {
|
|
1389
|
+
"type": "object",
|
|
1390
|
+
"properties": {
|
|
1391
|
+
"enabled": { "const": false }
|
|
1392
|
+
},
|
|
1393
|
+
"required": ["enabled"]
|
|
1394
|
+
}
|
|
1395
|
+
},
|
|
1396
|
+
"required": ["kafka"]
|
|
1397
|
+
},
|
|
1398
|
+
"then": {
|
|
1399
|
+
"properties": {
|
|
1400
|
+
"rulebricks": {
|
|
1401
|
+
"type": "object",
|
|
1402
|
+
"required": ["app"],
|
|
1403
|
+
"properties": {
|
|
1404
|
+
"app": {
|
|
1405
|
+
"type": "object",
|
|
1406
|
+
"required": ["logging"],
|
|
1407
|
+
"properties": {
|
|
1408
|
+
"logging": {
|
|
1409
|
+
"type": "object",
|
|
1410
|
+
"required": ["kafkaBrokers"],
|
|
1411
|
+
"properties": {
|
|
1412
|
+
"kafkaBrokers": { "type": "string", "minLength": 1 }
|
|
1413
|
+
}
|
|
1414
|
+
}
|
|
1415
|
+
}
|
|
1416
|
+
}
|
|
1417
|
+
}
|
|
1418
|
+
}
|
|
1419
|
+
}
|
|
1420
|
+
}
|
|
1421
|
+
},
|
|
1422
|
+
{
|
|
1423
|
+
"title": "External Valkey/Redis-Compatible Validation",
|
|
1424
|
+
"description": "If in-cluster Valkey is disabled, an external Valkey/Redis-compatible host must be specified in rulebricks.redis.external.host and must not be empty.",
|
|
1425
|
+
"if": {
|
|
1426
|
+
"properties": {
|
|
1427
|
+
"rulebricks": {
|
|
1428
|
+
"type": "object",
|
|
1429
|
+
"properties": {
|
|
1430
|
+
"redis": {
|
|
1431
|
+
"type": "object",
|
|
1432
|
+
"properties": {
|
|
1433
|
+
"enabled": { "const": false }
|
|
1434
|
+
},
|
|
1435
|
+
"required": ["enabled"]
|
|
1436
|
+
}
|
|
1437
|
+
},
|
|
1438
|
+
"required": ["redis"]
|
|
1439
|
+
}
|
|
1440
|
+
},
|
|
1441
|
+
"required": ["rulebricks"]
|
|
1442
|
+
},
|
|
1443
|
+
"then": {
|
|
1444
|
+
"properties": {
|
|
1445
|
+
"rulebricks": {
|
|
1446
|
+
"type": "object",
|
|
1447
|
+
"required": ["redis"],
|
|
1448
|
+
"properties": {
|
|
1449
|
+
"redis": {
|
|
1450
|
+
"type": "object",
|
|
1451
|
+
"required": ["external"],
|
|
1452
|
+
"properties": {
|
|
1453
|
+
"external": {
|
|
1454
|
+
"type": "object",
|
|
1455
|
+
"required": ["host"],
|
|
1456
|
+
"properties": {
|
|
1457
|
+
"host": { "type": "string", "minLength": 1 }
|
|
1458
|
+
}
|
|
1459
|
+
}
|
|
1460
|
+
}
|
|
1461
|
+
}
|
|
1462
|
+
}
|
|
1463
|
+
}
|
|
1464
|
+
}
|
|
1465
|
+
}
|
|
1466
|
+
},
|
|
1467
|
+
{
|
|
1468
|
+
"title": "AI Feature Validation",
|
|
1469
|
+
"description": "If AI is enabled, OpenAI API Key is required and must not be empty.",
|
|
1470
|
+
"if": {
|
|
1471
|
+
"properties": {
|
|
1472
|
+
"global": {
|
|
1473
|
+
"type": "object",
|
|
1474
|
+
"properties": {
|
|
1475
|
+
"ai": {
|
|
1476
|
+
"type": "object",
|
|
1477
|
+
"properties": {
|
|
1478
|
+
"enabled": { "const": true }
|
|
1479
|
+
},
|
|
1480
|
+
"required": ["enabled"]
|
|
1481
|
+
}
|
|
1482
|
+
},
|
|
1483
|
+
"required": ["ai"]
|
|
1484
|
+
}
|
|
1485
|
+
},
|
|
1486
|
+
"required": ["global"]
|
|
1487
|
+
},
|
|
1488
|
+
"then": {
|
|
1489
|
+
"anyOf": [
|
|
1490
|
+
{
|
|
1491
|
+
"properties": {
|
|
1492
|
+
"global": {
|
|
1493
|
+
"type": "object",
|
|
1494
|
+
"properties": {
|
|
1495
|
+
"secrets": {
|
|
1496
|
+
"type": "object",
|
|
1497
|
+
"required": ["secretRef"],
|
|
1498
|
+
"properties": {
|
|
1499
|
+
"secretRef": { "type": "string", "minLength": 1 }
|
|
1500
|
+
}
|
|
1501
|
+
}
|
|
1502
|
+
},
|
|
1503
|
+
"required": ["secrets"]
|
|
1504
|
+
}
|
|
1505
|
+
}
|
|
1506
|
+
},
|
|
1507
|
+
{
|
|
1508
|
+
"properties": {
|
|
1509
|
+
"global": {
|
|
1510
|
+
"type": "object",
|
|
1511
|
+
"properties": {
|
|
1512
|
+
"ai": {
|
|
1513
|
+
"type": "object",
|
|
1514
|
+
"required": ["openaiApiKey"],
|
|
1515
|
+
"properties": {
|
|
1516
|
+
"openaiApiKey": { "type": "string", "minLength": 1 }
|
|
1517
|
+
}
|
|
1518
|
+
}
|
|
1519
|
+
}
|
|
1520
|
+
}
|
|
1521
|
+
}
|
|
1522
|
+
}
|
|
1523
|
+
]
|
|
1524
|
+
}
|
|
1525
|
+
},
|
|
1526
|
+
{
|
|
1527
|
+
"title": "Inline Secrets Validation",
|
|
1528
|
+
"description": "If no external secretRef is provided (empty string), sensitive values must be provided inline.",
|
|
1529
|
+
"if": {
|
|
1530
|
+
"properties": {
|
|
1531
|
+
"global": {
|
|
1532
|
+
"type": "object",
|
|
1533
|
+
"properties": {
|
|
1534
|
+
"secrets": {
|
|
1535
|
+
"type": "object",
|
|
1536
|
+
"properties": {
|
|
1537
|
+
"secretRef": { "const": "" }
|
|
1538
|
+
},
|
|
1539
|
+
"required": ["secretRef"]
|
|
1540
|
+
}
|
|
1541
|
+
},
|
|
1542
|
+
"required": ["secrets"]
|
|
1543
|
+
}
|
|
1544
|
+
},
|
|
1545
|
+
"required": ["global"]
|
|
1546
|
+
},
|
|
1547
|
+
"then": {
|
|
1548
|
+
"properties": {
|
|
1549
|
+
"global": {
|
|
1550
|
+
"type": "object",
|
|
1551
|
+
"required": ["licenseKey"],
|
|
1552
|
+
"properties": {
|
|
1553
|
+
"licenseKey": { "type": "string", "minLength": 1 },
|
|
1554
|
+
"smtp": {
|
|
1555
|
+
"type": "object",
|
|
1556
|
+
"required": ["user", "pass"],
|
|
1557
|
+
"properties": {
|
|
1558
|
+
"user": { "type": "string", "minLength": 1 },
|
|
1559
|
+
"pass": { "type": "string", "minLength": 1 }
|
|
1560
|
+
}
|
|
1561
|
+
}
|
|
1562
|
+
}
|
|
1563
|
+
}
|
|
1564
|
+
}
|
|
1565
|
+
}
|
|
1566
|
+
},
|
|
1567
|
+
{
|
|
1568
|
+
"title": "External DNS Consistency",
|
|
1569
|
+
"description": "If external-dns subchart is enabled, global.externalDnsEnabled must also be true.",
|
|
1570
|
+
"if": {
|
|
1571
|
+
"properties": {
|
|
1572
|
+
"external-dns": {
|
|
1573
|
+
"type": "object",
|
|
1574
|
+
"properties": {
|
|
1575
|
+
"enabled": { "const": true }
|
|
1576
|
+
},
|
|
1577
|
+
"required": ["enabled"]
|
|
1578
|
+
}
|
|
1579
|
+
},
|
|
1580
|
+
"required": ["external-dns"]
|
|
1581
|
+
},
|
|
1582
|
+
"then": {
|
|
1583
|
+
"properties": {
|
|
1584
|
+
"global": {
|
|
1585
|
+
"type": "object",
|
|
1586
|
+
"properties": {
|
|
1587
|
+
"externalDnsEnabled": { "const": true }
|
|
1588
|
+
},
|
|
1589
|
+
"required": ["externalDnsEnabled"]
|
|
1590
|
+
}
|
|
1591
|
+
}
|
|
1592
|
+
}
|
|
1593
|
+
},
|
|
1594
|
+
{
|
|
1595
|
+
"title": "External Auth Validation",
|
|
1596
|
+
"description": "If externalAuth is enabled, a Supabase JWT secret is required (sourced from global.supabase.jwtSecret).",
|
|
1597
|
+
"if": {
|
|
1598
|
+
"properties": {
|
|
1599
|
+
"global": {
|
|
1600
|
+
"type": "object",
|
|
1601
|
+
"properties": {
|
|
1602
|
+
"externalAuth": {
|
|
1603
|
+
"type": "object",
|
|
1604
|
+
"properties": {
|
|
1605
|
+
"enabled": { "const": true }
|
|
1606
|
+
},
|
|
1607
|
+
"required": ["enabled"]
|
|
1608
|
+
}
|
|
1609
|
+
},
|
|
1610
|
+
"required": ["externalAuth"]
|
|
1611
|
+
}
|
|
1612
|
+
},
|
|
1613
|
+
"required": ["global"]
|
|
1614
|
+
},
|
|
1615
|
+
"then": {
|
|
1616
|
+
"anyOf": [
|
|
1617
|
+
{
|
|
1618
|
+
"properties": {
|
|
1619
|
+
"global": {
|
|
1620
|
+
"type": "object",
|
|
1621
|
+
"properties": {
|
|
1622
|
+
"secrets": {
|
|
1623
|
+
"type": "object",
|
|
1624
|
+
"required": ["secretRef"],
|
|
1625
|
+
"properties": {
|
|
1626
|
+
"secretRef": { "type": "string", "minLength": 1 }
|
|
1627
|
+
}
|
|
1628
|
+
}
|
|
1629
|
+
},
|
|
1630
|
+
"required": ["secrets"]
|
|
1631
|
+
}
|
|
1632
|
+
}
|
|
1633
|
+
},
|
|
1634
|
+
{
|
|
1635
|
+
"properties": {
|
|
1636
|
+
"global": {
|
|
1637
|
+
"type": "object",
|
|
1638
|
+
"properties": {
|
|
1639
|
+
"supabase": {
|
|
1640
|
+
"type": "object",
|
|
1641
|
+
"required": ["jwtSecret"],
|
|
1642
|
+
"properties": {
|
|
1643
|
+
"jwtSecret": { "type": "string", "minLength": 1 }
|
|
1644
|
+
}
|
|
1645
|
+
}
|
|
1646
|
+
}
|
|
1647
|
+
}
|
|
1648
|
+
}
|
|
1649
|
+
}
|
|
1650
|
+
]
|
|
1651
|
+
}
|
|
1652
|
+
},
|
|
1653
|
+
{
|
|
1654
|
+
"title": "SSO Validation",
|
|
1655
|
+
"description": "If SSO is enabled, provider, clientId, and clientSecret are required.",
|
|
1656
|
+
"if": {
|
|
1657
|
+
"properties": {
|
|
1658
|
+
"global": {
|
|
1659
|
+
"type": "object",
|
|
1660
|
+
"properties": {
|
|
1661
|
+
"sso": {
|
|
1662
|
+
"type": "object",
|
|
1663
|
+
"properties": {
|
|
1664
|
+
"enabled": { "const": true }
|
|
1665
|
+
},
|
|
1666
|
+
"required": ["enabled"]
|
|
1667
|
+
}
|
|
1668
|
+
},
|
|
1669
|
+
"required": ["sso"]
|
|
1670
|
+
}
|
|
1671
|
+
},
|
|
1672
|
+
"required": ["global"]
|
|
1673
|
+
},
|
|
1674
|
+
"then": {
|
|
1675
|
+
"properties": {
|
|
1676
|
+
"global": {
|
|
1677
|
+
"type": "object",
|
|
1678
|
+
"properties": {
|
|
1679
|
+
"sso": {
|
|
1680
|
+
"type": "object",
|
|
1681
|
+
"required": ["provider"],
|
|
1682
|
+
"properties": {
|
|
1683
|
+
"provider": { "type": "string", "minLength": 1 }
|
|
1684
|
+
}
|
|
1685
|
+
}
|
|
1686
|
+
}
|
|
1687
|
+
}
|
|
1688
|
+
},
|
|
1689
|
+
"anyOf": [
|
|
1690
|
+
{
|
|
1691
|
+
"properties": {
|
|
1692
|
+
"global": {
|
|
1693
|
+
"type": "object",
|
|
1694
|
+
"properties": {
|
|
1695
|
+
"secrets": {
|
|
1696
|
+
"type": "object",
|
|
1697
|
+
"required": ["secretRef"],
|
|
1698
|
+
"properties": {
|
|
1699
|
+
"secretRef": { "type": "string", "minLength": 1 }
|
|
1700
|
+
}
|
|
1701
|
+
}
|
|
1702
|
+
},
|
|
1703
|
+
"required": ["secrets"]
|
|
1704
|
+
}
|
|
1705
|
+
}
|
|
1706
|
+
},
|
|
1707
|
+
{
|
|
1708
|
+
"properties": {
|
|
1709
|
+
"global": {
|
|
1710
|
+
"type": "object",
|
|
1711
|
+
"properties": {
|
|
1712
|
+
"sso": {
|
|
1713
|
+
"type": "object",
|
|
1714
|
+
"required": ["clientId", "clientSecret"],
|
|
1715
|
+
"properties": {
|
|
1716
|
+
"clientId": { "type": "string", "minLength": 1 },
|
|
1717
|
+
"clientSecret": { "type": "string", "minLength": 1 }
|
|
1718
|
+
}
|
|
1719
|
+
}
|
|
1720
|
+
}
|
|
1721
|
+
}
|
|
1722
|
+
}
|
|
1723
|
+
}
|
|
1724
|
+
]
|
|
1725
|
+
}
|
|
1726
|
+
},
|
|
1727
|
+
{
|
|
1728
|
+
"title": "Decision Log Query Storage Validation",
|
|
1729
|
+
"description": "Decision log query requires shared object storage to be configured.",
|
|
1730
|
+
"if": {
|
|
1731
|
+
"properties": {
|
|
1732
|
+
"clickhouse": {
|
|
1733
|
+
"type": "object",
|
|
1734
|
+
"properties": {
|
|
1735
|
+
"enabled": { "const": true }
|
|
1736
|
+
},
|
|
1737
|
+
"required": ["enabled"]
|
|
1738
|
+
}
|
|
1739
|
+
},
|
|
1740
|
+
"required": ["clickhouse"]
|
|
1741
|
+
},
|
|
1742
|
+
"then": {
|
|
1743
|
+
"properties": {
|
|
1744
|
+
"global": {
|
|
1745
|
+
"type": "object",
|
|
1746
|
+
"required": ["storage"],
|
|
1747
|
+
"properties": {
|
|
1748
|
+
"storage": {
|
|
1749
|
+
"type": "object",
|
|
1750
|
+
"required": ["provider", "bucket"],
|
|
1751
|
+
"properties": {
|
|
1752
|
+
"provider": { "type": "string", "enum": ["s3", "azure-blob", "gcs"] },
|
|
1753
|
+
"bucket": { "type": "string", "minLength": 1 }
|
|
1754
|
+
}
|
|
1755
|
+
}
|
|
1756
|
+
}
|
|
1757
|
+
}
|
|
1758
|
+
}
|
|
1759
|
+
}
|
|
1760
|
+
},
|
|
1761
|
+
{
|
|
1762
|
+
"title": "Database Backup Storage Validation",
|
|
1763
|
+
"description": "Database backups require self-hosted Supabase and shared object storage to be configured.",
|
|
1764
|
+
"if": {
|
|
1765
|
+
"properties": {
|
|
1766
|
+
"backup": {
|
|
1767
|
+
"type": "object",
|
|
1768
|
+
"properties": {
|
|
1769
|
+
"enabled": { "const": true }
|
|
1770
|
+
},
|
|
1771
|
+
"required": ["enabled"]
|
|
1772
|
+
}
|
|
1773
|
+
},
|
|
1774
|
+
"required": ["backup"]
|
|
1775
|
+
},
|
|
1776
|
+
"then": {
|
|
1777
|
+
"properties": {
|
|
1778
|
+
"global": {
|
|
1779
|
+
"type": "object",
|
|
1780
|
+
"required": ["storage"],
|
|
1781
|
+
"properties": {
|
|
1782
|
+
"storage": {
|
|
1783
|
+
"type": "object",
|
|
1784
|
+
"required": ["provider", "bucket"],
|
|
1785
|
+
"properties": {
|
|
1786
|
+
"provider": { "type": "string", "enum": ["s3", "azure-blob", "gcs"] },
|
|
1787
|
+
"bucket": { "type": "string", "minLength": 1 }
|
|
1788
|
+
}
|
|
1789
|
+
}
|
|
1790
|
+
}
|
|
1791
|
+
},
|
|
1792
|
+
"supabase": {
|
|
1793
|
+
"type": "object",
|
|
1794
|
+
"required": ["enabled", "db"],
|
|
1795
|
+
"properties": {
|
|
1796
|
+
"enabled": { "const": true },
|
|
1797
|
+
"db": {
|
|
1798
|
+
"type": "object",
|
|
1799
|
+
"required": ["enabled"],
|
|
1800
|
+
"properties": {
|
|
1801
|
+
"enabled": { "const": true }
|
|
1802
|
+
}
|
|
1803
|
+
}
|
|
1804
|
+
}
|
|
1805
|
+
}
|
|
1806
|
+
}
|
|
1807
|
+
}
|
|
1808
|
+
},
|
|
1809
|
+
{
|
|
1810
|
+
"title": "Valkey Admin Ingress Auth Validation",
|
|
1811
|
+
"description": "Valkey Admin has no built-in authentication. If exposed through ingress, Traefik BasicAuth must be configured using htpasswd users or an existing Secret.",
|
|
1812
|
+
"if": {
|
|
1813
|
+
"properties": {
|
|
1814
|
+
"rulebricks": {
|
|
1815
|
+
"type": "object",
|
|
1816
|
+
"properties": {
|
|
1817
|
+
"cache": {
|
|
1818
|
+
"type": "object",
|
|
1819
|
+
"properties": {
|
|
1820
|
+
"valkeyAdmin": {
|
|
1821
|
+
"type": "object",
|
|
1822
|
+
"properties": {
|
|
1823
|
+
"enabled": { "const": true },
|
|
1824
|
+
"exposure": { "const": "ingress" },
|
|
1825
|
+
"ingress": {
|
|
1826
|
+
"type": "object",
|
|
1827
|
+
"properties": {
|
|
1828
|
+
"enabled": { "const": true }
|
|
1829
|
+
},
|
|
1830
|
+
"required": ["enabled"]
|
|
1831
|
+
}
|
|
1832
|
+
},
|
|
1833
|
+
"required": ["enabled", "exposure", "ingress"]
|
|
1834
|
+
}
|
|
1835
|
+
},
|
|
1836
|
+
"required": ["valkeyAdmin"]
|
|
1837
|
+
}
|
|
1838
|
+
},
|
|
1839
|
+
"required": ["cache"]
|
|
1840
|
+
}
|
|
1841
|
+
},
|
|
1842
|
+
"required": ["rulebricks"]
|
|
1843
|
+
},
|
|
1844
|
+
"then": {
|
|
1845
|
+
"properties": {
|
|
1846
|
+
"rulebricks": {
|
|
1847
|
+
"type": "object",
|
|
1848
|
+
"properties": {
|
|
1849
|
+
"cache": {
|
|
1850
|
+
"type": "object",
|
|
1851
|
+
"properties": {
|
|
1852
|
+
"valkeyAdmin": {
|
|
1853
|
+
"type": "object",
|
|
1854
|
+
"properties": {
|
|
1855
|
+
"ingress": {
|
|
1856
|
+
"type": "object",
|
|
1857
|
+
"properties": {
|
|
1858
|
+
"basicAuth": {
|
|
1859
|
+
"type": "object",
|
|
1860
|
+
"anyOf": [
|
|
1861
|
+
{
|
|
1862
|
+
"required": ["existingSecret"],
|
|
1863
|
+
"properties": {
|
|
1864
|
+
"existingSecret": { "type": "string", "minLength": 1 }
|
|
1865
|
+
}
|
|
1866
|
+
},
|
|
1867
|
+
{
|
|
1868
|
+
"required": ["users"],
|
|
1869
|
+
"properties": {
|
|
1870
|
+
"users": {
|
|
1871
|
+
"type": "array",
|
|
1872
|
+
"minItems": 1,
|
|
1873
|
+
"items": { "type": "string", "minLength": 1 }
|
|
1874
|
+
}
|
|
1875
|
+
}
|
|
1876
|
+
}
|
|
1877
|
+
]
|
|
1878
|
+
}
|
|
1879
|
+
},
|
|
1880
|
+
"required": ["basicAuth"]
|
|
1881
|
+
}
|
|
1882
|
+
}
|
|
1883
|
+
}
|
|
1884
|
+
}
|
|
1885
|
+
}
|
|
1886
|
+
}
|
|
1887
|
+
}
|
|
1888
|
+
}
|
|
1889
|
+
}
|
|
1890
|
+
}
|
|
1891
|
+
],
|
|
1892
|
+
"definitions": {
|
|
1893
|
+
"toleration": {
|
|
1894
|
+
"type": "object",
|
|
1895
|
+
"description": "Kubernetes toleration",
|
|
1896
|
+
"properties": {
|
|
1897
|
+
"key": { "type": "string" },
|
|
1898
|
+
"operator": { "type": "string", "enum": ["Exists", "Equal"] },
|
|
1899
|
+
"value": { "type": "string" },
|
|
1900
|
+
"effect": { "type": "string", "enum": ["NoSchedule", "PreferNoSchedule", "NoExecute"] },
|
|
1901
|
+
"tolerationSeconds": { "type": "integer" }
|
|
1902
|
+
}
|
|
1903
|
+
},
|
|
1904
|
+
"podDisruptionBudget": {
|
|
1905
|
+
"type": "object",
|
|
1906
|
+
"description": "Kubernetes PodDisruptionBudget configuration",
|
|
1907
|
+
"properties": {
|
|
1908
|
+
"enabled": { "type": "boolean" },
|
|
1909
|
+
"minAvailable": { "type": ["integer", "string"] },
|
|
1910
|
+
"maxUnavailable": { "type": ["integer", "string"] }
|
|
1911
|
+
}
|
|
1912
|
+
},
|
|
1913
|
+
"resources": {
|
|
1914
|
+
"type": "object",
|
|
1915
|
+
"description": "Kubernetes resource requests/limits",
|
|
1916
|
+
"properties": {
|
|
1917
|
+
"requests": {
|
|
1918
|
+
"type": "object",
|
|
1919
|
+
"properties": {
|
|
1920
|
+
"cpu": { "type": "string" },
|
|
1921
|
+
"memory": { "type": "string" }
|
|
1922
|
+
}
|
|
1923
|
+
},
|
|
1924
|
+
"limits": {
|
|
1925
|
+
"type": "object",
|
|
1926
|
+
"properties": {
|
|
1927
|
+
"cpu": { "type": "string" },
|
|
1928
|
+
"memory": { "type": "string" }
|
|
1929
|
+
}
|
|
1930
|
+
}
|
|
1931
|
+
}
|
|
1932
|
+
}
|
|
1933
|
+
}
|
|
1934
|
+
}
|