Install with Chart

Use Helm to install Otomi

ATTENTION: The new Otomi Chart install is still in PREVIEW!

If you encounter problems, please create an issue here.

Prerequisites#

Installing via Helm repository#

Adding otomi helm repository#

First add the Otomi Helm repository:

helm repo add otomi https://otomi.io/otomi-core
helm repo update

See helm repo for command documentation.

Installing the Chart#

Now install the chart with the name my-otomi-release (a custom name that you choose) and with the prepared values.yaml file.

helm install -f /path/to/values.yaml my-otomi-release otomi/otomi

You can also install a specific version of the chart. See here for a list of all available versions.

helm install -f /path/to/values.yaml my-otomi-release otomi/otomi --version 0.1.6

See helm install for command documentation.

Monitoring the Chart install#

The chart deploys a Job (<your-release-name>-) in the default namespace. Use K9s (or any tool of your preference), to monitor the install. After the deploy job has finished, check Gitea to see if the otomi\values repo contains values. If not, uninstall the chart and install a second time.

Next steps#

When Otomi is installed, first create a team. In CE mode, start here.

Installing from source#

As an alternative, you can also clone the otomi-core source code from the Github and install otomi using the chart source code.

Download source#

git clone https://github.com/redkubes/otomi-core.git
cd otomi-core

Install from source#

Now customize the values.yaml file. See configuration below for more details.

Use the following command to install the chart with the name my-otomi-release (a custom name that you choose).

helm install -f /path/to/values.yaml my-otomi-release chart/otomi

Uninstalling the Chart#

helm uninstall my-otomi-release

Doing a Helm uninstall will only remove the job used to deploy Otomi. It will not remove all the installed components. If you would like to do a complete uninstall, we advise to first clone the otomi/values repository (to secure the configuration) and then uninstall using Otomi CLI.

Uninstalling optional applications using the chart is possible by toggeling them on/of (by specifying enabled is true or false).

Monitoring the Chart install#

The chart deploys a Job (<your-release-name>-) in the default namespace. Use K9s (or any tool of your preference), to monitor the install. After the deploy job has finished, check Gitea to see if the otomi\values repo contains values. If not, uninstall the chart and install a second time.

Configuration#

See Customizing the Chart Before Installing. To see all configurable options with detailed comments, visit the chart's values.yaml, or run these configuration commands:

helm show values otomi/otomi

Minimal required values#

The following table lists the minimal required values:

ParameterTypeDefaultDescription
tasksImage.tagstring''The otomi-tasks image tag. Use latest or choose a release
cluster.domainSuffixstring''The top-level domain for the cluster, for example: mycluster.mydomain.com
cluster.namestring''The name of the cluster
cluster.ownerstring''The owner/organization of the cluster
cluster.providerstring''The cloud provider where the K8s cluster is running. Use aws, azure or google.
dns.providerstring''The cloud provider where the DNS service is used. Use aws, azure or google. See providers
otomi.adminPasswordstring''The password of the otomi-admin account
otomi.versionstring''The otomi-core version used
charts.external-dns.domainFiltersstring''The name of your hosted DNS zone, for example mydomain.com
charts.gitea.postgresqlPasswordstring''The password used for PostgreSQL db used by Gitea
charts.keycloak.postgresqlPasswordstring''The password used for PostgreSQL db used by KeyCloak. Needs to be set to avoid generating a new one each time
charts.keycloak.idp.clientSecretstring''a randdom provided password
charts.keycloak.idp.clientIDstringotomi
charts.loki.adminPasswordstring''The password used for used for splitting logs for teams
charts.kubeapps.postgresqlPasswordstring''The password used for PostgreSQL db used by KeyCloak. Needs to be set to avoid generating a new one each time
charts.oauth2-proxy.config.cookieSecretstring''Needs to be set to avoid generating a new one each time

OIDC#

At the moment, Otomi can only use Azure AD as IDP to provide SSO. We will soon provide the option to also use KeyCloak as IDP.

ParameterTypeDefaultDescription
oidc.clientIDstring''The client ID of the Azure Service Principal used
oidc.clientSecretstring''The secret of the used Azure Service Principal used
oidc.adminGroupIDstring''The ID of the Azure AD group used for the Otomi otomi-admin (platform admin) role
oidc.authUrlstring''https://login.microsoftonline.com/your-azure-ad-tenant-id/oauth2/authorize
oidc.issuerstring''https://login.microsoftonline.com/your-azure-ad-tenant-id/
oidc.teamAdminGroupIDstring''The ID of the Azure AD group used for the Otomi team-admin role
oidc.tenantIDstring''The tenant ID of Azure Active Directory
oidc.tokenUrlstring''https://login.microsoftonline.com/your-azure-ad-tenant-id/oauth2/token

Providers#

Configure these parameters based on your cloud of choice.

AWS#
ParameterTypeDefaultDescription
dns.provider.aws.regionstring''
Azure#
ParameterTypeDefaultDescription
dns.provider.azure.aadClientIdstring''The client ID of the Service Principal used
dns.provider.azure.aadClientSecretstring''The secret of the used Service Principal
dns.provider.azure.tenantIdstring''The tenant ID of the Azure directory of the Azure AD client
dns.provider.azure.subscriptionIdstring''The subscription ID of the Azure subscription containing the Azure DNS zone
dns.provider.azure.resourceGroupstring''The resource group name of the Azure DNS zone

You can find the tenantId by running az account show --query "tenantId" or by selecting Azure Active Directory in the Azure Portal and checking the Directory ID under Properties.

You can find the subscriptionId by running az account show --query "id" or by selecting Subscriptions in the Azure Portal.

The aadClientID and aaClientSecret are associated with the required Service Principal.

Google#
ParameterTypeDefaultDescription
dns.provider.google.serviceAccountKeystring''
dns.provider.google.projectstring''

Optional: using SOPS#

ATTENTION: Although using SOPS to encrypt all secrets is optional, we strongly recommend using it!

Providers#

Configure these parameters based on your cloud of choice.

AWS#
ParameterTypeDefaultDescription
kms.sops.providerstring''The cloud provider where the Kubernetes cluster is running. Use aws.
kms.sops.aws.clientIDstring''
kms.sops.aws.clientSecretstring''
kms.sops.aws.accessKeystring''
kms.sops.aws.secretKeystring''
Azure#
ParameterTypeDefaultDescription
kms.sops.providerstring''The cloud provider where the Kubernetes cluster is running. Use azure.
kms.sops.azure.tenantIDstring''The tenant ID of the Azure directory
kms.sops.azure.clientIDstring''The client ID of the Service Principal used
kms.sops.azure.clientSecretstring''The secret of the used Service Principal
kms.sops.azure.keysstring''Comma separated list of one or two paths to keys as defined in Azure Vault. One if used for both enc+dec. Two if one for enc, other for dec.
Google#
ParameterTypeDefaultDescription
kms.sops.providerstring''The cloud provider where the Kubernetes cluster is running. Use google.
kms.sops.google.accountJsonstring''
kms.sops.google.projectstring''
kms.sops.google.keysstring''Comma separated list of one or two paths to keys as defined in GCP KMS. One if used for both enc+dec. Two if one for enc, other for dec.

All values#

ParameterTypeDescriptionDefault
alerts.dronestringslack
alerts.email.criticalstringOne or more email addresses (comma separated) for critical events.nil
alerts.email.nonCriticalstringOne or more email addresses (comma separated) for non-critical events.nil
alerts.groupIntervalstringHow long to wait before sending a notification about new alerts that are added to a group of alerts for which an initial notification has already been sent. (Usually ~5m or more.)5m
alerts.msteams.highPriostringThe low prio web hook.nil
alerts.msteams.lowPriostringThe high prio web hook.nil
alerts.receivers.[]stringnil
alerts.repeatIntervalstringHow long to wait before sending a notification again if it has already been sent successfully for an alert. (Usually ~3h or more).3h
alerts.slack.channelstringThe Slack channel for non-critical notifications.dev-mon-otomi
alerts.slack.channelCritstringThe Slack channel for critical notifications.dev-mon-otomi
alerts.slack.urlstringA Slack webhook URL.nil
azure.storageType.faststringnil
azure.storageType.standardstringnil
azure.appgw.isManagedbooleanIs this appgw installed as AKS addon?true
azure.monitor.appInsightsApiKeystringAn Azure AppInsights client secret.nil
azure.monitor.appInsightsAppIdstringAn Azure client id.nil
azure.monitor.azureLogAnalyticsSameAsbooleantrue
azure.monitor.clientIdstringAn Azure client id.nil
azure.monitor.clientSecretstringAn Azure client secret.nil
azure.monitor.logAnalyticsClientIdstringAn Azure client secret.nil
azure.monitor.logAnalyticsClientSecretstringAn Azure client secret.nil
azure.monitor.logAnalyticsTenantIdstringAn Azure tenant id.nil
azure.monitor.logAnalyticsDefaultWorkspacestringAn Azure LogAnalytics workspace.nil
azure.monitor.subscriptionIdstringAn Azure subscription id.nil
azure.monitor.tenantIdstringAn Azure tenant id.nil
cloud.skipStorageClasses.[]stringnil
charts.cert-manager.emailstringnil
charts.cert-manager.stagestringThe Let’s Encrypt environment that is used for issuing certificates. The 'production' environment issues trusted certificates but has narrow rate limits, whereas the 'staging' environment issues untrusted certificates but provides broader rate limits. Read more about rate limits: https://letsencrypt.org/docs/rate-limits/.staging
charts.cluster-overprovisioner.cpustringAmount of cores, or slice of cpu in millis.nil
charts.cluster-overprovisioner.enabledbooleannil
charts.cluster-overprovisioner.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.demo-tlspass.enabledbooleannil
charts.demo-tlspass.tlsCertstringnil
charts.demo-tlspass.tlsKeystringnil
charts.drone.adminIsMachinebooleannil
charts.drone.adminUserstringnil
charts.drone.adminTokenstringnil
charts.drone.debugbooleannil
charts.drone.enabledbooleannil
charts.drone.githubAdmins.orgstringnil
charts.drone.githubAdmins.teamstringnil
charts.drone.githubAdmins.tokenstringnil
charts.drone.orgsFilterstringnil
charts.drone.ownerstringnil
charts.drone.repostringA lowercase name that starts with a letter and may contain dashes.nil
charts.drone.repoFilterstringnil
charts.drone.resources.runner.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.drone.resources.runner.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.drone.resources.runner.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.drone.resources.runner.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.drone.resources.server.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.drone.resources.server.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.drone.resources.server.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.drone.resources.server.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.drone.sharedSecretstringA secret used by drone-admit-members plugin.nil
charts.drone.sourceControl.bitbucketCloud.clientIDstringnil
charts.drone.sourceControl.bitbucketCloud.clientSecretValuestringnil
charts.drone.sourceControl.bitbucketServer.consumerKeystringconsumerKey
charts.drone.sourceControl.bitbucketServer.passwordKeystringpassword
charts.drone.sourceControl.bitbucketServer.privateKeystringprivateKey
charts.drone.sourceControl.bitbucketServer.serverstringnil
charts.drone.sourceControl.bitbucketServer.usernamestringnil
charts.drone.sourceControl.gitea.clientIDstringnil
charts.drone.sourceControl.gitea.clientSecretValuestringnil
charts.drone.sourceControl.gitea.serverstringnil
charts.drone.sourceControl.github.clientIDstringnil
charts.drone.sourceControl.github.clientSecretValuestringnil
charts.drone.sourceControl.github.serverstringhttps://github.com
charts.drone.sourceControl.gitlab.clientIDstringnil
charts.drone.sourceControl.gitlab.clientSecretValuestringnil
charts.drone.sourceControl.gitlab.serverstringnil
charts.drone.sourceControl.gogs.serverstringnil
charts.drone.sourceControl.passwordstringnil
charts.drone.sourceControl.providerstringgithub
charts.drone.sourceControl.secretstringnil
charts.drone.sourceControl.usernamestringnil
charts.drone.tracebooleannil
charts.external-dns.domainFilters.[]stringnil
charts.external-dns.zoneIdFilters.[]stringnil
charts.gatekeeper-operator.enabledbooleannil
charts.gatekeeper-operator.excludedNamespaces.[]stringnil
charts.gatekeeper-operator.emitAuditEventsbooleannil
charts.gatekeeper-operator.emitAdmissionEventsbooleannil
charts.gatekeeper-operator.auditFromCachebooleannil
charts.gatekeeper-operator.disableValidatingWebhookbooleannil
charts.gatekeeper-operator.logLevelstringnil
charts.gatekeeper-operator.constraintViolationsLimitintegernil
charts.gatekeeper-operator.auditIntervalintegernil
charts.gatekeeper-operator.replicasintegernil
charts.gitea.enabledbooleannil
charts.gitea.adminPasswordstringnil
charts.gitea.postgresqlPasswordstringOnce set and deployed it cannot be changed with manual intervention.nil
charts.harbor.adminPasswordstringnil
charts.harbor.core.secretstringnil
charts.harbor.core.xsrfKeystringnil
charts.harbor.enabledbooleannil
charts.harbor.jobservice.secretstringnil
charts.harbor.persistence.imageChartStorage.aws.accesskeystringAn AWS access key ID.nil
charts.harbor.persistence.imageChartStorage.aws.secretkeystringAn AWS secret key.nil
charts.harbor.persistence.imageChartStorage.aws.regionstringnil
charts.harbor.persistence.imageChartStorage.aws.regionendpointstringnil
charts.harbor.persistence.imageChartStorage.aws.bucketstringnil
charts.harbor.persistence.imageChartStorage.aws.encryptbooleannil
charts.harbor.persistence.imageChartStorage.aws.keyidstringnil
charts.harbor.persistence.imageChartStorage.aws.securebooleannil
charts.harbor.persistence.imageChartStorage.aws.v4authbooleannil
charts.harbor.persistence.imageChartStorage.aws.chunksizeintegernil
charts.harbor.persistence.imageChartStorage.aws.multipartcopychunksizeintegernil
charts.harbor.persistence.imageChartStorage.aws.multipartcopymaxconcurrencyintegernil
charts.harbor.persistence.imageChartStorage.aws.multipartcopythresholdsizeintegernil
charts.harbor.persistence.imageChartStorage.aws.rootdirectorystringnil
charts.harbor.persistence.imageChartStorage.azure.accountnamestringnil
charts.harbor.persistence.imageChartStorage.azure.accountkeystringnil
charts.harbor.persistence.imageChartStorage.azure.containerstringnil
charts.harbor.persistence.imageChartStorage.azure.realmstringnil
charts.harbor.persistence.imageChartStorage.gcs.bucketstringnil
charts.harbor.persistence.imageChartStorage.gcs.encodedkeystringnil
charts.harbor.persistence.imageChartStorage.gcs.rootdirectorystringnil
charts.harbor.persistence.imageChartStorage.typestringnil
charts.harbor.registry.secretstringnil
charts.harbor.registry.credentials.htpasswdstringnil
charts.harbor.registry.credentials.usernamestringnil
charts.harbor.registry.credentials.passwordstringnil
charts.harbor.resources.adapter.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.adapter.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.adapter.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.adapter.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.chartmuseum.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.chartmuseum.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.chartmuseum.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.chartmuseum.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.clair.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.clair.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.clair.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.clair.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.controller.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.controller.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.controller.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.controller.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.core.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.core.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.core.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.core.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.database.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.database.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.database.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.database.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.jobservice.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.jobservice.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.jobservice.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.jobservice.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.portal.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.portal.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.portal.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.portal.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.redis.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.redis.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.redis.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.redis.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.registry.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.registry.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.registry.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.registry.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.registry-controller.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.registry-controller.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.resources.registry-controller.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.harbor.resources.registry-controller.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.harbor.secretKeystringnil
charts.hello.enabledbooleanHello world demo chart. When you turn this off you may also have to remove the ingress service.nil
charts.httpbin.enabledbooleanThe famous httpbin application.nil
charts.ingress-azure.enabledbooleannil
charts.ingress-azure.appgw.namestringA name of the Application Gateway.nil
charts.ingress-azure.appgw.resourceGroupstringA name of the Azure Resource Group in which Application Gateway was created.nil
charts.ingress-azure.appgw.subnetNamestringA subnet of the application gateway.nil
charts.ingress-azure.appgw.subnetPrefixstringA subnet in CIDR notation.nil
charts.ingress-azure.appgw.subscriptionIdstringThe Azure Subscription ID in which Application Gateway resides.nil
charts.ingress-azure.appgw.usePrivateIPbooleanWhether a private ip range or not.nil
charts.ingress-azure.armAuth.secretJSONstringA service Principal secret JSON key (base64 encoded).nil
charts.istio.addonComponents.grafana.enabledbooleannil
charts.istio.addonComponents.kiali.enabledbooleannil
charts.istio.addonComponents.prometheus.enabledbooleannil
charts.istio.addonComponents.tracing.enabledbooleannil
charts.istio.autoscaling.egressgateway.maxReplicasintegernil
charts.istio.autoscaling.egressgateway.minReplicasintegernil
charts.istio.autoscaling.gateway-local.maxReplicasintegernil
charts.istio.autoscaling.gateway-local.minReplicasintegernil
charts.istio.autoscaling.ingressgateway.maxReplicasintegernil
charts.istio.autoscaling.ingressgateway.minReplicasintegernil
charts.istio.autoscaling.ingressgateway-auth.maxReplicasintegernil
charts.istio.autoscaling.ingressgateway-auth.minReplicasintegernil
charts.istio.autoscaling.pilot.maxReplicasintegernil
charts.istio.autoscaling.pilot.minReplicasintegernil
charts.istio.egressGateway.enabledbooleannil
charts.istio.global.logging.levelstringnil
charts.istio.global.mtls.enabledbooleannil
charts.istio.global.proxy.resources.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.istio.global.proxy.resources.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.istio.global.proxy.resources.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.istio.global.proxy.resources.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.istio.global.sds.enabledbooleannil
charts.istio.resources.egressgateway.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.istio.resources.egressgateway.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.istio.resources.egressgateway.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.istio.resources.egressgateway.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.istio.resources.gateway-local.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.istio.resources.gateway-local.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.istio.resources.gateway-local.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.istio.resources.gateway-local.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.istio.resources.ingressgateway.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.istio.resources.ingressgateway.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.istio.resources.ingressgateway.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.istio.resources.ingressgateway.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.istio.resources.ingressgateway-auth.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.istio.resources.ingressgateway-auth.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.istio.resources.ingressgateway-auth.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.istio.resources.ingressgateway-auth.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.istio.resources.pilot.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.istio.resources.pilot.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.istio.resources.pilot.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.istio.resources.pilot.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.keycloak.enabledbooleantrue
charts.keycloak.idp.aliasstringnil
charts.keycloak.idp.clientIDstringnil
charts.keycloak.idp.clientSecretstringnil
charts.keycloak.postgresqlPasswordstringOnce set and deployed it cannot be changed with manual intervention.nil
charts.keycloak.resources.keycloak.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.keycloak.resources.keycloak.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.keycloak.resources.keycloak.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.keycloak.resources.keycloak.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.keycloak.resources.postgresql.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.keycloak.resources.postgresql.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.keycloak.resources.postgresql.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.keycloak.resources.postgresql.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.keycloak.themestringnil
charts.kubeapps.enabledbooleantrue
charts.kubeapps.postgresqlPasswordstringOnce set and deployed it cannot be changed with manual intervention.nil
charts.kubernetes-external-secrets.logLevelstringinfo
charts.kube-descheduler.enabledbooleantrue
charts.kube-descheduler.schedulestring*/30 * * * *
charts.loki.adminPasswordstringnil
charts.loki.persistence.sizestring20Gi
charts.loki.retention.durationstring24h
charts.loki.retention.periodstringShould be a multiple of 24h. See https://grafana.com/docs/loki/latest/operations/storage/boltdb-shipper/.24h
charts.loki.azure.account_keystringnil
charts.loki.azure.account_namestringnil
charts.loki.azure.container_namestringnil
charts.loki.storageTypestringnil
charts.loki.v11StartDatestringSet this to a date just after deployment in case of an upgrade. (Otomi started at v9 with filesystem.)nil
charts.nginx-ingress.autoscaling.enabledbooleantrue
charts.nginx-ingress.autoscaling.maxReplicasinteger10
charts.nginx-ingress.autoscaling.minReplicasinteger2
charts.nginx-ingress.loadBalancerIPstringnil
charts.nginx-ingress.loadBalancerRGstringnil
charts.nginx-ingress.maxBodySizestring1024m
charts.nginx-ingress.maxBodySizeBytesnumberNeeded for modsecurity. Should correspond to maxBodySize, but expressed in bytes.1073741824
charts.nginx-ingress.modsecurity.blockbooleanMakes nginx block requests that are marked as violating the modsec rules.true
charts.nginx-ingress.modsecurity.enabledbooleannil
charts.nginx-ingress.modsecurity.owaspbooleanTurns on the default OWASP rule set for modsec. Seetrue
charts.nginx-ingress.resources.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.nginx-ingress.resources.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.nginx-ingress.resources.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.nginx-ingress.resources.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.nginx-ingress.private.enabledbooleanEnable to start an extra loadbalancer for private network traffic.nil
charts.nginx-ingress.private.autoscaling.enabledbooleantrue
charts.nginx-ingress.private.autoscaling.maxReplicasinteger10
charts.nginx-ingress.private.autoscaling.minReplicasinteger2
charts.nginx-ingress.private.loadBalancerIPstringnil
charts.nginx-ingress.private.loadBalancerRGstringnil
charts.nginx-ingress.private.resources.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.nginx-ingress.private.resources.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.nginx-ingress.private.resources.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.nginx-ingress.private.resources.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.nginx-ingress.private.service.annotations.patternProperties.^((([a-zA-Z0-9]\|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]\|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]){1,253}\/)?([a-z0-9A-Z]+[a-z0-9A-Z-_.]+[a-z0-9A-Z]){1,63}$stringnil
charts.nginx-ingress.service.annotations.patternProperties.^((([a-zA-Z0-9]\|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]\|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]){1,253}\/)?([a-z0-9A-Z]+[a-z0-9A-Z-_.]+[a-z0-9A-Z]){1,63}$stringnil
charts.oauth2-proxy.config.cookieSecretstringCookie secret must be 128 bit base64 encoded string.nil
charts.oauth2-proxy-redis.architecturestringstandalone
charts.oauth2-proxy-redis.passwordstringnil
charts.oauth2-proxy-redis.resources.master.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.oauth2-proxy-redis.resources.master.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.oauth2-proxy-redis.resources.master.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.oauth2-proxy-redis.resources.master.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.oauth2-proxy-redis.resources.sentinel.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.oauth2-proxy-redis.resources.sentinel.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.oauth2-proxy-redis.resources.sentinel.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.oauth2-proxy-redis.resources.sentinel.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.oauth2-proxy-redis.resources.slave.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.oauth2-proxy-redis.resources.slave.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.oauth2-proxy-redis.resources.slave.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.oauth2-proxy-redis.resources.slave.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.oauth2-proxy-redis.sizes.masterstringDisk size. Valid units are E|P|T|G|Ti|Gi.nil
charts.oauth2-proxy-redis.sizes.sentinelstringDisk size. Valid units are E|P|T|G|Ti|Gi.nil
charts.oauth2-proxy-redis.sizes.slavestringDisk size. Valid units are E|P|T|G|Ti|Gi.nil
charts.otomi-api.git.branchstringnil
charts.otomi-api.git.emailstringnil
charts.otomi-api.git.localPathstringnil
charts.otomi-api.git.passwordstringnil
charts.otomi-api.git.repoUrlstringPath to a remote git repo without protocol. Will use https to access.nil
charts.otomi-api.git.userstringnil
charts.otomi-api.image.pullPolicystringIfNotPresent
charts.otomi-api.image.tagstringnil
charts.otomi-api.resources.api.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.otomi-api.resources.api.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.otomi-api.resources.api.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.otomi-api.resources.api.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.otomi-api.resources.tools.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.otomi-api.resources.tools.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.otomi-api.resources.tools.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.otomi-api.resources.tools.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.otomi-api.tools.image.pullPolicystringIfNotPresent
charts.otomi-api.tools.image.tagstringnil
charts.otomi-console.image.pullPolicystringIfNotPresent
charts.otomi-console.image.tagstringnil
charts.prometheus-operator.grafana.adminPasswordstringnil
charts.prometheus-operator.prometheus.storageSizestringnil
charts.prometheus-operator.resources.grafana.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.prometheus-operator.resources.grafana.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.prometheus-operator.resources.grafana.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.prometheus-operator.resources.grafana.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.redis-shared.architecturestringstandalone
charts.redis-shared.passwordstringnil
charts.redis-shared.resources.master.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.redis-shared.resources.master.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.redis-shared.resources.master.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.redis-shared.resources.master.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.redis-shared.resources.sentinel.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.redis-shared.resources.sentinel.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.redis-shared.resources.sentinel.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.redis-shared.resources.sentinel.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.redis-shared.resources.slave.limits.cpustringAmount of cores, or slice of cpu in millis.nil
charts.redis-shared.resources.slave.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.redis-shared.resources.slave.requests.cpustringAmount of cores, or slice of cpu in millis.nil
charts.redis-shared.resources.slave.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
charts.redis-shared.sizes.masterstringDisk size. Valid units are E|P|T|G|Ti|Gi.nil
charts.redis-shared.sizes.sentinelstringDisk size. Valid units are E|P|T|G|Ti|Gi.nil
charts.redis-shared.sizes.slavestringDisk size. Valid units are E|P|T|G|Ti|Gi.nil
charts.redis-shared.enabledbooleannil
charts.sitespeed.enabledbooleannil
charts.sitespeed.pvc.graphitestringnil
charts.sitespeed.pvc.resultsstringnil
charts.sitespeed.retentionstringnil
charts.sitespeed.schedulestringnil
charts.vault.enabledbooleantrue
charts.vault.logLevelstringinfo
charts.vault.seal.gcpckms.projectstringnil
charts.vault.seal.gcpckms.regionstringnil
charts.vault.seal.gcpckms.key_ringstringnil
charts.vault.seal.gcpckms.kmsAccountstringnil
charts.vault.seal.awskms.regionstringnil
charts.vault.seal.awskms.access_keystringnil
charts.vault.seal.awskms.secret_keystringnil
charts.vault.seal.awskms.endpointstringnil
charts.vault.seal.azurekeyvault.vault_namestringnil
charts.vault.seal.azurekeyvault.tenant_idstringnil
charts.vault.seal.azurekeyvault.client_idstringnil
charts.vault.seal.azurekeyvault.client_secretstringnil
charts.weave-scope.enabledbooleannil
cluster.apiNamestringOnly used for API/UI to show in app.nil
cluster.apiServerstringUsed by kubectl for local deployment to target cluster.nil
cluster.domainSuffixstringDomain suffix for the cluster. Also added to list of dns zones in the Otomi Console.nil
cluster.entrypointstringA Kubernetes API public IP address (onprem only).nil
cluster.k8sVersionstringThe cluster k8s version. Otomi supports 2 minor versions backwards compatibility from the suggested default.nil
cluster.namestringnil
cluster.providerstringnil
cluster.regionstringDependent on provider.nil
cluster.vpcIDstringAWS only. If provided will override autodiscovery from metadata.nil
customer.namestringnil
dns.zones.[]stringnil
dns.provider.aws.regionstringnil
dns.provider.azure.cloudstringAzure Cloudnil
dns.provider.azure.resourceGroupstringAzure resource groupnil
dns.provider.azure.hostedZoneNamestringnil
dns.provider.azure.tenantIdstringAzure tenant IDnil
dns.provider.azure.subscriptionIdstringAzure subscription IDnil
dns.provider.azure.aadClientIdstringAzure Application Client IDnil
dns.provider.azure.aadClientSecretstringAzure Application Client Secretnil
dns.provider.azure.useManagedIdentityExtensionbooleanIf you use Azure MSI, this should be set to truenil
dns.provider.google.serviceAccountKeystringA service account key in json format for managing a DNS zone.nil
dns.provider.google.projectstringnil
home.dronestringslack
home.email.criticalstringOne or more email addresses (comma separated) for critical events.nil
home.email.nonCriticalstringOne or more email addresses (comma separated) for non-critical events.nil
home.groupIntervalstringHow long to wait before sending a notification about new alerts that are added to a group of alerts for which an initial notification has already been sent. (Usually ~5m or more.)5m
home.msteams.highPriostringThe low prio web hook.nil
home.msteams.lowPriostringThe high prio web hook.nil
home.receivers.[]stringnil
home.repeatIntervalstringHow long to wait before sending a notification again if it has already been sent successfully for an alert. (Usually ~3h or more).3h
home.slack.channelstringThe Slack channel for non-critical notifications.dev-mon-otomi
home.slack.channelCritstringThe Slack channel for critical notifications.dev-mon-otomi
home.slack.urlstringA Slack webhook URL.nil
k8s.namespaces.[].disableIstioInjectionbooleannil
k8s.namespaces.[].disablePolicyChecksbooleannil
k8s.namespaces.[].namestringnil
kms.sops.providerstringnil
kms.sops.aws.keysstringComma separated list of one or two ARNs to keys as defined in AWS KMS. One if used for both enc+dec. Two if one for enc, other for dec.nil
kms.sops.aws.regionstringnil
kms.sops.providerstringnil
kms.sops.azure.keysstringComma separated list of one or two paths to keys as defined in Azure Keyvault. One if used for both enc+dec. Two if one for enc, other for dec.nil
kms.sops.azure.tenantIdstringAn Azure tenant id.nil
kms.sops.providerstringnil
kms.sops.google.keysstringComma separated list of one or two paths to keys as defined in GCP KMS. One if used for both enc+dec. Two if one for enc, other for dec.nil
kms.sops.google.accountJsonstringnil
kms.sops.google.projectstringnil
kms.sops.providerstringnil
kms.sops.vault.keysstringComma separated list of one or two paths to keys as defined in Vault. One if used for both enc+dec. Two if one for enc, other for dec.nil
kms.sops.vault.tokenstringnil
letsencryptCAstringnil
letsencryptRootCAstringnil
oidc.adminGroupIDstringnil
oidc.apiUrlstringOnly used for grafana when Keycloak is disabled. (Not recommended because that disables authorization.)nil
oidc.authUrlstringOnly used for grafana when Keycloak is disabled. (Not recommended because that disables authorization.)nil
oidc.clientIDstringnil
oidc.clientSecretstringnil
oidc.issuerstringnil
oidc.scopestringDefault values are used by keycloak. May be overridden in case keycloak is disabled.openid email profile
oidc.teamAdminGroupIDstringnil
oidc.tenantIDstringnil
oidc.tokenUrlstringnil
oidc.usernameClaimMapperstringClaim name used by Keycloak to identify incoming users from identity provider${CLAIM.email}
oidc.subClaimMapperstringSelect OIDC claim to be passed by Keycloak as a unique user identifier. Best to not change this from the default.sub
otomi.additionalClusters.[].apiNamestringOnly used for API/UI to show in app.nil
otomi.additionalClusters.[].apiServerstringUsed by kubectl for local deployment to target cluster.nil
otomi.additionalClusters.[].domainSuffixstringDomain suffix for the cluster. Also added to list of dns zones in the Otomi Console.nil
otomi.additionalClusters.[].entrypointstringA Kubernetes API public IP address (onprem only).nil
otomi.additionalClusters.[].k8sVersionstringThe cluster k8s version. Otomi supports 2 minor versions backwards compatibility from the suggested default.nil
otomi.additionalClusters.[].namestringnil
otomi.additionalClusters.[].providerstringnil
otomi.additionalClusters.[].regionstringDependent on provider.nil
otomi.additionalClusters.[].vpcIDstringAWS only. If provided will override autodiscovery from metadata.nil
otomi.adminPasswordstringbladibla
otomi.globalPullSecret.usernamestringnil
otomi.globalPullSecret.passwordstringnil
otomi.globalPullSecret.emailstringnot@us.ed
otomi.globalPullSecret.serverstringdocker.io
otomi.hasCloudLBbooleanSet this to true when an external LB exists or needs to be started (AWS ALB, Azure AppGW, Google Apigee). This will then be configured through ingress controllers. Expects existing LBs to terminate https. Currently this is only working correctly for Azure, and not for AWS and Google. AWS is close to completion.nil
otomi.isHomeMonitoredbooleanWhether this cluster is home monitored (like when under a Premium SLA). Sends criticals home.nil
otomi.isManagedbooleanWhether masters are managed and not under control. Set this to false when onprem.true
otomi.isMultitenantbooleanWhether to separate team metrics and logs. Disabling this lets everybody be admin and see everything.true
otomi.modestringThe otomi-core edition. Either community edition (ce) or enterprise edition (ee).ee
otomi.pullSecretstringThe pullsecret to deploy the Otomi API and Console. Requires an Otomi license.nil
otomi.versionstringBest pin this to a valid release version found in the repo.latest
policies.banned-image-tags.tags.[]stringnil
policies.banned-image-tags.enabledbooleannil
policies.container-limits.cpustringAmount of cores, or slice of cpu in millis.nil
policies.container-limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
policies.container-limits.enabledbooleannil
policies.psp-allowed-repos.repos.[]stringnil
policies.psp-allowed-repos.enabledbooleannil
policies.psp-host-filesystem.allowedHostPaths.[].pathPrefixstringnil
policies.psp-host-filesystem.allowedHostPaths.[].readOnlybooleannil
policies.psp-host-filesystem.enabledbooleannil
policies.psp-allowed-users.runAsUser.rulestringnil
policies.psp-allowed-users.runAsUser.ranges.[].minintegernil
policies.psp-allowed-users.runAsUser.ranges.[].maxintegernil
policies.psp-allowed-users.runAsGroup.rulestringnil
policies.psp-allowed-users.runAsGroup.ranges.[].minintegernil
policies.psp-allowed-users.runAsGroup.ranges.[].maxintegernil
policies.psp-allowed-users.supplementalGroups.rulestringnil
policies.psp-allowed-users.supplementalGroups.ranges.[].minintegernil
policies.psp-allowed-users.supplementalGroups.ranges.[].maxintegernil
policies.psp-allowed-users.fsGroup.rulestringnil
policies.psp-allowed-users.fsGroup.ranges.[].minintegernil
policies.psp-allowed-users.fsGroup.ranges.[].maxintegernil
policies.psp-allowed-users.enabledbooleannil
policies.psp-host-security.enabledbooleannil
policies.psp-host-networking-ports.enabledbooleannil
policies.psp-privileged.enabledbooleannil
policies.psp-capabilities.enabledbooleannil
policies.psp-capabilities.allowedCapabilities.[]stringnil
policies.psp-capabilities.requiredDropCapabilities.[]stringnil
policies.psp-forbidden-sysctls.enabledbooleannil
policies.psp-forbidden-sysctls.forbiddenSysctls.[]stringnil
policies.psp-apparmor.enabledbooleannil
policies.psp-apparmor.allowedProfiles.[]stringnil
policies.psp-seccomp.enabledbooleannil
policies.psp-seccomp.allowedProfiles.[]stringnil
policies.psp-selinux.enabledbooleannil
policies.psp-selinux.seLinuxContextstringnil
policies.psp-selinux.allowedSELinuxOptions.[].levelstringnil
policies.psp-selinux.allowedSELinuxOptions.[].rolestringnil
policies.psp-selinux.allowedSELinuxOptions.[].typestringnil
policies.psp-selinux.allowedSELinuxOptions.[].userstringnil
services.[].authz.forwardOriginalTokenbooleanIf true istio will forward the bearer token instead of removing it from the headers.nil
services.[].authz.workload.patternProperties.^((([a-zA-Z0-9]\|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]\|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]){1,253}\/)?([a-z0-9A-Z]+[a-z0-9A-Z-_.]+[a-z0-9A-Z]){1,63}$stringnil
services.[].domainstringA custom service domain name (max 64 bytes).nil
services.[].forwardPathbooleanWhether to forward the path into the service, or 'terminate' it.nil
services.[].hidebooleanUsed by otomi console to determine wether to render it on screen or not. Only used by core services.nil
services.[].hoststringReference to another core service name. Used by otomi console to show a variation of a core service with a different path (i.e. Loki). Only used by core services.nil
services.[].idstringUnique identifier created by and used in API. Optional.nil
services.[].authbooleanWhen true the service will get it's own domain by prefixing the app name to the cluster domain. Mostly used by core apps.nil
services.[].isSharedbooleanWhen true the service will get it's own domain by prefixing the app name to the cluster domain. Mostly used by core apps.nil
services.[].ksvc.annotations.patternProperties.^((([a-zA-Z0-9]\|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]\|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]){1,253}\/)?([a-z0-9A-Z]+[a-z0-9A-Z-_.]+[a-z0-9A-Z]){1,63}$stringnil
services.[].ksvc.podSecurityContext.runAsNonRootbooleantrue
services.[].ksvc.podSecurityContext.runAsUserinteger1001
services.[].ksvc.podSecurityContext.runAsGroupinteger1001
services.[].ksvc.image.pullPolicystringIfNotPresent
services.[].ksvc.image.repositorystringA container image repository.nil
services.[].ksvc.image.tagstringlatest
services.[].ksvc.securityContext.runAsNonRootbooleantrue
services.[].ksvc.securityContext.runAsUserinteger1001
services.[].ksvc.securityContext.runAsGroupinteger1001
services.[].ksvc.resources.limits.cpustringAmount of cores, or slice of cpu in millis.nil
services.[].ksvc.resources.limits.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
services.[].ksvc.resources.requests.cpustringAmount of cores, or slice of cpu in millis.nil
services.[].ksvc.resources.requests.memorystringAmount of memory. Valid units are E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki.nil
services.[].ksvc.env.patternProperties.[a-zA-Z_]{1,}[a-zA-Z0-9_]*stringnil
services.[].ksvc.files.patternProperties.^[/].*stringnil
services.[].ksvc.secrets.[]stringnil
services.[].ksvc.secretMounts.patternProperties.^[/].*$stringnil
services.[].ksvc.command.[]stringnil
services.[].ksvc.args.[]stringnil
services.[].ksvc.autoCD.semverstringUse this filter if your images tags follow semantic versioning rules (MAJOR.MINOR.PATCH). E.g.: PATCH only: "~1.1", MINOR and PATCH only "~1", ALL "*".nil
services.[].ksvc.autoCD.tagMatcherstringsemver
services.[].ksvc.autoCD.globstringUse this filter if you want to make simple non-standard patterns. E.g.: "master-v1..".nil
services.[].ksvc.autoCD.tagMatcherstringglob
services.[].ksvc.containerPortnumberContainer port the knative pod will connect with. Leaving this empty will let knative infer the port from the container, which usually works, but might be problematic when the container does not specifically expose a port. (As is the case with nginx derived images!)nil
services.[].ksvc.scaleToZerobooleanScales to zero after 60 seconds and needs approximately 8 seconds to start back up.nil
services.[].ksvc.predeployedbooleanHas this service been predeployed? Otherwise otomi will start it with the configuration given.true
services.[].logo.namestringnil
services.[].namestringShort name. Will be used for generation of knative service name, as well as service URL.nil
services.[].namespacestringA kubernetes namespace. Only used by core services, so should be disallowed for non-admins.nil
services.[].ownHostbooleanWhen true the service will get it's own domain by prefixing the app name to the team domain. Mostly set to true. This will probably be removed soon.true
services.[].pathstringUsed by otomi-console to render a path for the app. Only used by core services.nil
services.[].paths.[]stringPath mapping to only route certain paths to the service. This allows micro services to operate on the same domain and port. When left empty all paths will go to this service.nil
services.[].portnumberPoints to the backing k8s service (only used when 'svc' is set).nil
services.[].svcstringWhen given a backing k8s service is expected to be deployed with this name, which will be exposed through this team service.nil
services.[].tlsPassbooleanWill pass the request to the backing service without TLS termination.nil
services.[].typestringWill determine the ingress routing.public
smtp.auth_identitystringnil
smtp.auth_passwordstringnil
smtp.auth_secretstringnil
smtp.auth_usernamestringnil
smtp.fromstringThe "from" address. Defaults to alerts@$clusterDomain.nil
smtp.hellostringnil
smtp.smarthoststringThe smtp host:port combination.nil