Sample values.yaml File
    • 24 Nov 2024
    • 30 Minutes to read
    • Dark
      Light
    • PDF

    Sample values.yaml File

    • Dark
      Light
    • PDF

    Article summary

    As a best practice, we recommend using the file values-custom.yaml for setting the relevant parameter values.

    Additional parameters/configuration can be added from the following values.yaml to the values-custom.yaml as needed.

    # Default values for plainid-paa.
    # This is a YAML-formatted file.
    # Declare variables to be passed into your templates.
    
    # Client settings
    # These settings can be found under the tenant settings section on the management UI.
    tenantId: "ENTER_TENANT_ID" # Tenant Id (can be found under the Hybrid Agent Keys tab)
    agentSecretKey: "ENTER_AGENT_SECRET_KEY" # Agent Secret key (can be found under the Hybrid Agent Keys tab)
    paaId: "ENTER_PAA_ID" #  Policy Authorization Agent Id (can be found under the Policy Authorization Agents tab)
    
    # PlainID hybrid URL.
    # Possible values (XXXXX): us1,eu1,ca1
    # For example: remoteApi: "wss://remote.us1.plainid.io/wstunnel"
    remoteApi: "wss://remote.XXXXX.plainid.io/wstunnel"
    
    # For using https tunneling instead WebSockets, you could set this remoteApi:
    # remoteApi: “https://remote.us1.plainid.io/httptunnel”
    
    ## Reference to one or more secrets to be used when pulling images
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ##
    imagePullSecrets: []
    # - name: "image-pull-secret"
    
    #nameOverride: "plainid-paa"
    #fullnameOverride: "plainid-paa"
    
    # -- Override the Kubernetes version, which is used to evaluate certain manifests
    kubeVersionOverride: ""
    
    ## @param clusterDomain Kubernetes cluster domain name
    ##
    clusterDomain: cluster.local
    
    serviceAccount:
      # Specifies whether a service account should be created
      create: true
      # Annotations to add to the service account
      annotations: {}
      # The name of the service account to use.
      # If not set and create is true, a name is generated using the fullname template
      name: ""
      automountServiceAccountToken: "true"
    
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
    podSecurityContext: {}
    # fsGroup: 2000
    
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
    securityContext: {}
      # capabilities:
      #   drop:
      #   - ALL
      # readOnlyRootFilesystem: true
      # runAsNonRoot: true
      # runAsUser: 1000
    
    tolerations: []
    
    global:
      # -- Additional labels to add to all resources
      additionalLabels: {}
      # app: plainid-paa
    
    agent:
      fullnameOverride: agent-client
      enabled: true
      name: agent
      replicaCount: 1
      image:
        repository: plainid/agent
        ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
        ##
        pullPolicy: Always
        tag: "5.2439.2"
      # If serviceAccount.create is false, these values are used for existing external service account
      serviceAccountName: ""
      serviceAccount:
        annotations: {}
      # runtime.resources -- Specify resources on the PlainID Runtime container.
      ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
      resources: {}
      #  requests:
      #    memory: "2000Mi"
      #    cpu: "50m"
      #  limits:
      #    memory: "4000Mi"
      #    cpu: "2000m"
      # Override agent start command
      command: []
      #    - /bin/sh
      #    - -ec
      #    - |
      #      keytool -import -alias redis-cert -file /app/conf/cert.pem -storepass changeit -keystore /usr/lib/jvm/default-jvm/lib/security/cacerts -noprompt && \
      #      /app/launch.sh "${JVM_OPTS} -Djava.net.preferIPv4Stack=true" -jar "$JAR_NAME"
      # Allows you to add any config files to /app/conf
      # such as config.json
      plainIDConfig: {}
      #  config.json: |
      #    {}
      autoscaling:
        enabled: false
        minReplicas: 3
        maxReplicas: 6
        targetCPUUtilizationPercentage: 80
        targetMemoryUtilizationPercentage: 80
        annotations: { }
        behavior: { }
          # scaleDown:
          #   stabilizationWindowSeconds: 300
          #  policies:
          #   - type: Pods
          #     value: 1
          #     periodSeconds: 180
          # scaleUp:
        #   stabilizationWindowSeconds: 300
        #   policies:
        #   - type: Pods
        #     value: 2
        #     periodSeconds: 60
      autoscalingTemplate: []
        # Custom or additional autoscaling metrics
        # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics
        # - type: Pods
        #   pods:
        #     metric:
        #       name: nginx_ingress_controller_nginx_process_requests_total
        #     target:
        #       type: AverageValue
      #       averageValue: 10000m
      # Enable vertical pod autoscaler support
      # ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/FAQ.md
      verticalPodAutoscaler:
        enabled: false
        # Defaults to chart name
        containerName: ""
        # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
        controlledResources: []
    
        # Define the max allowed resources for the pod
        maxAllowed: {}
        # cpu: 200m
        # memory: 100Mi
        # Define the min allowed resources for the pod
        minAllowed: {}
        # cpu: 200m
        # memory: 100Mi
    
        # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
        # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
        updatePolicy: {}
        # updateMode: "Auto"
      strategy: # For deployment
        rollingUpdate:
          maxSurge: 30%
          maxUnavailable: 30%
      # -- Labels to add to the pod container metadata
      podLabels: {}
      #  key: value
      annotations: {}
      podAnnotations: {}
      ## Sensible environment variables that will be rendered as new secret object
      ## This can be useful for auth tokens, etc
      extraEnvSecrets: {}
      # When it's set, the secret environment variables is ignored
      existingEnvSecret: ""
      # -- Environment variables to pass to the agent
      extraEnv: {}
      #  KEY: "VALUE"
      # -- PlainID agent log format: Either `text` or `json`
      logFormat: text
      #    KEY: "VALUE"
      # -- Set the logging level. (One of: `debug`, `info`, `warn`, `error`)
      logLevel: info
      # -- Set the message level. (One of: `debug`, `info`, `warn`, `error`, `off`)
      # The messagesLevel parameter defines which message types, if any, are sent to the PlainID Platform for troubleshooting.
      # To disable messages, set to `off`
      messagesLevel: error
      terminationGracePeriodSeconds: 25
      debug:
        enabled: false
        port: 5005
      ## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
      lifecycle:
        preStop:
          exec:
            command: [ "/bin/bash", "-c", "kill -SIGTERM `pgrep -f redisync` && sleep 20" ]
      ## Configure extra options for probes
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
      ##
      livenessProbe:
        enabled: true
        initialDelaySeconds: "300"
        periodSeconds: "15"
        timeoutSeconds: "8"
        failureThreshold: "12"
        successThreshold: "1"
      readinessProbe:
        enabled: true
        initialDelaySeconds: "30"
        periodSeconds: "4"
        timeoutSeconds: "3"
        failureThreshold: "5"
        successThreshold: "1"
      startupProbe:
        enabled: false
        initialDelaySeconds: "90"
        periodSeconds: "5"
        timeoutSeconds: "2"
        failureThreshold: "300"
        successThreshold: "1"
      service:
        type: ClusterIP
        port: 8080
        nodePort:
        name: http
        annotations: {}
        management:
          name: http-management
          port: 8081
      metrics:
        enabled: false
        port: 8081
        serviceMonitor:
          # When set true then use a ServiceMonitor to configure scraping
          enabled: false
          path: /actuator/prometheus
          # Set the namespace the ServiceMonitor should be deployed
          # namespace: monitoring
          # Set how frequently Prometheus should scrape
          # interval: 30s
          # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
          # labels: {}
          # Set timeout for scrape
          # timeout: 10s
        annotations: {}
      #    prometheus.io/port: '9090'
      #    prometheus.io/scrape: 'true'
      #    prometheus.io/path: '/actuator/prometheus'
      # Init containers to add to deployment's pod spec. At least one plugin provider image is required.
      # If the value is a string then it is evaluated as a template.
      initContainers:
      #    - name: wait-for
      #      image: plainid/wait-for:0.0.9
      #      securityContext:
      #        runAsNonRoot: true
      #        runAsUser: 1000
      #        readOnlyRootFilesystem: true
      #      command:
      #        - /bin/sh
      #        - -c
      #        - |
      #          /wait-for plainid-paa-redis-master:6379 --timeout=600
      ## Configure PodDisruptionBudget
      ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
      #
      podDisruptionBudget:
        # -- Labels to be added
        labels: {}
        # -- Annotations to be added
        annotations: {}
    
        # -- Deploy a Poddisruptionbudget
        enabled: false
        # minAvailable: 1
        # maxUnavailable: 0
      forceRedeploy: false
      ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
      affinity: {}
      #    podAntiAffinity:
      #      requiredDuringSchedulingIgnoredDuringExecution:
      #        - labelSelector:
      #            matchExpressions:
      #              - key: app.kubernetes.io/component
      #                operator: In
      #                values:
      #                  - agent
      #          topologyKey: "kubernetes.io/hostname"
      nodeSelector: {}
      # JVM options are configuration parameters and settings that are used to control the behavior of the Java Virtual Machine (JVM). The JVM is the underlying engine that executes Java bytecode, and these options allow you to fine-tune various aspects of its performance, behavior, and debugging capabilities.
      jvmOpts: "-Xms2000m -Xmx2000m"
      # Example
      # -- `-XX:InitialRAMPercentage=70.0`: This option sets the initial size of the heap as a percentage of the total RAM available to the system. In this case, it is set to 50%, meaning that the heap will be initialized to occupy half of the system's available RAM.
      # -- `-XX:MaxRAMPercentage=70.0`: This option sets the maximum heap size as a percentage of the total RAM available to the system. Again, it is set to 50%, meaning that the maximum heap size will be limited to half of the available RAM. The JVM will not allocate more heap space than this, even if there is more free memory available on the system.
      # -- `-XX:+ExitOnOutOfMemoryError`: This option tells the JVM to exit immediately if it encounters an out-of-memory error (`OutOfMemoryError`). By default, the JVM may simply throw an `OutOfMemoryError` and continue to run, but with this option enabled, it will shut down. This can be useful in environments where automatic recovery is set up, and you want the system to restart the JVM if it runs out of memory.
      #jvmOpts: "-XX:InitialRAMPercentage=70.0 -XX:MaxRAMPercentage=70.0 -XX:+ExitOnOutOfMemoryError"
      numberOfConnections: "1"
      redisync:
        # JVM options are configuration parameters and settings that are used to control the behavior of the Java Virtual Machine (JVM). The JVM is the underlying engine that executes Java bytecode, and these options allow you to fine-tune various aspects of its performance, behavior, and debugging capabilities.
        jvmOpts: "-Xms1500m -Xmx1500m"
        # Example
        # -- `-XX:InitialRAMPercentage=70.0`: This option sets the initial size of the heap as a percentage of the total RAM available to the system. In this case, it is set to 50%, meaning that the heap will be initialized to occupy half of the system's available RAM.
        # -- `-XX:MaxRAMPercentage=70.0`: This option sets the maximum heap size as a percentage of the total RAM available to the system. Again, it is set to 50%, meaning that the maximum heap size will be limited to half of the available RAM. The JVM will not allocate more heap space than this, even if there is more free memory available on the system.
        # -- `-XX:+ExitOnOutOfMemoryError`: This option tells the JVM to exit immediately if it encounters an out-of-memory error (`OutOfMemoryError`). By default, the JVM may simply throw an `OutOfMemoryError` and continue to run, but with this option enabled, it will shut down. This can be useful in environments where automatic recovery is set up, and you want the system to restart the JVM if it runs out of memory.
        #jvmOpts: "-XX:InitialRAMPercentage=70.0 -XX:MaxRAMPercentage=70.0 -XX:+ExitOnOutOfMemoryError"
        enabled: true
    
    pipOperator:
      enabled: true
      name: pip-operator
      replicaCount: "1"
      image:
        repository: plainid/pip-operator
        ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
        ##
        pullPolicy: Always
        tag: "5.2439.2"
      # If serviceAccount.create is false, these values are used for existing external service account
      serviceAccountName: ""
      serviceAccount:
        annotations: {}
      # runtime.resources -- Specify resources on the PlainID Pip Operator container.
      ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
      resources: {}
      #  requests:
      #    memory: "2000Mi"
      #    cpu: "50m"
      #  limits:
      #    memory: "4000Mi"
      #    cpu: "2000m"
      # Override PIP-Operator start command in case you need to use external DB drivers (e.g. MySQL, MS SQL, Oracle, etc.)
      # Uncomment the following section and add the curl commands to retrieve/download the relevant libraries
      # Please note - the folder for the libraries must be under /app/lib
      command: []
    #    - /bin/sh
    #    - -ec
    #    - |
    #      curl -o /app/lib/sample.jar https://www.example.com/sample.jar && \
    #      keytool -import -alias redis-cert -file /app/conf/cert.pem -storepass changeit -keystore /usr/lib/jvm/default-jvm/lib/security/cacerts -noprompt && \
    #      java ${JVM_OPTS} -cp $JAR_NAME -Djava.net.preferIPv4Stack=true -Dloader.path=/app/lib/ -Dloader.main=com.plainid.pipoperator.Starter org.springframework.boot.loader.launch.PropertiesLauncher
      autoscaling:
        enabled: false
        minReplicas: 3
        maxReplicas: 6
        targetCPUUtilizationPercentage: 80
        targetMemoryUtilizationPercentage: 80
        annotations: { }
        behavior: { }
          # scaleDown:
          #   stabilizationWindowSeconds: 300
          #  policies:
          #   - type: Pods
          #     value: 1
          #     periodSeconds: 180
          # scaleUp:
          #   stabilizationWindowSeconds: 300
        #   policies:
        #   - type: Pods
        #     value: 2
        #     periodSeconds: 60
      autoscalingTemplate: []
        # Custom or additional autoscaling metrics
        # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics
        # - type: Pods
        #   pods:
        #     metric:
        #       name: nginx_ingress_controller_nginx_process_requests_total
        #     target:
        #       type: AverageValue
      #       averageValue: 10000m
      # Enable vertical pod autoscaler support
      # ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/FAQ.md
      verticalPodAutoscaler:
        enabled: false
        # Defaults to chart name
        containerName: ""
        # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
        controlledResources: [ ]
    
        # Define the max allowed resources for the pod
        maxAllowed: { }
        # cpu: 200m
        # memory: 100Mi
        # Define the min allowed resources for the pod
        minAllowed: { }
        # cpu: 200m
        # memory: 100Mi
    
        # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
        # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
        updatePolicy: { }
        # updateMode: "Auto"
      strategy:
        rollingUpdate:
          maxSurge: 30%
          maxUnavailable: 30%
      # -- Labels to add to the pod container metadata
      podLabels: { }
      #  key: value
      annotations: {}
      podAnnotations: {}
      # Allows you to add any config files to /app/conf
      # such as auth-config.xml that is required to configure OAuth connections to REST based data sources (e.g. Azure AD, SCIM, REST, etc.)
      plainIDConfig: {}
    #    auth-config.xml: |
    #      <?xml version='1.0'?>
    #      <policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    #               xsi:schemaLocation="urn:jboss:security-config:5.0"
    #               xmlns="urn:jboss:security-config:5.0"
    #               xmlns:jbxb="urn:jboss:security-config:5.0">
    #
    #          <application-policy name = "teiid-security-file">
    #             <authentication>
    #                <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
    #                    <!-- https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/5/html/security_guide/ch12#Using_JBoss_Login_Modules-Password_Hashing -->
    #                    <module-option name="usersProperties">users.properties</module-option>
    #                    <module-option name="rolesProperties">roles.properties</module-option>
    #                    <module-option name="unauthenticatedIdentity">nobody</module-option>
    #                    <module-option name="hashAlgorithm">MD5</module-option>
    #                    <module-option name="hashEncoding">base64</module-option>
    #                </login-module>
    #             </authentication>
    #          </application-policy>
    #      </policy>
      # Allows you to add any secret files to /app/conf
      # such as key.json etc..
      secretFiles: {}
    #    key.json: |
    #      {}
      ## Sensible environment variables that will be rendered as new secret object
      ## This can be useful for auth tokens, etc
      extraEnvSecrets: { }
      # When it's set, the secret environment variables is ignored
      existingEnvSecret: ""
      # -- Environment variables to pass to the pip-operator
      extraEnv: {
       #           APP_VDB_LAZY_INVALIDATE:true     - If set to true (Default), cached data will be available during cache refresh,
       #                                               if set to false, data is not available during cache refresh.
      }
      #  KEY: "VALUE"
      # -- PlainID pip-operator log format: Either `text` or `json`
      logFormat: text
      # -- Set the logging level. (One of: `debug`, `info`, `warn`, `error`)
      logLevel: info
      terminationGracePeriodSeconds: 15
      # -- Set the message level. (One of: `debug`, `info`, `warn`, `error`, `off`)
      # The messagesLevel parameter defines which message types, if any, are sent to the PlainID Platform for troubleshooting.
      # To disable messages, set to `off`
      messagesLevel: error
      debug:
        enabled: false
        port: 5005
      ## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
      lifecycle: { }
      #  preStop:
      #    exec:
      #      command: ["/bin/sh", "-c", "sleep 10"]
      ## Configure extra options for probes
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
      ##
      livenessProbe:
        enabled: true
        initialDelaySeconds: "300"
        periodSeconds: "15"
        timeoutSeconds: "8"
        failureThreshold: "12"
        successThreshold: "1"
      readinessProbe:
        enabled: true
        initialDelaySeconds: "30"
        periodSeconds: "4"
        timeoutSeconds: "3"
        failureThreshold: "5"
        successThreshold: "1"
      startupProbe:
        enabled: false
        initialDelaySeconds: "40"
        periodSeconds: "5"
        timeoutSeconds: "2"
        failureThreshold: "300"
        successThreshold: "1"
      service:
        type: ClusterIP
        name: http
        port: 8080
        annotations: {}
        management:
          name: http-management
          port: 8089
        jdbc:
          name: tcp-jdbc
          port: 31350
        teiid:
          enabled: false
          name: tcp-teiid
          port: 31360
        postgres:
          enabled: false
          name: tcp-postgres
          port: 31370
      metrics:
        enabled: false
        port: 8089
        serviceMonitor:
          # When set true then use a ServiceMonitor to configure scraping
          enabled: false
          path: /actuator/prometheus
          # Set the namespace the ServiceMonitor should be deployed
          # namespace: monitoring
          # Set how frequently Prometheus should scrape
          # interval: 30s
          # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
          # labels: {}
          # Set timeout for scrape
          # timeout: 10s
        annotations: {}
      #    prometheus.io/port: '9090'
      #    prometheus.io/scrape: 'true'
      #    prometheus.io/path: '/actuator/prometheus'
      # Init containers to add to deployment's pod spec. At least one plugin provider image is required.
      # If the value is a string then it is evaluated as a template.
      initContainers:
      #    - name: wait-for
      #      image: plainid/wait-for:0.0.9
      #      securityContext:
      #        runAsNonRoot: true
      #        runAsUser: 1000
      #        readOnlyRootFilesystem: true
      #      command:
      #        - /bin/sh
      #        - -c
      #        - |
      #          /wait-for plainid-paa-redis-master:6379 --timeout=600
      ## Configure PodDisruptionBudget
      ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
      #
      podDisruptionBudget:
        # -- Labels to be added
        labels: {}
        # -- Annotations to be added
        annotations: {}
    
        # -- Deploy a Poddisruptionbudget
        enabled: false
        # minAvailable: 1
        # maxUnavailable: 0
      forceRedeploy: false
      ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
      affinity: {}
    #    podAntiAffinity:
    #      preferredDuringSchedulingIgnoredDuringExecution:
    #        - weight: 1
    #          podAffinityTerm:
    #            labelSelector:
    #              matchExpressions:
    #                - key: app.kubernetes.io/component
    #                  operator: In
    #                  values:
    #                    - pip-operator
    #            topologyKey: kubernetes.io/hostname
      nodeSelector: {}
      # JVM options are configuration parameters and settings that are used to control the behavior of the Java Virtual Machine (JVM). The JVM is the underlying engine that executes Java bytecode, and these options allow you to fine-tune various aspects of its performance, behavior, and debugging capabilities.
      jvmOpts: "-Xms2g -Xmx2g"
      # Example
      # -- `-XX:InitialRAMPercentage=70.0`: This option sets the initial size of the heap as a percentage of the total RAM available to the system. In this case, it is set to 50%, meaning that the heap will be initialized to occupy half of the system's available RAM.
      # -- `-XX:MaxRAMPercentage=70.0`: This option sets the maximum heap size as a percentage of the total RAM available to the system. Again, it is set to 50%, meaning that the maximum heap size will be limited to half of the available RAM. The JVM will not allocate more heap space than this, even if there is more free memory available on the system.
      # -- `-XX:+ExitOnOutOfMemoryError`: This option tells the JVM to exit immediately if it encounters an out-of-memory error (`OutOfMemoryError`). By default, the JVM may simply throw an `OutOfMemoryError` and continue to run, but with this option enabled, it will shut down. This can be useful in environments where automatic recovery is set up, and you want the system to restart the JVM if it runs out of memory.
      #jvmOpts: "-XX:InitialRAMPercentage=70.0 -XX:MaxRAMPercentage=70.0 -XX:+ExitOnOutOfMemoryError"
    
    runtime:
      name: runtime
      replicaCount: "1"
      # Allows you to add any config files to /app/conf
      # such as config-hybrid.json
      plainIDConfig: {}
      #  config-hybrid.json: |
      #    {}
      image:
        repository: plainid/theruntime
        ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
        ##
        pullPolicy: Always
        tag: "5.2439.4"
      # If serviceAccount.create is false, these values are used for existing external service account
      serviceAccountName: ""
      serviceAccount:
        annotations: {}
      # runtime.resources -- Specify resources on the PlainID Runtime container.
      ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
      resources: {}
      #  requests:
      #    memory: "500Mi"
      #    cpu: "50m"
      #  limits:
      #    memory: "1000Mi"
      #    cpu: "2000m"
      # Override runtime start command
      command: []
      #    - /bin/sh
      #    - -ec
      #    - |
      #      keytool -import -alias redis-cert -file /app/conf/cert.pem -storepass changeit -keystore /usr/lib/jvm/default-jvm/lib/security/cacerts -noprompt && \
      #      java ${JVM_OPTS} --add-exports java.base/sun.security.util=ALL-UNNAMED -Dconf.file=${RUNTIME_CONFIG_PATH} -Dconf.format=json -Dlog4j.configurationFile=${RUNTIME_LOG4J_PATH} -Djava.net.preferIPv4Stack=true -jar theruntime.jar
      autoscaling:
        enabled: false
        minReplicas: 3
        maxReplicas: 6
        targetCPUUtilizationPercentage: 80
        targetMemoryUtilizationPercentage: 80
        annotations: {}
        behavior: {}
          # scaleDown:
          #   stabilizationWindowSeconds: 300
          #  policies:
          #   - type: Pods
          #     value: 1
          #     periodSeconds: 180
          # scaleUp:
          #   stabilizationWindowSeconds: 300
          #   policies:
          #   - type: Pods
        #     value: 2
        #     periodSeconds: 60
      autoscalingTemplate: []
        # Custom or additional autoscaling metrics
        # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics
        # - type: Pods
        #   pods:
        #     metric:
        #       name: nginx_ingress_controller_nginx_process_requests_total
        #     target:
        #       type: AverageValue
      #       averageValue: 10000m
      # Enable vertical pod autoscaler support
      # ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/FAQ.md
      verticalPodAutoscaler:
        enabled: false
        # Defaults to chart name
        containerName: ""
        # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
        controlledResources: [ ]
    
        # Define the max allowed resources for the pod
        maxAllowed: { }
        # cpu: 200m
        # memory: 100Mi
        # Define the min allowed resources for the pod
        minAllowed: { }
        # cpu: 200m
        # memory: 100Mi
    
        # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
        # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
        updatePolicy: { }
        # updateMode: "Auto"
      strategy:
        rollingUpdate:
          maxSurge: 30%
          maxUnavailable: 30%
      # -- Labels to add to the pod container metadata
      podLabels: { }
      #  key: value
      annotations: {}
      podAnnotations: {}
      ## Sensible environment variables that will be rendered as new secret object
      ## This can be useful for auth tokens, etc
      extraEnvSecrets: { }
      # When it's set, the secret environment variables is ignored
      existingEnvSecret: ""
      # -- Environment variables to pass to the runtime
      extraEnv: {
        # Add support to UUID asset attribute. For hybrid user to change in production
        #RUNTIME_SUPPORT_UUID_ASSET_ATTRIBUTE : "true"
    
        # Add support to UUID identity attribute. For hybrid user to change in production
        #RUNTIME_SUPPORT_UUID_IDENTITY_ATTRIBUTE : "true"
    
        # Refresh JWKS time. For hybrid user to change in production
        # REFRESH_JWKS : "3600000"
    
        # to enable including ip from header in scope cache calculation
        #RUNTIME_INCLUDE_IP_HEADER_IN_SCOPE_CACHE_KEY: "true"
    
        # to enable including current time in scope cache calculation
        #RUNTIME_INCLUDE_REQUEST_TIME_IN_SCOPE_CACHE_KEY: "true"
    
        # to ignore nested queries in entity template
        #RUNTIME_OVERRIDE_ENTITY_NESTED_QUERIES: "[]"
    
        # to ignore nested queries in asset template
        #RUNTIME_OVERRIDE_ASSET_NESTED_QUERIES: "[]"
    
        # to determine default to skipUnneededOrUnavailableIdentitySources request flag
        #RUNTIME_DEFAULT_SKIP_UNNEEDED_OR_UNAVAILABLE_IDENTITY_SOURCES: "true"
    
    
        # to configure asset provider jdbc pool parameters
        # ASSET_EXTERNAL_PROVIDER_HAS_QUERY_TIMEOUT: "true"
        # ASSET_EXTERNAL_PROVIDER_VALIDATION_QUERY: "select 1"
        # ASSET_EXTERNAL_PROVIDER_MAX_POOL_SIZE:"20"
        # ASSET_EXTERNAL_PROVIDER_MIN_POOL_SIZE:"5"
        # ASSET_EXTERNAL_PROVIDER_INITIAL_POOL_SIZE:"5"
        # ASSET_EXTERNAL_PROVIDER_CHECKOUT_TIMEOUT:"10000"
        # ASSET_EXTERNAL_PROVIDER_QUERY_TIMOUT_IN_SEC:"25"
        # ASSET_EXTERNAL_PROVIDER_ACQUIRE_RETRY_ATTEMPTS:"1"
        # ASSET_EXTERNAL_PROVIDER_ACQUIRE_RETRY_DELAY:"1"
        # ASSET_EXTERNAL_PROVIDER_ACQUIRE_INCREMENT:"1"
        # ASSET_EXTERNAL_PROVIDER_MAX_STATEMENTS:"20"
        # ASSET_EXTERNAL_PROVIDER_MAX_IDLE_TIME:"60"
        # ASSET_EXTERNAL_PROVIDER_IDLE_CONNECTION_TEST_PERIOD:"60"
        # ASSET_EXTERNAL_PROVIDER_TEST_CONNECTION_ON_CHECKIN:"true"
        # ASSET_EXTERNAL_PROVIDER_TEST_CONNECTION_ON_CHECKOUT:"false"
        
        # to configure entity provider jdbc pool parameters
        # ENTITY_EXTERNAL_PROVIDER_HAS_QUERY_TIMEOUT:"true"
        # ENTITY_EXTERNAL_PROVIDER_VALIDATION_QUERY:"select 1"
        # ENTITY_EXTERNAL_PROVIDER_MAX_POOL_SIZE:"20"
        # ENTITY_EXTERNAL_PROVIDER_MIN_POOL_SIZE:"5"
        # ENTITY_EXTERNAL_PROVIDER_INITIAL_POOL_SIZE:"5"
        # ENTITY_EXTERNAL_PROVIDER_CHECKOUT_TIMEOUT:"10000"
        # ENTITY_EXTERNAL_PROVIDER_QUERY_TIMOUT_IN_SEC:"25"
        # ENTITY_EXTERNAL_PROVIDER_ACQUIRE_RETRY_ATTEMPTS:"1"
        # ENTITY_EXTERNAL_PROVIDER_ACQUIRE_RETRY_DELAY:"1"
        # ENTITY_EXTERNAL_PROVIDER_ACQUIRE_INCREMENT:"1"
        # ENTITY_EXTERNAL_PROVIDER_MAX_STATEMENTS:"20"
        # ENTITY_EXTERNAL_PROVIDER_MAX_IDLE_TIME:"60"
        # ENTITY_EXTERNAL_PROVIDER_IDLE_CONNECTION_TEST_PERIOD:"60"
        # ENTITY_EXTERNAL_PROVIDER_TEST_CONNECTION_ON_CHECKIN:"true"
        # ENTITY_EXTERNAL_PROVIDER_TEST_CONNECTION_ON_CHECKOUT:"false"
    
        # to configure refresh interval parameters
        # REFRESH_ASSET_TEMPLATES:"60000"
        # REFRESH_IDENTITY_TEMPLATES:"60000"
        # REFRESH_POLICIES:"600000"
        # REFRESH_API_MAPPERS:"60000"
        # REFRESH_DATA_MAPPERS:"60000"
        # REFRESH_SCOPE_JWKS_URLS:"60000"
        # RUNTIME_REFRESH_SNAPSHOT: "30000"
    
    
    
      }
      #  KEY: "VALUE"
      # -- PlainID runtime log format: support text only
      logFormat: text
      # -- Set the logging level. (One of: `debug`, `info`, `warn`, `error`)
      logLevel: info
      terminationGracePeriodSeconds: 15
      debug:
        enabled: false
        port: 5005
      ## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
      lifecycle: {}
      #  preStop:
      #    exec:
      #      command: ["/bin/sh", "-c", "sleep 10"]
      ## Configure extra options for probes
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
      ##
      livenessProbe:
        enabled: true
        initialDelaySeconds: "300"
        periodSeconds: "15"
        timeoutSeconds: "8"
        failureThreshold: "12"
        successThreshold: "1"
      readinessProbe:
        enabled: true
        initialDelaySeconds: "20"
        periodSeconds: "4"
        timeoutSeconds: "3"
        failureThreshold: "5"
        successThreshold: "1"
      startupProbe:
        enabled: false
        initialDelaySeconds: "30"
        periodSeconds: "5"
        timeoutSeconds: "2"
        failureThreshold: "300"
        successThreshold: "1"
      service:
        type: ClusterIP
        port: 80
        nodePort:
        annotations: {}
      metrics:
        enabled: false
        port: 8081
        serviceMonitor:
          # When set true then use a ServiceMonitor to configure scraping
          enabled: false
          path: /prometheus/metrics
          # Set the namespace the ServiceMonitor should be deployed
          # namespace: monitoring
          # Set how frequently Prometheus should scrape
          # interval: 30s
          # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
          # labels: {}
          # Set timeout for scrape
          # timeout: 10s
        annotations: { }
      #    prometheus.io/port: '8081'
      #    prometheus.io/scrape: 'true'
      #    prometheus.io/path: '/actuator/prometheus'
      # Init containers to add to deployment's pod spec. At least one plugin provider image is required.
      # If the value is a string then it is evaluated as a template.
      initContainers:
      #    - name: wait-for
      #      image: plainid/wait-for:0.0.9
      #      securityContext:
      #        runAsNonRoot: true
      #        runAsUser: 1000
      #        readOnlyRootFilesystem: true
      #      command:
      #        - /bin/sh
      #        - -c
      #        - |
      #          /wait-for plainid-paa-redis-master:6379 --timeout=600
      ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
      ingress:
        enabled: false
        #  ingressClassName: nginx
        annotations: { }
        # kubernetes.io/ingress.class: nginx
        # kubernetes.io/tls-acme: "true"
        hosts:
          - host: chart-example.local
            paths: ["/"]
        tls: [ ]
        #  - secretName: chart-example-tls
        #    hosts:
        #      - chart-example.local
      ## Configure PodDisruptionBudget
      ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
      #
      podDisruptionBudget:
        # -- Labels to be added
        labels: {}
        # -- Annotations to be added
        annotations: {}
    
        # -- Deploy a Poddisruptionbudget
        enabled: false
        # minAvailable: 1
        # maxUnavailable: 0
      forceRedeploy: false
      ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
      affinity: {}
      nodeSelector: {}
      # JVM options are configuration parameters and settings that are used to control the behavior of the Java Virtual Machine (JVM). The JVM is the underlying engine that executes Java bytecode, and these options allow you to fine-tune various aspects of its performance, behavior, and debugging capabilities.
      jvmOpts: "-Xms2g -Xmx2g"
      # Example
      # -- `-XX:InitialRAMPercentage=70.0`: This option sets the initial size of the heap as a percentage of the total RAM available to the system. In this case, it is set to 50%, meaning that the heap will be initialized to occupy half of the system's available RAM.
      # -- `-XX:MaxRAMPercentage=70.0`: This option sets the maximum heap size as a percentage of the total RAM available to the system. Again, it is set to 50%, meaning that the maximum heap size will be limited to half of the available RAM. The JVM will not allocate more heap space than this, even if there is more free memory available on the system.
      # -- `-XX:+ExitOnOutOfMemoryError`: This option tells the JVM to exit immediately if it encounters an out-of-memory error (`OutOfMemoryError`). By default, the JVM may simply throw an `OutOfMemoryError` and continue to run, but with this option enabled, it will shut down. This can be useful in environments where automatic recovery is set up, and you want the system to restart the JVM if it runs out of memory.
      #jvmOpts: "-XX:InitialRAMPercentage=70.0 -XX:MaxRAMPercentage=70.0 -XX:+ExitOnOutOfMemoryError"
      # Audit runtime calls to syslog
      # ref: https://en.wikipedia.org/wiki/Syslog
      # ref: https://docs.plainid.io/v1/docs/en/authorization-audit-configuration
      syslog:
        enabled: false
        host: ""
        port: ""
        # Supported protocols: UDP
        protocol: "UDP"
    
    # Redis parameters
    externalRedis:
      # -- External Redis server host
      host: ""
      # -- External Redis user
      # Optional - only if used with Redis ACL
      username: ""
      # -- External Redis password
      password: ""
      # -- External Redis server port
      port: 6379
      # -- The name of an existing secret with Redis credentials (must contain key `redis-password`).
      # When it's set, the `externalRedis.password` parameter is ignored
      existingSecret: ""
      tls: false
    
    # This key configures Redis-HA subchart and when enabled (redis-ha.enabled=true)
    # the custom redis deployment is omitted
    # Check the redis-ha chart for more properties
    redis-ha:
      # -- Enables the Redis HA subchart
      enabled: false
      auth: true
      image:
        repository: docker.io/redis
        tag: 7.4.0-alpine
      redisPassword: "abcd1234"
      replicas: 3
      persistentVolume:
        # -- Configures persistency on Redis nodes
        enabled: false
      hardAntiAffinity: false
      haproxy:
        # -- Enabled HAProxy LoadBalancing/Proxy
        enabled: true
        replicas: 2
        hardAntiAffinity: false
        image:
          tag: 2.6.18-alpine
        # Prevent sockets closing
        # Ref: https://www.papertrail.com/solution/tips/haproxy-logging-how-to-tune-timeouts-for-performance/
        timeout:
          server: 0
          client: 0
      configmapTest:
        image:
          repository: koalaman/shellcheck
          tag: v0.10.0
      exporter:
        image: oliver006/redis_exporter
        tag: v1.61.0
      sysctlImage:
        tag: 1-musl
      redis:
        disableCommands: []
      #    - FLUSHDB
      #    - FLUSHALL
    
    redis:
      # -- Enables the Redis subchart
      enabled: true
      architecture: standalone
      auth:
        password: "abcd1234"
      # Below configurations are for using official docker of redis
      # If you want to use the bitnami flavour of redis, you can comment out below configurations
      image:
        repository: redis
        tag: 7.4.0-alpine
      master:
        customLivenessProbe:
          initialDelaySeconds: 20
          periodSeconds: 4
          timeoutSeconds: 3
          successThreshold: 1
          failureThreshold: 5
          exec:
            command:
              - redis-cli
              - ping
        customReadinessProbe:
          initialDelaySeconds: 10
          periodSeconds: 4
          timeoutSeconds: 3
          successThreshold: 1
          failureThreshold: 3
          exec:
            command:
              - redis-cli
              - ping
        command:
          - redis-server
        args:
          - "--maxmemory-policy volatile-lru"
          - "--maxmemory 2000mb"
          - "--save 60 1"
          - "--loglevel warning"
          - "--port 6379"
          - "--notify-keyspace-events KA"
          - "--requirepass abcd1234"
          - "--masterauth abcd1234"
        disableCommands: []
      #    - FLUSHDB
      #    - FLUSHALL
      metrics:
        image:
          tag: 1.62.0-debian-12-r3
      sentinel:
        image:
          tag: 7.4.0-debian-12-r1
      volumePermissions:
        image:
          tag: 12-debian-12-r27
    
    secretsMgmt:
      enabled: false
      image:
        repository: plainid/secrets-mgmt
        ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
        ##
        pullPolicy: Always
        tag: "5.2439.3"
      name: secrets-mgmt
      forceRedeploy: false
      terminationGracePeriodSeconds: 15
      replicaCount: 1
      # If serviceAccount.create is false, these values are used for existing external service account
      serviceAccountName: ""
      serviceAccount:
        annotations: {}
      # -- Labels to add to the pod container metadata
      podLabels: {}
      #  key: value
      annotations: {}
      podAnnotations: {}
      autoscaling:
        enabled: false
        minReplicas: 3
        maxReplicas: 6
        targetCPUUtilizationPercentage: 2000
        targetMemoryUtilizationPercentage: 160
        annotations: {}
        behavior: {}
          # scaleDown:
          #   stabilizationWindowSeconds: 300
          #  policies:
          #   - type: Pods
          #     value: 1
          #     periodSeconds: 180
          # scaleUp:
          #   stabilizationWindowSeconds: 300
          #   policies:
        #   - type: Pods
        #     value: 2
        #     periodSeconds: 60
      autoscalingTemplate: []
      # Custom or additional autoscaling metrics
      # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics
      # - type: Pods
      #   pods:
      #     metric:
      #       name: nginx_ingress_controller_nginx_process_requests_total
      #     target:
      #       type: AverageValue
      #       averageValue: 10000m
      ## Configure PodDisruptionBudget
      ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
      #
      # Enable vertical pod autoscaler support
      # ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/FAQ.md
      verticalPodAutoscaler:
        enabled: false
        # Defaults to chart name
        containerName: ""
        # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
        controlledResources: [ ]
    
        # Define the max allowed resources for the pod
        maxAllowed: { }
        # cpu: 200m
        # memory: 100Mi
        # Define the min allowed resources for the pod
        minAllowed: { }
        # cpu: 200m
        # memory: 100Mi
    
        # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
        # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
        updatePolicy: { }
        # updateMode: "Auto"
      strategy: # For deployment
        rollingUpdate:
          maxSurge: 30%
          maxUnavailable: 30%
      podDisruptionBudget:
        # -- Labels to be added
        labels: { }
        # -- Annotations to be added
        annotations: { }
    
        # -- Deploy a Poddisruptionbudget
        enabled: false
        # minAvailable: 1
        # maxUnavailable: 0
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
      ##
      livenessProbe:
        enabled: true
        initialDelaySeconds: 60
        periodSeconds: 7
        timeoutSeconds: 5
        successThreshold: 1
        failureThreshold: 6
        httpGet:
          path: /health/liveness
          port: 8081
      readinessProbe:
        enabled: true
        initialDelaySeconds: 20
        periodSeconds: 3
        timeoutSeconds: 2
        successThreshold: 1
        failureThreshold: 3
        httpGet:
          path: /health/readiness
          port: 8081
      startupProbe:
        enabled: true
        initialDelaySeconds: 20
        periodSeconds: 5
        timeoutSeconds: 3
        successThreshold: 1
        failureThreshold: 180
        httpGet:
          path: /health/liveness
          port: 8081
      service:
        enabled: true
        type: ClusterIP
        name: http
        port: 8080
        nodePort:
        annotations: {}
        management:
          name: http-management
          port: 8081
      debug:
        enabled: false
        port: 5005
      ## Sensible environment variables that will be rendered as new secret object
      ## This can be useful for auth tokens, etc
      extraEnvSecrets: {}
      # Allows you to add any secret files to /app/conf
      # such as key.json etc..
      # -- Environment variables to pass to the agent
      extraEnv: {}
      # When it's set, the secret environment variables is ignored
      existingEnvSecret: ""
      resources: {}
    #    requests:
    #      memory: "100Mi"
    #      cpu: "10m"
    #    limits:
    #      memory: "2000Mi"
    #      cpu: "2000m"
      command: []
      plainIDConfigFileBasePath: "/app/config"
      # Allows you to add any config files to /app/config
      plainIDConfig:
        config.yaml:
          server:
            port: 8080
            # Which IP is allowed to make requests to secrets-mgmt
            bindIp: 0.0.0.0
            name: secrets-mgmt
          management:
            port: ${MANAGEMENT_PORT}
          log:
            level: "info" #debug,trace
            format: "json"
            logTo: "console" # rolling, file
          rabbitmq:
            enabled: false
          gin:
            mode: release  # debug, release
          infra:
            registry:
              warpUrl: ${AGENT_URL:} #"http://plainid-paa-agent:8080"
              k8service: ${SECRETS_MGMT_ADDRESS:} #"http://secrets-mgmt:"${server.port}
              updateInterval: 60
              firstTimeInterval: 3
            management:
              port: ${MANAGEMENT_PORT}
          # Secret Store configuration
          secretStore:
            - id: fileSecret
              type: File
              isDefault: true
              decoder: Base64
              details:
                path: /app/config/filename.txt
    #        # Examples below for HashiCorp Vault and Environment Variables based Secret Stores
    #        - id: vault
    #          type: Vault
    #          isDefault: true
    #          decoder: None # Base64, None
    #          details:
    #            PathPrefix: prefix
    #            defaultPath: vault_
    #            skipVerify: true
    #            url: vault
    #            timeout: 3s
    #            enginePath: custom
    #          # Authentication method should use either a Token or Kubernetes authentication method with vault
    #          auth:
    #            method: Token # Token, Kubernetes
    #            tokenValue: token
    #            tokenFileName: ${VAULT_TOKEN} # instead of token value
    #          auth:
    #            method: Kubernetes
    #            path: /var/run/secrets/kubernetes.io/serviceaccount/token
    #            role: secrets-mgmt
    #        - id: ENV_VAR_SECRET
    #          type: Environment
    #          isDefault: false
    #          decoder: Base64
    #          details:
    #            name: ENV_VAR_SECRET
      metrics:
        enabled: false
        port: 8081
        serviceMonitor:
          # When set true then use a ServiceMonitor to configure scraping
          enabled: false
          path: /health/metrics
          # Set the namespace the ServiceMonitor should be deployed
          # namespace: monitoring
          # Set how frequently Prometheus should scrape
          # interval: 30s
          # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
          # labels: {}
          # Set timeout for scrape
          # timeout: 10s
        annotations: {}
      #    prometheus.io/port: '9090'
      #    prometheus.io/scrape: 'true'
      #    prometheus.io/path: '/actuator/prometheus'
      # Init containers to add to deployment's pod spec. At least one plugin provider image is required.
      # If the value is a string then it is evaluated as a template.
      initContainers:
      #    - name: wait-for
      #      image: plainid/wait-for:0.0.9
      #      securityContext:
      #        runAsNonRoot: true
      #        runAsUser: 1000
      #        readOnlyRootFilesystem: true
      #      command:
      #        - /bin/sh
      #        - -c
      #        - |
      #          /wait-for plainid-paa-redis-master:6379 --timeout=600
      nodeSelector: {}
      ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
      affinity: {}
      #    podAntiAffinity:
      #      requiredDuringSchedulingIgnoredDuringExecution:
      #        - labelSelector:
      #            matchExpressions:
      #              - key: app.kubernetes.io/component
      #                operator: In
      #                values:
      #                  - secrets-mgmt
      #          topologyKey: "kubernetes.io/hostname"
      ## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
      lifecycle: {}
      #  preStop:
      #    exec:
      #      command: ["/bin/sh", "-c", "sleep 10"]
    
    idpWebhook:
      enabled: false
      image:
        repository: plainid/idp-webhook
        ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
        ##
        pullPolicy: Always
        tag: "5.2439.0"
      name: idp-webhook
      forceRedeploy: false
      terminationGracePeriodSeconds: 15
      replicaCount: 1
      # If serviceAccount.create is false, these values are used for existing external service account
      serviceAccountName: ""
      serviceAccount:
        annotations: {}
      # -- Labels to add to the pod container metadata
      podLabels: {}
      #  key: value
      annotations: {}
      podAnnotations: {}
      autoscaling:
        enabled: false
        minReplicas: 3
        maxReplicas: 6
        targetCPUUtilizationPercentage: 2000
        targetMemoryUtilizationPercentage: 160
        annotations: {}
        behavior: {}
          # scaleDown:
          #   stabilizationWindowSeconds: 300
          #  policies:
          #   - type: Pods
          #     value: 1
          #     periodSeconds: 180
          # scaleUp:
          #   stabilizationWindowSeconds: 300
        #   policies:
        #   - type: Pods
        #     value: 2
        #     periodSeconds: 60
      autoscalingTemplate: []
      # Custom or additional autoscaling metrics
      # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics
      # - type: Pods
      #   pods:
      #     metric:
      #       name: nginx_ingress_controller_nginx_process_requests_total
      #     target:
      #       type: AverageValue
      #       averageValue: 10000m
      ## Configure PodDisruptionBudget
      ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
      #
      # Enable vertical pod autoscaler support
      # ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/FAQ.md
      verticalPodAutoscaler:
        enabled: false
        # Defaults to chart name
        containerName: ""
        # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
        controlledResources: [ ]
    
        # Define the max allowed resources for the pod
        maxAllowed: { }
        # cpu: 200m
        # memory: 100Mi
        # Define the min allowed resources for the pod
        minAllowed: { }
        # cpu: 200m
        # memory: 100Mi
    
        # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
        # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
        updatePolicy: { }
        # updateMode: "Auto"
      strategy: # For deployment
        rollingUpdate:
          maxSurge: 30%
          maxUnavailable: 30%
      podDisruptionBudget:
        # -- Labels to be added
        labels: { }
        # -- Annotations to be added
        annotations: { }
    
        # -- Deploy a Poddisruptionbudget
        enabled: false
        # minAvailable: 1
        # maxUnavailable: 0
      ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
      ##
      livenessProbe:
        enabled: true
        initialDelaySeconds: 60
        periodSeconds: 7
        timeoutSeconds: 5
        successThreshold: 1
        failureThreshold: 6
        httpGet:
          path: /health/liveness
      readinessProbe:
        enabled: true
        initialDelaySeconds: 20
        periodSeconds: 3
        timeoutSeconds: 2
        successThreshold: 1
        failureThreshold: 3
        httpGet:
          path: /health/readiness
      startupProbe:
        enabled: true
        initialDelaySeconds: 20
        periodSeconds: 2
        timeoutSeconds: 2
        successThreshold: 1
        failureThreshold: 240
        httpGet:
          path: /health/liveness
      service:
        enabled: true
        type: ClusterIP
        name: http
        port: 8080
        nodePort:
        annotations: {}
        management:
          name: http-management
          port: 9090
      debug:
        enabled: false
        port: 5005
      ## Sensible environment variables that will be rendered as new secret object
      ## This can be useful for auth tokens, etc
      extraEnvSecrets: {}
      # Allows you to add any secret files to /app/conf
      # such as key.json etc..
      # -- Environment variables to pass to the agent
      extraEnv: {}
      # When it's set, the secret environment variables is ignored
      existingEnvSecret: ""
      resources: {}
      #    requests:
      #      memory: "100Mi"
      #      cpu: "10m"
      #    limits:
      #      memory: "2000Mi"
      #      cpu: "2000m"
      command: []
      plainIDConfigFileBasePath: "/app/config"
      # Allows you to add any config files to /app/config
      plainIDConfig: {}
      # Uncomment the following config.yaml section to enable and configure the IDP Web-Hook (Token Enrichment) functionality
    #    config.yaml:
    #      server:
    #        name: idp-webhook
    #        auth:
    #          secret: ${IDP_HOOK_AUTH_SECRET} # This secret will be used to allow the IDP to authenticate with the IDP Webhook endpoint (Optional)
    #
    #      http:
    #        port: ${IDP_HOOK_HTTP_PORT:8080}
    #
    #      management:
    #        port: ${MANAGEMENT_PORT:9090}
    #        # if management endpoint path needs to be changed from the default /health:
    #        # prefix: ${MANAGEMENT_PREFIX:/probes}
    #
    #      log:
    #        level: ${IDP_HOOK_LOG_LEVEL:debug} # possible values: trace, debug, info, warn, warning, error, fatal, panic
    #        format: ${IDP_HOOK_LOG_FORMAT:json} # possible values: json, text
    #        logTo: ${IDP_HOOK_LOG_TO:console} # possible values: console, file, rolling
    #        # filePath: ${IDP_HOOK_LOG_FILE_PATH:logs/webhook.log} # only relevant if logTo is file or rolling
    #        # if logTo is rolling - use the following optional parameters to configure the rolling file appender
    #        # maxSize: 2
    #        # maxAge: 1
    #        # maxBackups: 5
    #        # compress: true
    #        # localTime: false
    #
    #      runtime:
    #        host: ${RUNTIME_ADDRESS:https://demo.plainid.cloud}
    #        uri: /api/runtime/token/v3
    #        timeout: 3s
    #        # pattern for tenant-specific PDP Runtime URLs; {{tenant}} is a constant, where the tenant key from the request-host will be set
    #        # tenantPattern: "http://{{tenant}}-runtime.runtime"
    #
    #      apps:
    #        Bank Portal:
    #          clientid: ${BANK_PORTAL_SCOPE_CLIENT_ID:PPWZYCOMXGNTHMGO8CIT}
    #          clientsecret: ${BANK_PORTAL_SCOPE_CLIENT_SECRET}
    #          entitytype: User
    #          tokentype: identity # possible values: identity, access
    #          includeIdentity: true
    #          userid: $.identity.claims.sub
    #          claims:
    #            plainid: $.response[*].access[?(@.resourceType == "assetExternal")].path
    #            FirstName_identity: $.identity.attributes.first_name
    #
    #        Loan Approval:
    #          clientid: ${LOAN_APPROVAL_SCOPE_CLIENT_ID:PXY8GCMDLPKSNAFDAA7A}
    #          clientsecret: ${LOAN_APPROVAL_SCOPE_CLIENT_SECRET}
    #          entitytype: Main
    #          tokentype: identity # possible values: identity, access
    #          userid: $.identity.claims.sub
    #          claims:
    #            plainid: $.response[*].access[?(@.resourceType == "portal-permissions")].path
    #            FirstName_identity: $.identity.attributes.name
      metrics:
        enabled: false
        serviceMonitor:
          # When set true then use a ServiceMonitor to configure scraping
          enabled: false
          path: /health/metrics
          # Set the namespace the ServiceMonitor should be deployed
          # namespace: monitoring
          # Set how frequently Prometheus should scrape
          # interval: 30s
          # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
          # labels: {}
          # Set timeout for scrape
          # timeout: 10s
        annotations: {}
      #    prometheus.io/port: '9090'
      #    prometheus.io/scrape: 'true'
      #    prometheus.io/path: '/actuator/prometheus'
      # Init containers to add to deployment's pod spec. At least one plugin provider image is required.
      # If the value is a string then it is evaluated as a template.
      initContainers:
      #    - name: wait-for
      #      image: plainid/wait-for:0.0.9
      #      securityContext:
      #        runAsNonRoot: true
      #        runAsUser: 1000
      #        readOnlyRootFilesystem: true
      #      command:
      #        - /bin/sh
      #        - -c
      #        - |
      #          /wait-for plainid-paa-redis-master:6379 --timeout=600
      nodeSelector: {}
      ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
      affinity: {}
      #    podAntiAffinity:
      #      requiredDuringSchedulingIgnoredDuringExecution:
      #        - labelSelector:
      #            matchExpressions:
      #              - key: app.kubernetes.io/component
      #                operator: In
      #                values:
      #                  - idp-webhook
      #          topologyKey: "kubernetes.io/hostname"
      ## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
      lifecycle: {}
      #  preStop:
      #    exec:
      #      command: ["/bin/sh", "-c", "sleep 10"]
      ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
      ingress:
        enabled: false
        #  ingressClassName: nginx
        annotations: {}
        # kubernetes.io/ingress.class: nginx
        # kubernetes.io/tls-acme: "true"
        hosts:
          - host: chart-example.local
            paths: ["/"]
        tls: [ ]
        #  - secretName: chart-example-tls
        #    hosts:
        #      - chart-example.local
    
    ## extraManifests Array of extra objects to deploy with the release (evaluated as a template)
    extraManifests: []
    
    skipChartValidations: false
    
    
    

    Was this article helpful?