diff --git a/.github/workflows/helm-docs.yaml b/.github/workflows/helm-docs.yaml new file mode 100644 index 0000000..6c8e972 --- /dev/null +++ b/.github/workflows/helm-docs.yaml @@ -0,0 +1,18 @@ +name: Documentation + +on: + pull_request: + +jobs: + generate: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.ref }} + - name: Run helm-docs + uses: losisin/helm-docs-github-action@v1 + with: + chart-search-root: charts/document-engine + # git-push: true + fail-on-diff: true diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index c1745ee..e24d9d6 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -1,7 +1,14 @@ name: Lint and Test Charts -on: pull_request - +# on: +# workflow_run: +# workflows: [Documentation] +# types: +# - completed + +on: + pull_request: + jobs: lint-test: runs-on: ubuntu-latest diff --git a/charts/document-engine/CHANGELOG.md b/charts/document-engine/CHANGELOG.md index d0dd33e..4c0ca94 100644 --- a/charts/document-engine/CHANGELOG.md +++ b/charts/document-engine/CHANGELOG.md @@ -1,7 +1,7 @@ # Changelog - [Changelog](#changelog) - - [3.0.3 (2024-08-20)](#303-2024-08-20) + - [3.0.4 (2024-08-21)](#304-2024-08-21) - [Changed](#changed) - [Added](#added) - [2.9.3 (2024-08-16)](#293-2024-08-16) @@ -42,7 +42,7 @@ - [2.0.0](#200) - [Changed](#changed-9) -## 3.0.3 (2024-08-20) +## 3.0.4 (2024-08-21) > [!WARNING] > Breaking changes. @@ -51,6 +51,7 @@ ### Changed * Massive internal refactoring. +* Documentation generation. * `pspdfkit.license.isOffline` is removed, as it is no longer necessary * `pspdfkit.license` section moved to the top level as `documentEngineLicense`. * `pspdfkit.auth.api` section moved to the top level as `apiAuth`, both `pspdfkit.auth.api.apiToken` and `pspdfkit.auth.api.jwt` section. @@ -68,8 +69,12 @@ * The remaining `pspdfkit.storage` section moved to the top level as `assetStorage`. * `pspdfkit.assetStorageCacheSizeMegaBytes` renamed to `assetStorage.localCacheSizeMegabytes`. * `pspdfkit.storage.assetStorageBackend` renamed to `assetStorage.backendType` - * `pspdfkit.storage.enableAssetStorageFallback*` moved to `assetStorage.backendFallback` section + * `pspdfkit.storage.enableAssetStorageFallback*` moved to `assetStorage.backendFallback` section + * `pspdfkit.storage.redis.useTtlForPrerendering` renamed to `assetStorage.redis.useTtl` * `pspdfkit.signingService` section moved to the top level as `documentSigningService`. + * `pspdfkit.signingService.digitalSignatureHashAlgorithm` renamed to `documentSigningService.hashAlgorithm` + * `pspdfkit.signingService.digitalSignatureCadesLevel` renamed to `documentSigningService.cadesLevel` + * `pspdfkit.signingService.digitalSignatureCertificateCheckTime` renamed to `documentSigningService.certificateCheckTime` * Certificate trust configuration restructured into the new `certificateTrust` section: * Map `pspdfkit.signingTrustConfigMaps` becomes list `certificateTrust.digitalSignatures` allowing both ConfigMaps and Secrets * Map `pspdfkit.trustConfigMaps` becomes list `certificateTrust.customCertificates` allowing both ConfigMaps and Secrets diff --git a/charts/document-engine/Chart.yaml b/charts/document-engine/Chart.yaml index f539ae4..7e31632 100644 --- a/charts/document-engine/Chart.yaml +++ b/charts/document-engine/Chart.yaml @@ -1,11 +1,16 @@ apiVersion: v2 name: document-engine -description: Document Engine -icon: data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMTAwMCIgaGVpZ2h0PSIxMDAwIiB2aWV3Qm94PSIwIDAgMTAwMCAxMDAwIiBmaWxsPSJub25lIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgo8cGF0aCBkPSJNMzQyLjU2NyA2NTguNjEyTDMyOS40OTYgNjY1LjkxNUwzMzguNzk5IDY1NC4yODZDMzk5LjMxIDU3OS44NDIgNDMzLjAyNiA0ODcuMjExIDQzNC41MjggMzkxLjI4OEw0MzQuNzYgMzc2LjMxTDQ0MC4xMSAzOTAuMjY1QzQ3NC40MDUgNDc5LjkzMiA1MzcuODc4IDU1NS40NDggNjIwLjMxIDYwNC42NTRMNjMzLjE0OCA2MTIuMzI5TDYxOC4zNTYgNjA5Ljk1N0M1MjMuNTcxIDU5NC43NTYgNDI2LjQyOCA2MTEuODk0IDM0Mi41NjcgNjU4LjYxMloiIGZpbGw9IiMxOTBEOTQiLz4KPHBhdGggZD0iTTU1NC41MTkgNTU2LjM2N0M0NzMuMzk2IDQ0Mi4wMzMgNDg3LjMwNCAzNzYuODY1IDUwOS44NjQgMjg5Ljc4OEM1MzYuNjExIDE4Ni41MjQgNDczLjM1IDg0LjA1MDUgMzYyLjU5NyAxMTQuNDI1QzMxMy41MjMgMTI3LjkxNCAyOTYuMTczIDE2MS4zMTIgMjkwLjAzMyAxODQuNzU2QzI1OS45ODQgMjk3Ljc4OSA0MzguMjMxIDQ2Ni4xNzQgNTU0LjUxOSA1NTYuMzY3WiIgZmlsbD0iIzVFNUNFQiIvPgo8cGF0aCBkPSJNMjE3LjEwMyA2NDQuMTg2QzExNC4zMDQgNjcyLjY1NCA1Ny4xODM1IDc3OC43NTUgMTM4Ljg2NSA4NTkuNDEzQzE3NS4wNTMgODk1LjEzNyAyMTIuNjM4IDg5My40NjIgMjM2LjAzNSA4ODcuMzIyQzM0OC45MjggODU2Ljc2MiA0MDUuNjMgNjE4LjE4NCA0MjUuNjMyIDQ3Mi40MDVDMzY3LjE2MiA1OTkuNjI1IDMwMy45OTQgNjIwLjE4NCAyMTcuMTAzIDY0NC4xODZaIiBmaWxsPSIjNUU1Q0VCIi8+CjxwYXRoIGQ9Ik04NzEuNDggNTgyLjY1MUM3ODguNTQzIDUwMC4xNzkgNTUzLjU5NCA1NzAuMzI0IDQxNy4zNSA2MjUuOTFDNTU2Ljg5NiA2MTIuODM5IDYwNi4zODkgNjU3LjQ0OCA2NzAuNTMzIDcyMC41MjJDNzQ2LjU4NiA3OTUuMzE5IDg2Ni45NjggNzkxLjczNyA4OTYuMDQgNjgwLjY1OUM5MDguNjkyIDYzMS40NDUgODg4LjQ1OCA1OTkuNzIyIDg3MS40OCA1ODIuNjUxWiIgZmlsbD0iIzVFNUNFQiIvPgo8L3N2Zz4K type: application -version: 3.0.3 +description: Document Engine is a backend software for processing documents and powering automation workflows. +home: https://pspdfkit.com/guides/document-engine/ +icon: data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMTAwMCIgaGVpZ2h0PSIxMDAwIiB2aWV3Qm94PSIwIDAgMTAwMCAxMDAwIiBmaWxsPSJub25lIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgo8cGF0aCBkPSJNMzQyLjU2NyA2NTguNjEyTDMyOS40OTYgNjY1LjkxNUwzMzguNzk5IDY1NC4yODZDMzk5LjMxIDU3OS44NDIgNDMzLjAyNiA0ODcuMjExIDQzNC41MjggMzkxLjI4OEw0MzQuNzYgMzc2LjMxTDQ0MC4xMSAzOTAuMjY1QzQ3NC40MDUgNDc5LjkzMiA1MzcuODc4IDU1NS40NDggNjIwLjMxIDYwNC42NTRMNjMzLjE0OCA2MTIuMzI5TDYxOC4zNTYgNjA5Ljk1N0M1MjMuNTcxIDU5NC43NTYgNDI2LjQyOCA2MTEuODk0IDM0Mi41NjcgNjU4LjYxMloiIGZpbGw9IiMxOTBEOTQiLz4KPHBhdGggZD0iTTU1NC41MTkgNTU2LjM2N0M0NzMuMzk2IDQ0Mi4wMzMgNDg3LjMwNCAzNzYuODY1IDUwOS44NjQgMjg5Ljc4OEM1MzYuNjExIDE4Ni41MjQgNDczLjM1IDg0LjA1MDUgMzYyLjU5NyAxMTQuNDI1QzMxMy41MjMgMTI3LjkxNCAyOTYuMTczIDE2MS4zMTIgMjkwLjAzMyAxODQuNzU2QzI1OS45ODQgMjk3Ljc4OSA0MzguMjMxIDQ2Ni4xNzQgNTU0LjUxOSA1NTYuMzY3WiIgZmlsbD0iIzVFNUNFQiIvPgo8cGF0aCBkPSJNMjE3LjEwMyA2NDQuMTg2QzExNC4zMDQgNjcyLjY1NCA1Ny4xODM1IDc3OC43NTUgMTM4Ljg2NSA4NTkuNDEzQzE3NS4wNTMgODk1LjEzNyAyMTIuNjM4IDg5My40NjIgMjM2LjAzNSA4ODcuMzIyQzM0OC45MjggODU2Ljc2MiA0MDUuNjMgNjE4LjE4NCA0MjUuNjMyIDQ3Mi40MDVDMzY3LjE2MiA1OTkuNjI1IDMwMy45OTQgNjIwLjE4NCAyMTcuMTAzIDY0NC4xODZaIiBmaWxsPSIjNUU1Q0VCIi8+CjxwYXRoIGQ9Ik04NzEuNDggNTgyLjY1MUM3ODguNTQzIDUwMC4xNzkgNTUzLjU5NCA1NzAuMzI0IDQxNy4zNSA2MjUuOTFDNTU2Ljg5NiA2MTIuODM5IDYwNi4zODkgNjU3LjQ0OCA2NzAuNTMzIDcyMC41MjJDNzQ2LjU4NiA3OTUuMzE5IDg2Ni45NjggNzkxLjczNyA4OTYuMDQgNjgwLjY1OUM5MDguNjkyIDYzMS40NDUgODg4LjQ1OCA1OTkuNzIyIDg3MS40OCA1ODIuNjUxWiIgZmlsbD0iIzVFNUNFQiIvPgo8L3N2Zz4K +version: 3.0.4 appVersion: "1.4.1" +keywords: + - pspdfkit + - document-engine + maintainers: - name: PSPDFKit email: support@pspdfkit.com diff --git a/charts/document-engine/README.md b/charts/document-engine/README.md index 843d7a4..822ab99 100644 --- a/charts/document-engine/README.md +++ b/charts/document-engine/README.md @@ -1,30 +1,31 @@ # Document Engine Helm chart -- [Document Engine Helm chart](#document-engine-helm-chart) - - [Using this repository](#using-this-repository) - - [Installing Document Engine](#installing-document-engine) - - [Dependencies](#dependencies) - - [Upgrade](#upgrade) - - [Contribution](#contribution) - - [License](#license) - - [Support, Issues and License Questions](#support-issues-and-license-questions) +![Version: 3.0.4](https://img.shields.io/badge/Version-3.0.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.1](https://img.shields.io/badge/AppVersion-1.4.1-informational?style=flat-square) -> [!NOTE] -> [More on Document Engine](https://pspdfkit.com/cloud/document-engine/) +Document Engine is a backend software for processing documents and powering automation workflows. -## Using this repository +**Homepage:** -``` +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| PSPDFKit | | | + +## Using this chart + +### Adding the repository + +```shell helm repo add pspdfkit https://pspdfkit.github.io/helm-charts helm repo update ``` -## Installing Document Engine +### Installing Document Engine ```shell -helm upgrade --install \ +helm upgrade --install -n document-engine \ document-engine pspdfkit/document-engine \ - -n pspdfkit-services \ -f ./document-engine-values.yaml ``` @@ -32,11 +33,288 @@ helm upgrade --install \ The chart depends upon [Bitnami](https://github.com/bitnami/charts/tree/main/bitnami) charts for PostgreSQL, [MinIO](https://min.io/) and [Redis](https://redis.io/). They are disabled by default, but can be enabled for convenience. Please consider [tests](/charts/document-engine/ci) as examples. +| Repository | Name | Version | +|------------|------|---------| +| https://charts.bitnami.com/bitnami | minio | 14.6.29 | +| https://charts.bitnami.com/bitnami | postgresql | 15.5.20 | +| https://charts.bitnami.com/bitnami | redis | 19.6.4 | + ### Upgrade -> [!NOTE] +> [!NOTE] > Please consult the [changelog](/charts/document-engine/CHANGELOG.md) +## Values + +### [Document Engine License](./values.yaml#L17) + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| [documentEngineLicense](./values.yaml#L17) | *object* | | License information, see more in [our guide](https://pspdfkit.com/guides/document-engine/deployment/product-activation/) | +| [documentEngineLicense.activationKey](./values.yaml#L22) | *string* | `""` | Activation key for online activation (most common) or license key for offline activation. Results in `ACTIVATION_KEY` environment variable. | +| [documentEngineLicense.externalSecret](./values.yaml#L27) | *object* | [...](./values.yaml#L27) | Query existing secret for the activation key | + +### [API authentication](./values.yaml#L40) + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| [apiAuth](./values.yaml#L40) | *object* | | Document Enging API authentication | +| [apiAuth.apiToken](./values.yaml#L44) | *string* | `"secret"` | `API_AUTH_TOKEN`, a universal secret with full access to the API, should be long enough | +| [apiAuth.externalSecret](./values.yaml#L70) | *object* | [...](./values.yaml#L70) | Use an external secret for API credentials | +| [apiAuth.jwt](./values.yaml#L48) | *object* | [...](./values.yaml#L48) | JSON Web Token (JWT) settings | +| [apiAuth.jwt.algorithm](./values.yaml#L59) | *string* | `"RS256"` | `JWT_ALGORITHM` Supported algorithms: `RS256`, `RS512`, `ES256`, `ES512`. See RFC 7518 for details about specific algorithms. | +| [apiAuth.jwt.enabled](./values.yaml#L51) | *bool* | `false` | Enable JWT | +| [apiAuth.jwt.publicKey](./values.yaml#L54) | *string* | `"none"` | `JWT_PUBLIC_KEY` | +| [apiAuth.secretKeyBase](./values.yaml#L65) | *string* | `""` | A string used as the base key for deriving secret keys for the purposes of authentication. Choose a sufficiently long random string for this option. To generate a random string, use: `openssl rand -hex 256`. This will set `SECRET_KEY_BASE` environment variable. | + +### [Configuration options](./values.yaml#L100) + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| [config](./values.yaml#L100) | *object* | | General configuration, [see more](https://pspdfkit.com/guides/document-engine/configuration/overview/) | +| [config.allowDocumentGeneration](./values.yaml#L133) | *bool* | `true` | `ALLOW_DOCUMENT_GENERATION` | +| [config.allowDocumentUploads](./values.yaml#L127) | *bool* | `true` | `ALLOW_DOCUMENT_UPLOADS` | +| [config.allowRemoteAssetsInGeneration](./values.yaml#L136) | *bool* | `true` | `ALLOW_REMOTE_ASSETS_IN_GENERATION` | +| [config.allowRemoteDocuments](./values.yaml#L130) | *bool* | `true` | `ALLOW_REMOTE_DOCUMENTS` | +| [config.asyncJobsTtlSeconds](./values.yaml#L124) | *int* | `172800` | `ASYNC_JOBS_TTL` | +| [config.automaticLinkExtraction](./values.yaml#L142) | *bool* | `false` | `AUTOMATIC_LINK_EXTRACTION` | +| [config.generationTimeoutSeconds](./values.yaml#L112) | *int* | `20` | `PDF_GENERATION_TIMEOUT` in seconds | +| [config.ignoreInvalidAnnotations](./values.yaml#L139) | *bool* | `true` | `IGNORE_INVALID_ANNOTATIONS` | +| [config.maxUploadSizeMegaBytes](./values.yaml#L121) | *int* | `950` | `MAX_UPLOAD_SIZE_BYTES` in megabytes | +| [config.minSearchQueryLength](./values.yaml#L145) | *int* | `3` | `MIN_SEARCH_QUERY_LENGTH` | +| [config.port](./values.yaml#L156) | *int* | `5000` | `PORT` for the Document Engine API | +| [config.proxy](./values.yaml#L151) | *object* | `{"http":"","https":""}` | Proxy settings, `HTTP_PROXY` amd `HTTPS_PROXY` | +| [config.readAnnotationBatchTimeoutSeconds](./values.yaml#L118) | *int* | `20` | `READ_ANNOTATION_BATCH_TIMEOUT` in seconds | +| [config.replaceSecretsFromEnv](./values.yaml#L161) | *bool* | `true` | `REPLACE_SECRETS_FROM_ENV` — whether to consider environment variables, values and secrets for `JWT_PUBLIC_KEY`, `SECRET_KEY_BASE` and `DASHBOARD_PASSWORD` | +| [config.requestTimeoutSeconds](./values.yaml#L106) | *int* | `60` | Full request timeout in seconds (`SERVER_REQUEST_TIMEOUT`) | +| [config.trustedProxies](./values.yaml#L148) | *string* | `"default"` | `TRUSTED_PROXIES` | +| [config.urlFetchTimeoutSeconds](./values.yaml#L115) | *int* | `5` | `REMOTE_URL_FETCH_TIMEOUT` in seconds | +| [config.workerPoolSize](./values.yaml#L103) | *int* | `16` | `PSPDFKIT_WORKER_POOL_SIZE` | +| [config.workerTimeoutSeconds](./values.yaml#L109) | *int* | `60` | Document processing timeout in seconds (`PSPDFKIT_WORKER_TIMEOUT`) | + +### [Certificate trust](./values.yaml#L166) + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| [certificateTrust](./values.yaml#L166) | *object* | | [Certificate trust](https://pspdfkit.com/guides/document-engine/configuration/certificate-trust/) | +| [certificateTrust.customCertificates](./values.yaml#L179) | *list* | `[]` | ConfigMap and Secret references for trust configuration, stored in `/certificate-stores-custom` | +| [certificateTrust.digitalSignatures](./values.yaml#L170) | *list* | `[]` | CAs for digital signatures (`/certificate-stores/`) from ConfigMap and Secret resources. | +| [certificateTrust.downloaderTrustFileName](./values.yaml#L189) | *string* | `""` | Override `DOWNLOADER_CERT_FILE_PATH` to set HTTP client trust. If empty, defaults to Mozilla's CA bundle. | + +### [Database](./values.yaml#L194) + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| [database](./values.yaml#L194) | *object* | | Database | +| [database.connections](./values.yaml#L203) | *int* | `20` | `DATABASE_CONNECTIONS` | +| [database.enabled](./values.yaml#L197) | *bool* | `true` | Persistent storage enabled | +| [database.engine](./values.yaml#L200) | *string* | `"postgres"` | Database engine: only `postgres` is currently supported | +| [database.migrationJob](./values.yaml#L267) | *object* | [...](./values.yaml#L267) | Database migration jobs. | +| [database.migrationJob.enabled](./values.yaml#L270) | *bool* | `false` | It `true`, results in `ENABLE_DATABASE_MIGRATIONS=false` in the main Document Engine container | +| [database.postgres](./values.yaml#L208) | *object* | [...](./values.yaml#L208) | PostgreSQL database settings | +| [database.postgres.adminPassword](./values.yaml#L229) | *string* | `"despair"` | `PG_ADMIN_PASSWORD` | +| [database.postgres.adminUsername](./values.yaml#L226) | *string* | `"postgres"` | `PG_ADMIN_USER` | +| [database.postgres.database](./values.yaml#L217) | *string* | `"document-engine"` | `PGDATABASE` | +| [database.postgres.externalAdminSecretName](./values.yaml#L238) | *string* | `""` | External secret for administrative database credentials, used for migrations: `PG_ADMIN_USER` and `PG_ADMIN_PASSWORD` | +| [database.postgres.externalSecretName](./values.yaml#L234) | *string* | `""` | Use external secret for database credentials. `PGUSER` and `PGPASSWORD` must be provided and, if not defined: `PGDATABASE`, `PGHOST`, `PGPORT`, `PGSSL` | +| [database.postgres.host](./values.yaml#L211) | *string* | `"postgresql"` | `PGHOST` | +| [database.postgres.password](./values.yaml#L223) | *string* | `"despair"` | `PGPASSWORD` | +| [database.postgres.port](./values.yaml#L214) | *int* | `5432` | `PGPORT` | +| [database.postgres.tls](./values.yaml#L243) | *object* | [...](./values.yaml#L243) | TLS settings | +| [database.postgres.tls.commonName](./values.yaml#L256) | *string* | `""` | Common name for the certificate (`PGSSL_CERT_COMMON_NAME`), defaults to `PGHOST` value | +| [database.postgres.tls.enabled](./values.yaml#L246) | *bool* | `false` | Enable TLS (`PGSSL`) | +| [database.postgres.tls.hostVerify](./values.yaml#L252) | *bool* | `true` | Negated `PGSSL_DISABLE_HOSTNAME_VERIFY` | +| [database.postgres.tls.trustBundle](./values.yaml#L260) | *string* | `""` | Trust bundle for PostgreSQL, sets `PGSSL_CA_CERTS`, mutually exclusive with `trustFileName` and takes precedence | +| [database.postgres.tls.trustFileName](./values.yaml#L263) | *string* | `""` | Path from `certificateTrust.customCertificates`, wraps around `PGSSL_CA_CERT_PATH` | +| [database.postgres.tls.verify](./values.yaml#L249) | *bool* | `true` | Negated `PGSSL_DISABLE_VERIFY` | +| [database.postgres.username](./values.yaml#L220) | *string* | `"de-user"` | `PGUSER` | + +### [Lifecycle](./values.yaml#L283) + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| [documentLifecycle](./values.yaml#L283) | *object* | | Document lifecycle management | +| [documentLifecycle.cleanupJob](./values.yaml#L288) | *object* | [...](./values.yaml#L288) | Regular job to remove documents from the database. Note: currently only works with the `built-in` storage backend. | +| [documentLifecycle.cleanupJob.enabled](./values.yaml#L291) | *bool* | `false` | Enable the cleanup job | +| [documentLifecycle.cleanupJob.keepHours](./values.yaml#L297) | *int* | `24` | Documents TTL in hours | +| [documentLifecycle.cleanupJob.persistentLike](./values.yaml#L300) | *string* | `"persistent%"` | Keep documents with IDs beginning with `persistent` indefinitely | +| [documentLifecycle.cleanupJob.schedule](./values.yaml#L294) | *string* | `"13 * * * *"` | Cleanup job schedule in cron format | + +### [Asset storage](./values.yaml#L311) + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| [assetStorage](./values.yaml#L311) | *object* | | Everything about storing and caching assets | +| [assetStorage.azure](./values.yaml#L375) | *object* | [...](./values.yaml#L375) | Azure blob storage settings, in case `assetStorage.backendType` is set to `azure` | +| [assetStorage.azure.container](./values.yaml#L386) | *string* | `""` | `AZURE_STORAGE_DEFAULT_CONTAINER` | +| [assetStorage.backendFallback](./values.yaml#L323) | *object* | [...](./values.yaml#L323) | Asset storage fallback settings | +| [assetStorage.backendFallback.enabled](./values.yaml#L326) | *bool* | `false` | `ENABLE_ASSET_STORAGE_FALLBACK` | +| [assetStorage.backendFallback.enabledAzure](./values.yaml#L335) | *bool* | `false` | `ENABLE_ASSET_STORAGE_FALLBACK_AZURE` | +| [assetStorage.backendFallback.enabledPostgres](./values.yaml#L329) | *bool* | `false` | `ENABLE_ASSET_STORAGE_FALLBACK_POSTGRES` | +| [assetStorage.backendFallback.enabledS3](./values.yaml#L332) | *bool* | `false` | `ENABLE_ASSET_STORAGE_FALLBACK_S3` | +| [assetStorage.backendType](./values.yaml#L319) | *string* | `"built-in"` | Asset storage backend is only available if `database.enabled` is `true` Sets `ASSET_STORAGE_BACKEND`: `built-in`, `s3` or `azure` | +| [assetStorage.localCacheSizeMegabytes](./values.yaml#L315) | *int* | `2000` | Sets local asset storage value in megabytes Results in `ASSET_STORAGE_CACHE_SIZE` (in bytes) | +| [assetStorage.redis](./values.yaml#L404) | *object* | [...](./values.yaml#L404) | Redis settings for caching and prerendering | +| [assetStorage.redis.database](./values.yaml#L422) | *string* | `""` | `REDIS_DATABASE` | +| [assetStorage.redis.enabled](./values.yaml#L407) | *bool* | `false` | `USE_REDIS_CACHE` | +| [assetStorage.redis.externalSecretName](./values.yaml#L459) | *string* | `""` | External secret name. Must contain `REDIS_USERNAME` and `REDIS_PASSWORD` if they are needed, and _may_ set other values | +| [assetStorage.redis.host](./values.yaml#L416) | *string* | `"redis"` | `REDIS_HOST` | +| [assetStorage.redis.password](./values.yaml#L448) | *string* | `""` | `REDIS_PASSWORD` | +| [assetStorage.redis.port](./values.yaml#L419) | *int* | `6379` | `REDIS_PORT` | +| [assetStorage.redis.sentinel](./values.yaml#L427) | *object* | [...](./values.yaml#L427) | Redis Sentinel | +| [assetStorage.redis.tls](./values.yaml#L452) | *object* | | TLS settings | +| [assetStorage.redis.tls.enabled](./values.yaml#L455) | *bool* | `false` | Enable TLS (`REDIS_SSL`) | +| [assetStorage.redis.ttlSeconds](./values.yaml#L410) | *int* | `86400000` | `REDIS_TTL` | +| [assetStorage.redis.useTtl](./values.yaml#L413) | *bool* | `true` | `USE_REDIS_TTL_FOR_PRERENDERING` | +| [assetStorage.redis.username](./values.yaml#L445) | *string* | `""` | `REDIS_USERNAME` | +| [assetStorage.s3](./values.yaml#L339) | *object* | [...](./values.yaml#L339) | S3 backend storage settings, in case `assetStorage.backendType` is set to `s3 | +| [assetStorage.s3.bucket](./values.yaml#L350) | *string* | `"document-engine-assets"` | `ASSET_STORAGE_S3_BUCKET` | +| [assetStorage.s3.region](./values.yaml#L353) | *string* | `"us-east-1"` | `ASSET_STORAGE_S3_REGION` | + +### [Digital signatures](./values.yaml#L464) + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| [documentSigningService](./values.yaml#L464) | *object* | | Signing service parameters | +| [documentSigningService.cadesLevel](./values.yaml#L490) | *string* | `"b-lt"` | `DIGITAL_SIGNATURE_CADES_LEVEL` | +| [documentSigningService.certificateCheckTime](./values.yaml#L493) | *string* | `"current_time"` | `DIGITAL_SIGNATURE_CERTIFICATE_CHECK_TIME` | +| [documentSigningService.defaultSignatureLocation](./values.yaml#L484) | *string* | `"Head Quarters"` | `DEFAULT_SIGNATURE_LOCATION` | +| [documentSigningService.defaultSignatureReason](./values.yaml#L480) | *string* | `"approved"` | `DEFAULT_SIGNATURE_REASON` | +| [documentSigningService.defaultSignerName](./values.yaml#L476) | *string* | `"John Doe"` | `DEFAULT_SIGNER_NAME` | +| [documentSigningService.enabled](./values.yaml#L467) | *bool* | `false` | Enable signing service integration | +| [documentSigningService.hashAlgorithm](./values.yaml#L487) | *string* | `"sha512"` | `DIGITAL_SIGNATURE_HASH_ALGORITHM` | +| [documentSigningService.timeoutSeconds](./values.yaml#L473) | *int* | `10` | `SIGNING_SERVICE_TIMEOUT` in seconds | +| [documentSigningService.timestampAuthority](./values.yaml#L497) | *object* | [...](./values.yaml#L497) | Timestamp Authority (TSA) settings | +| [documentSigningService.timestampAuthority.url](./values.yaml#L500) | *string* | `"https://freetsa.org/"` | `TIMESTAMP_AUTHORITY_URL` | +| [documentSigningService.url](./values.yaml#L470) | *string* | `"https://signing-thing.local/sign"` | `SIGNING_SERVICE_URL` | + +### [Observability settings](./values.yaml#L562) + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| [observability.metrics.enabled](./values.yaml#L562) | *bool* | `false` | Enable metrics exporting | +| [observability.metrics.statsd](./values.yaml#L567) | *plain* | *See below* | StatsD parameters | +| [observability.metrics.statsd.customTags](./values.yaml#L583) | *tpl/string* | *generated* | StatsD custom tags, `STATSD_CUSTOM_TAGS` | +| [observability.metrics.statsd.port](./values.yaml#L577) | *int* | `9125` | StatsD port, `STATSD_PORT` | + +### Other Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| [affinity](./values.yaml#L800) | *object* | `{}` | | +| [autoscaling.behavior](./values.yaml#L776) | *object* | `{}` | | +| [autoscaling.enabled](./values.yaml#L771) | *bool* | `false` | | +| [autoscaling.maxReplicas](./values.yaml#L773) | *int* | `100` | | +| [autoscaling.minReplicas](./values.yaml#L772) | *int* | `1` | | +| [autoscaling.targetCPUUtilizationPercentage](./values.yaml#L774) | *int* | `80` | | +| [autoscaling.targetMemoryUtilizationPercentage](./values.yaml#L775) | *int* | `80` | | +| [dashboard](./values.yaml#L511) | *object* | `{"auth":{"externalSecret":{"name":"","passwordKey":"DASHBOARD_PASSWORD","usernameKey":"DASHBOARD_USERNAME"},"password":"","username":"admin"},"enabled":true}` | Document Engine Dashboard settings | +| [dashboard.auth](./values.yaml#L515) | *object* | `{"externalSecret":{"name":"","passwordKey":"DASHBOARD_PASSWORD","usernameKey":"DASHBOARD_USERNAME"},"password":"","username":"admin"}` | Dashboard authentication | +| [dashboard.auth.externalSecret](./values.yaml#L522) | *object* | `{"name":"","passwordKey":"DASHBOARD_PASSWORD","usernameKey":"DASHBOARD_USERNAME"}` | instead of the values from `pspdfkit.auth.dashboard.*` | +| [dashboard.auth.externalSecret.name](./values.yaml#L524) | *string* | `""` | External secret name | +| [dashboard.auth.externalSecret.usernameKey](./values.yaml#L526) | *string* | `"DASHBOARD_USERNAME"` | Key names | +| [dashboard.auth.password](./values.yaml#L519) | *string* | `""` | `DASHBOARD_PASSWORD` — will generate a random password if not set | +| [dashboard.auth.username](./values.yaml#L517) | *string* | `"admin"` | `DASHBOARD_USERNAME` | +| [dashboard.enabled](./values.yaml#L513) | *bool* | `true` | Enable dashboard | +| [deploymentAnnotations](./values.yaml#L631) | *object* | `{}` | | +| [extraEnvFrom](./values.yaml#L733) | *list* | `[]` | | +| [extraEnvs](./values.yaml#L732) | *list* | `[]` | | +| [extraIngresses](./values.yaml#L665) | *object* | `{}` | | +| [extraVolumeMounts](./values.yaml#L735) | *list* | `[]` | | +| [extraVolumes](./values.yaml#L734) | *list* | `[]` | | +| [fullnameOverride](./values.yaml#L11) | *string* | `""` | | +| [image](./values.yaml#L3) | *object* | | Image settings | +| [imagePullSecrets](./values.yaml#L9) | *list* | `[]` | Pull secrets | +| [ingress.annotations](./values.yaml#L646) | *object* | `{}` | | +| [ingress.className](./values.yaml#L645) | *string* | `""` | | +| [ingress.enabled](./values.yaml#L644) | *bool* | `false` | | +| [ingress.hosts](./values.yaml#L647) | *list* | `[]` | | +| [ingress.tls](./values.yaml#L659) | *list* | `[]` | | +| [initContainers](./values.yaml#L737) | *list* | `[]` | | +| [lifecycle](./values.yaml#L812) | *object* | `{}` | | +| [livenessProbe.failureThreshold](./values.yaml#L758) | *int* | `3` | | +| [livenessProbe.httpGet.path](./values.yaml#L751) | *string* | `"/healthcheck"` | | +| [livenessProbe.httpGet.port](./values.yaml#L752) | *string* | `"api"` | | +| [livenessProbe.httpGet.scheme](./values.yaml#L753) | *string* | `"HTTP"` | | +| [livenessProbe.initialDelaySeconds](./values.yaml#L754) | *int* | `0` | | +| [livenessProbe.periodSeconds](./values.yaml#L755) | *int* | `30` | | +| [livenessProbe.successThreshold](./values.yaml#L757) | *int* | `1` | | +| [livenessProbe.timeoutSeconds](./values.yaml#L756) | *int* | `1` | | +| [minio](./values.yaml#L842) | *plain* | *See below* | [External MinIO chart](https://github.com/bitnami/charts/tree/main/bitnami/minio) | +| [nameOverride](./values.yaml#L10) | *string* | `""` | | +| [networkPolicy.allowExternal](./values.yaml#L685) | *bool* | `true` | | +| [networkPolicy.allowExternalEgress](./values.yaml#L707) | *bool* | `true` | | +| [networkPolicy.annotations](./values.yaml#L683) | *object* | `{}` | | +| [networkPolicy.enabled](./values.yaml#L681) | *bool* | `true` | | +| [networkPolicy.extraEgress](./values.yaml#L709) | *list* | `[]` | | +| [networkPolicy.extraIngress](./values.yaml#L687) | *list* | `[]` | | +| [networkPolicy.ingressMatchSelectorLabels](./values.yaml#L702) | *list* | `[]` | | +| [networkPolicy.labels](./values.yaml#L682) | *object* | `{}` | | +| [nodeSelector](./values.yaml#L799) | *object* | `{}` | | +| [observability](./values.yaml#L530) | *object* | `{"log":{"healthcheckLevel":"debug","level":"info"},"metrics":{"enabled":false,"prometheusRule":{"enabled":false,"labels":{},"namespace":"","rules":[]},"serviceMonitor":{"enabled":false,"honorLabels":false,"interval":"30s","jobLabel":"","labels":{},"metricRelabelings":[],"namespace":"","relabelings":[],"scrapeTimeout":""},"statsd":{"customTags":"namespace={{ .Release.Namespace }},app={{ include \"document-engine.fullname\" . }}","enabled":false,"host":"localhost","port":9125}},"opentelemetry":{"enabled":false,"otelPropagators":"","otelResourceAttributes":"","otelServiceName":"","otelTracesSampler":"","otelTracesSamplerArg":"","otlpExporterEndpoint":"","otlpExporterProtocol":""}}` | Observability settings | +| [observability.log](./values.yaml#L532) | *object* | `{"healthcheckLevel":"debug","level":"info"}` | Logs | +| [observability.log.healthcheckLevel](./values.yaml#L536) | *string* | `"debug"` | `HEALTHCHECK_LOGLEVEL` — log level for health checks | +| [observability.log.level](./values.yaml#L534) | *string* | `"info"` | `LOG_LEVEL` | +| [observability.metrics](./values.yaml#L559) | *object* | `{"enabled":false,"prometheusRule":{"enabled":false,"labels":{},"namespace":"","rules":[]},"serviceMonitor":{"enabled":false,"honorLabels":false,"interval":"30s","jobLabel":"","labels":{},"metricRelabelings":[],"namespace":"","relabelings":[],"scrapeTimeout":""},"statsd":{"customTags":"namespace={{ .Release.Namespace }},app={{ include \"document-engine.fullname\" . }}","enabled":false,"host":"localhost","port":9125}}` | Metrics configuration | +| [observability.opentelemetry](./values.yaml#L538) | *object* | `{"enabled":false,"otelPropagators":"","otelResourceAttributes":"","otelServiceName":"","otelTracesSampler":"","otelTracesSamplerArg":"","otlpExporterEndpoint":"","otlpExporterProtocol":""}` | OpenTelemetry | +| [observability.opentelemetry.enabled](./values.yaml#L540) | *bool* | `false` | Enable OpenTelemetry (`ENABLE_OPENTELEMETRY`), only tracing is currently supported | +| [observability.opentelemetry.otelPropagators](./values.yaml#L551) | *string* | `""` | `OTEL_PROPAGATORS`, propagators | +| [observability.opentelemetry.otelResourceAttributes](./values.yaml#L549) | *string* | `""` | `OTEL_RESOURCE_ATTRIBUTES`, resource attributes | +| [observability.opentelemetry.otelServiceName](./values.yaml#L547) | *string* | `""` | `OTEL_SERVICE_NAME`, service name | +| [observability.opentelemetry.otelTracesSampler](./values.yaml#L555) | *string* | `""` | `OTEL_TRACES_SAMPLER`, should normally not be touched to allow custom `parent_based` work, but something like `parentbased_traceidratio` may be considered | +| [observability.opentelemetry.otelTracesSamplerArg](./values.yaml#L557) | *string* | `""` | `OTEL_TRACES_SAMPLER_ARG`, argument for the sampler | +| [observability.opentelemetry.otlpExporterEndpoint](./values.yaml#L543) | *string* | `""` | https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ `OTEL_EXPORTER_OTLP_ENDPOINT`, if not set, defaults to `http://localhost:4317` | +| [observability.opentelemetry.otlpExporterProtocol](./values.yaml#L545) | *string* | `""` | `OTEL_EXPORTER_OTLP_PROTOCOL`, if not set, defaults to `grpc` | +| [podAnnotations](./values.yaml#L630) | *object* | `{}` | | +| [podDisruptionBudget.create](./values.yaml#L795) | *bool* | `false` | | +| [podDisruptionBudget.maxUnavailable](./values.yaml#L797) | *string* | `""` | | +| [podDisruptionBudget.minAvailable](./values.yaml#L796) | *int* | `1` | | +| [podLabels](./values.yaml#L629) | *object* | `{}` | | +| [podSecurityContext](./values.yaml#L632) | *object* | `{}` | | +| [postgresql](./values.yaml#L820) | *plain* | *See below* | [External PostgreSQL database chart](https://github.com/bitnami/charts/tree/main/bitnami/postgresql) | +| [priorityClassName](./values.yaml#L806) | *string* | `""` | | +| [prometheusExporter.enabled](./values.yaml#L606) | *bool* | `false` | | +| [prometheusExporter.image.pullPolicy](./values.yaml#L609) | *string* | `"IfNotPresent"` | | +| [prometheusExporter.image.repository](./values.yaml#L608) | *string* | `"prom/statsd-exporter"` | | +| [prometheusExporter.image.tag](./values.yaml#L610) | *string* | `"v0.27.1"` | | +| [prometheusExporter.port](./values.yaml#L611) | *int* | `10254` | | +| [prometheusExporter.resources.limits.cpu](./values.yaml#L618) | *string* | `"100m"` | | +| [prometheusExporter.resources.limits.memory](./values.yaml#L617) | *string* | `"128Mi"` | | +| [prometheusExporter.resources.requests.cpu](./values.yaml#L615) | *string* | `"50m"` | | +| [prometheusExporter.resources.requests.memory](./values.yaml#L614) | *string* | `"32Mi"` | | +| [readinessProbe.failureThreshold](./values.yaml#L768) | *int* | `3` | | +| [readinessProbe.httpGet.path](./values.yaml#L761) | *string* | `"/healthcheck"` | | +| [readinessProbe.httpGet.port](./values.yaml#L762) | *string* | `"api"` | | +| [readinessProbe.httpGet.scheme](./values.yaml#L763) | *string* | `"HTTP"` | | +| [readinessProbe.initialDelaySeconds](./values.yaml#L764) | *int* | `0` | | +| [readinessProbe.periodSeconds](./values.yaml#L765) | *int* | `5` | | +| [readinessProbe.successThreshold](./values.yaml#L767) | *int* | `1` | | +| [readinessProbe.timeoutSeconds](./values.yaml#L766) | *int* | `1` | | +| [redis](./values.yaml#L852) | *object* | `{"architecture":"standalone","auth":{"enabled":true,"password":"","sentinel":false},"enabled":false}` | [External Redis chart](https://github.com/bitnami/charts/tree/main/bitnami/redis) | +| [replicaCount](./values.yaml#L726) | *int* | `1` | | +| [resources](./values.yaml#L724) | *object* | `{}` | | +| [schedulerName](./values.yaml#L808) | *string* | `""` | | +| [securityContext](./values.yaml#L635) | *object* | `{}` | | +| [service.port](./values.yaml#L623) | *int* | `5000` | | +| [service.type](./values.yaml#L622) | *string* | `"ClusterIP"` | | +| [serviceAccount.annotations](./values.yaml#L627) | *object* | `{}` | | +| [serviceAccount.create](./values.yaml#L626) | *bool* | `true` | | +| [serviceAccount.name](./values.yaml#L628) | *string* | `""` | | +| [sidecars](./values.yaml#L736) | *list* | `[]` | | +| [startupProbe.failureThreshold](./values.yaml#L748) | *int* | `5` | | +| [startupProbe.httpGet.path](./values.yaml#L741) | *string* | `"/healthcheck"` | | +| [startupProbe.httpGet.port](./values.yaml#L742) | *string* | `"api"` | | +| [startupProbe.httpGet.scheme](./values.yaml#L743) | *string* | `"HTTP"` | | +| [startupProbe.initialDelaySeconds](./values.yaml#L744) | *int* | `5` | | +| [startupProbe.periodSeconds](./values.yaml#L745) | *int* | `5` | | +| [startupProbe.successThreshold](./values.yaml#L747) | *int* | `1` | | +| [startupProbe.timeoutSeconds](./values.yaml#L746) | *int* | `1` | | +| [terminationGracePeriodSeconds](./values.yaml#L810) | *string* | `""` | | +| [tolerations](./values.yaml#L802) | *list* | `[]` | | +| [topologySpreadConstraints](./values.yaml#L804) | *list* | `[]` | | +| [updateStrategy.rollingUpdate](./values.yaml#L730) | *object* | `{}` | | +| [updateStrategy.type](./values.yaml#L729) | *string* | `"RollingUpdate"` | | + ## Contribution The chart is validated using [ct](https://github.com/helm/chart-testing/tree/main) [lint](https://github.com/helm/chart-testing/blob/main/doc/ct_lint.md): @@ -55,3 +333,5 @@ PSPDFKit offers support via https://pspdfkit.com/support/request/ Are you [evaluating our SDK](https://pspdfkit.com/try/)? That's great, we're happy to help out! To make sure this is fast, please use a work email and have someone from your company fill out our sales form: https://pspdfkit.com/sales/ +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/charts/document-engine/README.md.gotmpl b/charts/document-engine/README.md.gotmpl new file mode 100644 index 0000000..6a0d419 --- /dev/null +++ b/charts/document-engine/README.md.gotmpl @@ -0,0 +1,126 @@ +# Document Engine Helm chart + +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +## Using this chart + +### Adding the repository + +```shell +helm repo add pspdfkit https://pspdfkit.github.io/helm-charts +helm repo update +``` + +### Installing Document Engine + +```shell +helm upgrade --install -n document-engine \ + document-engine pspdfkit/document-engine \ + -f ./document-engine-values.yaml +``` + +### Dependencies + +The chart depends upon [Bitnami](https://github.com/bitnami/charts/tree/main/bitnami) charts for PostgreSQL, [MinIO](https://min.io/) and [Redis](https://redis.io/). They are disabled by default, but can be enabled for convenience. Please consider [tests](/charts/document-engine/ci) as examples. + +{{ template "chart.requirementsTable" . }} + +### Upgrade + +> [!NOTE] +> Please consult the [changelog](/charts/document-engine/CHANGELOG.md) + +## Values + +{{- define "chart.valueDefaultColumnRender" -}} +{{- $defaultValue := (default .Default .AutoDefault) -}} +{{- $notationType := .NotationType }} +{{- if .Default -}} +{{- $defaultValue = (trimAll "`" (default .Default .AutoDefault) ) -}} +{{- $notationType = "json" -}} +{{- end -}} +{{- if eq $notationType "none" -}} +{{- else if eq $notationType "reference" -}} +[...](./values.yaml#L{{ .LineNumber }}) +{{- else if eq $notationType "plain" -}} +{{- $defaultValue }} +{{- else if eq $notationType "tpl" -}} +`{{ $defaultValue }}` +{{- else -}} +`{{ $defaultValue }}` +{{- end -}} +{{- end -}} + +{{ define "chart.valuesTable" }} +{{- if .Sections.Sections }} +{{- $sectionNames := list -}} +{{- range .Sections.Sections }} +{{- $sectionNames = append $sectionNames .SectionName }} +{{- end }} +{{- $sections := list -}} +{{- range ($sectionNames | sortAlpha) }} +{{- $currentSectionName := . -}} +{{- range $.Sections.Sections }} +{{- if eq .SectionName $currentSectionName }} +{{- $sections = append $sections . }} +{{- end }} +{{- end }} +{{- end }} +{{- range $sections }} + +### [{{ regexReplaceAll "^\\d+\\.\\s+" .SectionName "" }}](./values.yaml#L{{ (first .SectionItems).LineNumber }}) + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .SectionItems }} +| [{{ .Key }}](./values.yaml#L{{ .LineNumber }}) | *{{ .Type }}* | {{ template "chart.valueDefaultColumnRender" . }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | +{{- end }} +{{- end }} +{{ if .Sections.DefaultSection.SectionItems}} + +### {{ .Sections.DefaultSection.SectionName }} + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Sections.DefaultSection.SectionItems }} +| [{{ .Key }}](./values.yaml#L{{ .LineNumber }}) | *{{ .Type }}* | {{ template "chart.valueDefaultColumnRender" . }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | +{{- end }} +{{ end }} +{{ else }} +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} +| [{{ .Key }}](./values.yaml#L{{ .LineNumber }}) | *{{ .Type }}* | {{ template "chart.valueDefaultColumnRender" . }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | +{{- end }} +{{ end }} +{{ end }} + +{{ template "chart.valuesTable" . }} + +## Contribution + +The chart is validated using [ct](https://github.com/helm/chart-testing/tree/main) [lint](https://github.com/helm/chart-testing/blob/main/doc/ct_lint.md): + +```shell +ct lint --target-branch "$(git rev-parse --abbrev-ref HEAD)" +``` + +## License + +This software is licensed under a [modified BSD license](LICENSE). + +## Support, Issues and License Questions + +PSPDFKit offers support via https://pspdfkit.com/support/request/ + +Are you [evaluating our SDK](https://pspdfkit.com/try/)? That's great, we're happy to help out! To make sure this is fast, please use a work email and have someone from your company fill out our sales form: https://pspdfkit.com/sales/ + +{{ template "helm-docs.versionFooter" . }} diff --git a/charts/document-engine/ci/03-with-db-s3-redis-values.yaml b/charts/document-engine/ci/03-with-db-s3-redis-values.yaml index eabf674..ad982da 100644 --- a/charts/document-engine/ci/03-with-db-s3-redis-values.yaml +++ b/charts/document-engine/ci/03-with-db-s3-redis-values.yaml @@ -31,7 +31,7 @@ assetStorage: username: "" password: "" ttlSeconds: 3600 - useTtlForPrerendering: true + useTtl: true sentinel: enabled: false urls: diff --git a/charts/document-engine/templates/configmap.yaml b/charts/document-engine/templates/configmap.yaml index ed90e67..5c933a0 100644 --- a/charts/document-engine/templates/configmap.yaml +++ b/charts/document-engine/templates/configmap.yaml @@ -113,7 +113,7 @@ data: {{- if .redis.enabled }} USE_REDIS_CACHE: "true" {{- with .redis }} - USE_REDIS_TTL_FOR_PRERENDERING: {{ .useTtlForPrerendering | quote }} + USE_REDIS_TTL_FOR_PRERENDERING: {{ .useTtl | quote }} REDIS_TTL: {{ .ttlSeconds | int | quote }} {{- if .sentinel.enabled }} REDIS_SENTINELS: {{ .sentinel.urls | join ";" | quote }} @@ -142,9 +142,9 @@ data: DEFAULT_SIGNER_NAME: {{ default "none" .defaultSignerName | quote }} DEFAULT_SIGNATURE_REASON: {{ default "none" .defaultSignatureReason | quote }} DEFAULT_SIGNATURE_LOCATION: {{ default "none" .defaultSignatureLocation | quote }} - DIGITAL_SIGNATURE_HASH_ALGORITHM: {{ .digitalSignatureHashAlgorithm | quote }} - DIGITAL_SIGNATURE_CADES_LEVEL: {{ .digitalSignatureCadesLevel | quote }} - DIGITAL_SIGNATURE_CERTIFICATE_CHECK_TIME: {{ default "current_time" .digitalSignatureCertificateCheckTime | quote }} + DIGITAL_SIGNATURE_HASH_ALGORITHM: {{ .hashAlgorithm | quote }} + DIGITAL_SIGNATURE_CADES_LEVEL: {{ .cadesLevel | quote }} + DIGITAL_SIGNATURE_CERTIFICATE_CHECK_TIME: {{ default "current_time" .certificateCheckTime | quote }} TIMESTAMP_AUTHORITY_URL: {{ .timestampAuthority.url | quote }} TIMESTAMP_AUTHORITY_USERNAME: {{ .timestampAuthority.username | quote }} TIMESTAMP_AUTHORITY_PASSWORD: {{ .timestampAuthority.password | quote }} diff --git a/charts/document-engine/values.yaml b/charts/document-engine/values.yaml index 8c568b8..04ef89d 100644 --- a/charts/document-engine/values.yaml +++ b/charts/document-engine/values.yaml @@ -1,115 +1,172 @@ -# -# Some of the values may be accepting templates (marked with `(tpl)`) -# - +# -- (object) Image settings +# @notationType -- none image: repository: pspdfkit/document-engine pullPolicy: IfNotPresent # Defaults to the Chart appVersion tag: "" +# -- Pull secrets imagePullSecrets: [] nameOverride: "" fullnameOverride: "" -# -# https://pspdfkit.com/guides/document-engine/configuration/overview/ -# https://pspdfkit.com/guides/document-engine/deployment/product-activation/ -# +# -- (object) License information, see more in +# [our guide](https://pspdfkit.com/guides/document-engine/deployment/product-activation/) +# @section -- 0. Document Engine License +# @notationType -- none documentEngineLicense: - # Activation key for online activation (most common) or + # -- Activation key for online activation (most common) or # license key for offline activation. # Results in `ACTIVATION_KEY` environment variable. + # @section -- 0. Document Engine License activationKey: "" - # Query existing secret for the activation key + # -- (object) Query existing secret for the activation key + # @section -- 0. Document Engine License + # @default -- none + # @notationType -- reference externalSecret: - # External secret name for license + # -- External secret name for license + # @section -- 0. Document Engine License + # @ignored name: "" - # The key in the secret used to retrieve the activation key + # -- The key in the secret used to retrieve the activation key + # @section -- 0. Document Engine License + # @ignored key: DOCUMENT_ENGINE_ACTIVATION_KEY -# Document Enging API authentication +# -- (object) Document Enging API authentication +# @section -- 1. API authentication +# @notationType -- none apiAuth: - # `API_AUTH_TOKEN` should be long enough + # -- `API_AUTH_TOKEN`, a universal secret with full access to the API, + # should be long enough + # @section -- 1. API authentication apiToken: secret - # JSON Web Token (JWT) settings + # -- (object) JSON Web Token (JWT) settings + # @section -- 1. API authentication + # @notationType -- reference jwt: - # Enable JWT + # -- Enable JWT + # @section -- 1. API authentication enabled: false - # `JWT_PUBLIC_KEY` + # -- `JWT_PUBLIC_KEY` + # @section -- 1. API authentication publicKey: none - # `JWT_ALGORITHM` - # Supported algorithms: RS256, RS512, ES256, ES512. + # -- `JWT_ALGORITHM` + # Supported algorithms: `RS256`, `RS512`, `ES256`, `ES512`. # See RFC 7518 for details about specific algorithms. + # @section -- 1. API authentication algorithm: RS256 - # A string used as the base key for deriving secret keys for the purposes of authentication. + # -- A string used as the base key for deriving secret keys for the purposes of authentication. # Choose a sufficiently long random string for this option. # To generate a random string, use: `openssl rand -hex 256`. # This will set `SECRET_KEY_BASE` environment variable. + # @section -- 1. API authentication secretKeyBase: "" - # Use an external secret for API credentials + # -- (object) Use an external secret for API credentials + # @section -- 1. API authentication + # @default -- none + # @notationType -- reference externalSecret: - # External secret name + # -- External secret name + # @section -- 1. API authentication + # @ignored name: "" - # Key names + # -- If external secret is enabled, but `apiTokenKey` is not set, + # the token will be retrieved from the `apiAuth.apiToken` value + # @section -- 1. API authentication + # @ignored apiTokenKey: API_AUTH_TOKEN - # If external secret is enabled, but `jwtAlgorithmKey` is not set, + # -- If external secret is enabled, but `jwtAlgorithmKey` is not set, # the algorithm will be retrieved from the `apiAuth.jwt.algorithm` value + # @section -- 1. API authentication + # @ignored jwtAlgorithmKey: JWT_ALGORITHM - # If external secret is enabled, but `jwtPublicKeyKey` is not set, + # -- If external secret is enabled, but `jwtPublicKeyKey` is not set, # the public key will be retrieved from the `apiAuth.jwt.publicKey` value + # @section -- 1. API authentication + # @ignored jwtPublicKeyKey: JWT_PUBLIC_KEY - # If external secret is enabled, but `secretKeyBaseKey` is not set, + # -- If external secret is enabled, but `secretKeyBaseKey` is not set, # the secret key base will be retrieved from the `apiAuth.secretKeyBase` value # or generated automatically + # @section -- 1. API authentication + # @ignored secretKeyBaseKey: SECRET_KEY_BASE +# -- (object) General configuration, [see more](https://pspdfkit.com/guides/document-engine/configuration/overview/) +# @section -- 3. Configuration options +# @notationType -- none config: - # `PSPDFKIT_WORKER_POOL_SIZE` + # -- `PSPDFKIT_WORKER_POOL_SIZE` + # @section -- 3. Configuration options workerPoolSize: 16 - # Full request timeout in seconds (`SERVER_REQUEST_TIMEOUT`) + # -- Full request timeout in seconds (`SERVER_REQUEST_TIMEOUT`) + # @section -- 3. Configuration options requestTimeoutSeconds: 60 - # Document processing timeout in seconds (`PSPDFKIT_WORKER_TIMEOUT`) + # -- Document processing timeout in seconds (`PSPDFKIT_WORKER_TIMEOUT`) + # @section -- 3. Configuration options workerTimeoutSeconds: 60 - # `PDF_GENERATION_TIMEOUT` in seconds + # -- `PDF_GENERATION_TIMEOUT` in seconds + # @section -- 3. Configuration options generationTimeoutSeconds: 20 - # `REMOTE_URL_FETCH_TIMEOUT` in seconds + # -- `REMOTE_URL_FETCH_TIMEOUT` in seconds + # @section -- 3. Configuration options urlFetchTimeoutSeconds: 5 - # `READ_ANNOTATION_BATCH_TIMEOUT` in seconds + # -- `READ_ANNOTATION_BATCH_TIMEOUT` in seconds + # @section -- 3. Configuration options readAnnotationBatchTimeoutSeconds: 20 - # `MAX_UPLOAD_SIZE_BYTES` in megabytes + # -- `MAX_UPLOAD_SIZE_BYTES` in megabytes + # @section -- 3. Configuration options maxUploadSizeMegaBytes: 950 - # `ASYNC_JOBS_TTL` + # -- `ASYNC_JOBS_TTL` + # @section -- 3. Configuration options asyncJobsTtlSeconds: 172800 - # `ALLOW_DOCUMENT_UPLOADS` + # -- `ALLOW_DOCUMENT_UPLOADS` + # @section -- 3. Configuration options allowDocumentUploads: true - # `ALLOW_REMOTE_DOCUMENTS` + # -- `ALLOW_REMOTE_DOCUMENTS` + # @section -- 3. Configuration options allowRemoteDocuments: true - # `ALLOW_DOCUMENT_GENERATION` + # -- `ALLOW_DOCUMENT_GENERATION` + # @section -- 3. Configuration options allowDocumentGeneration: true - # `ALLOW_REMOTE_ASSETS_IN_GENERATION` + # -- `ALLOW_REMOTE_ASSETS_IN_GENERATION` + # @section -- 3. Configuration options allowRemoteAssetsInGeneration: true - # `IGNORE_INVALID_ANNOTATIONS` + # -- `IGNORE_INVALID_ANNOTATIONS` + # @section -- 3. Configuration options ignoreInvalidAnnotations: true - # `AUTOMATIC_LINK_EXTRACTION` + # -- `AUTOMATIC_LINK_EXTRACTION` + # @section -- 3. Configuration options automaticLinkExtraction: false - # `MIN_SEARCH_QUERY_LENGTH` + # -- `MIN_SEARCH_QUERY_LENGTH` + # @section -- 3. Configuration options minSearchQueryLength: 3 - # `TRUSTED_PROXIES` + # -- `TRUSTED_PROXIES` + # @section -- 3. Configuration options trustedProxies: default - # Proxy settings, `HTTP_PROXY` amd `HTTPS_PROXY` + # -- Proxy settings, `HTTP_PROXY` amd `HTTPS_PROXY` + # @section -- 3. Configuration options proxy: http: "" https: "" - # `PORT` for the Document Engine API + # -- `PORT` for the Document Engine API + # @section -- 3. Configuration options port: 5000 - # `REPLACE_SECRETS_FROM_ENV` — whether to consider + # -- `REPLACE_SECRETS_FROM_ENV` — whether to consider # environment variables, values and secrets for # `JWT_PUBLIC_KEY`, `SECRET_KEY_BASE` and `DASHBOARD_PASSWORD` + # @section -- 3. Configuration options replaceSecretsFromEnv: true +# -- (object) [Certificate trust](https://pspdfkit.com/guides/document-engine/configuration/certificate-trust/) +# @section -- 4. Certificate trust +# @notationType -- none certificateTrust: - # CAs for digital signatures (`/certificate-stores/`) - # from ConfigMap and Secret resources + # -- CAs for digital signatures (`/certificate-stores/`) + # from ConfigMap and Secret resources. + # @section -- 4. Certificate trust digitalSignatures: [] ## To yield `/certificate-stores/private-ca-certificates.pem`: # - name: private-ca @@ -117,7 +174,8 @@ certificateTrust: # configMap: # name: private-ca # key: private-ca-certificates.pem - # ConfigMap and Secret references for trust configuration, stored in `/certificate-stores-custom` + # -- ConfigMap and Secret references for trust configuration, stored in `/certificate-stores-custom` + # @section -- 4. Certificate trust customCertificates: [] ## To yield `/certificate-stores-custom/my-certificates.pem`: # - name: my @@ -125,259 +183,403 @@ certificateTrust: # secret: # name: my-config-map # key: some-certificates.pem - # Override `DOWNLOADER_CERT_FILE_PATH` to set HTTP client trust. - # If empty, defaults to Mozilla's CA bundle, which is provided - # as `/certificate-stores-downloader/root-certificates.pem` + # -- Override `DOWNLOADER_CERT_FILE_PATH` to set HTTP client trust. + # If empty, defaults to Mozilla's CA bundle. + # @section -- 4. Certificate trust downloaderTrustFileName: "" -# Database +# -- (object) Database +# @section -- 5. Database +# @notationType -- none database: - # Persistent storage enabled + # -- Persistent storage enabled + # @section -- 5. Database enabled: true - # Database engine: only `postgres` is currently supported + # -- Database engine: only `postgres` is currently supported + # @section -- 5. Database engine: postgres - # `DATABASE_CONNECTIONS` + # -- `DATABASE_CONNECTIONS` + # @section -- 5. Database connections: 20 - # PostgreSQL database settings + # -- (object) PostgreSQL database settings + # @section -- 5. Database + # @default -- none + # @notationType -- reference postgres: - # `PGHOST` + # -- `PGHOST` + # @section -- 5. Database host: postgresql - # `PGPORT` + # -- `PGPORT` + # @section -- 5. Database port: 5432 - # `PGDATABASE` + # -- `PGDATABASE` + # @section -- 5. Database database: document-engine - # `PGUSER` + # -- `PGUSER` + # @section -- 5. Database username: de-user - # `PGPASSWORD` + # -- `PGPASSWORD` + # @section -- 5. Database password: despair - # `PG_ADMIN_USER` + # -- `PG_ADMIN_USER` + # @section -- 5. Database adminUsername: postgres - # `PG_ADMIN_PASSWORD` + # -- `PG_ADMIN_PASSWORD` + # @section -- 5. Database adminPassword: despair - # ...or use external secrets: + # -- Use external secret for database credentials. # `PGUSER` and `PGPASSWORD` must be provided # and, if not defined: `PGDATABASE`, `PGHOST`, `PGPORT`, `PGSSL` + # @section -- 5. Database externalSecretName: "" - # `PG_ADMIN_USER` and `PG_ADMIN_PASSWORD` — for migrations + # -- External secret for administrative database credentials, + # used for migrations: `PG_ADMIN_USER` and `PG_ADMIN_PASSWORD` + # @section -- 5. Database externalAdminSecretName: "" - # TLS settings + # -- (object) TLS settings + # @section -- 5. Database + # @default -- none + # @notationType -- reference tls: - # `PGSSL` + # -- Enable TLS (`PGSSL`) + # @section -- 5. Database enabled: false - # Negated `PGSSL_DISABLE_VERIFY` + # -- Negated `PGSSL_DISABLE_VERIFY` + # @section -- 5. Database verify: true - # Negated `PGSSL_DISABLE_HOSTNAME_VERIFY` + # -- Negated `PGSSL_DISABLE_HOSTNAME_VERIFY` + # @section -- 5. Database hostVerify: true - # Common name for the certificate (`PGSSL_CERT_COMMON_NAME`), + # -- Common name for the certificate (`PGSSL_CERT_COMMON_NAME`), # defaults to `PGHOST` value + # @section -- 5. Database commonName: "" - # Trust bundle for PostgreSQL, sets `PGSSL_CA_CERTS`, + # -- Trust bundle for PostgreSQL, sets `PGSSL_CA_CERTS`, # mutually exclusive with `trustFileName` and takes precedence + # @section -- 5. Database trustBundle: "" - # Path from `certificateTrust.customCertificates`, wraps around `PGSSL_CA_CERT_PATH` + # -- Path from `certificateTrust.customCertificates`, wraps around `PGSSL_CA_CERT_PATH` + # @section -- 5. Database trustFileName: "" - # Database migration jobs. + # -- (object) Database migration jobs. + # @section -- 5. Database + # @notationType -- reference migrationJob: - # It `true`, results in `ENABLE_DATABASE_MIGRATIONS=false` in the main Document Engine container + # -- It `true`, results in `ENABLE_DATABASE_MIGRATIONS=false` in the main Document Engine container + # @section -- 5. Database enabled: false + # @ignored ttlSecondsAfterFinished: 300 + # @ignored resources: {} + # @ignored podAnnotations: {} + # @ignored podLabels: {} -# Document lifecycle management +# -- (object) Document lifecycle management +# @section -- 6. Lifecycle +# @notationType -- none documentLifecycle: - # Regular job to remove documents from the database. + # -- (object) Regular job to remove documents from the database. # Note: currently only works with the `built-in` storage backend. + # @section -- 6. Lifecycle + # @notationType -- reference cleanupJob: + # -- Enable the cleanup job + # @section -- 6. Lifecycle enabled: false + # -- Cleanup job schedule in cron format + # @section -- 6. Lifecycle schedule: "13 * * * *" + # -- Documents TTL in hours + # @section -- 6. Lifecycle keepHours: 24 - # Keep documents with IDs beginning with `persistent` indefinitely + # -- Keep documents with IDs beginning with `persistent` indefinitely + # @section -- 6. Lifecycle persistentLike: "persistent%" + # @ignored resources: {} + # @ignored podAnnotations: {} + # @ignored podLabels: {} -# Everything about storing and caching assets +# -- (object) Everything about storing and caching assets +# @section -- 7. Asset storage +# @notationType -- none assetStorage: - # Sets local asset storage value in megabytes + # -- Sets local asset storage value in megabytes # Results in `ASSET_STORAGE_CACHE_SIZE` (in bytes) + # @section -- 7. Asset storage localCacheSizeMegabytes: 2000 - # Asset storage backend is only available if `database.enabled` is `true` + # -- Asset storage backend is only available if `database.enabled` is `true` # Sets `ASSET_STORAGE_BACKEND`: `built-in`, `s3` or `azure` + # @section -- 7. Asset storage backendType: built-in - # Asset storage fallback settings + # -- (object) Asset storage fallback settings + # @section -- 7. Asset storage + # @notationType -- reference backendFallback: - # `ENABLE_ASSET_STORAGE_FALLBACK` + # -- `ENABLE_ASSET_STORAGE_FALLBACK` + # @section -- 7. Asset storage enabled: false - # `ENABLE_ASSET_STORAGE_FALLBACK_POSTGRES` + # -- `ENABLE_ASSET_STORAGE_FALLBACK_POSTGRES` + # @section -- 7. Asset storage enabledPostgres: false - # `ENABLE_ASSET_STORAGE_FALLBACK_S3` + # -- `ENABLE_ASSET_STORAGE_FALLBACK_S3` + # @section -- 7. Asset storage enabledS3: false - # `ENABLE_ASSET_STORAGE_FALLBACK_AZURE` + # -- `ENABLE_ASSET_STORAGE_FALLBACK_AZURE` + # @section -- 7. Asset storage enabledAzure: false - # S3 backend storage settings, in case `assetStorage.backendType` is set to `s3 + # -- (object) S3 backend storage settings, in case `assetStorage.backendType` is set to `s3 + # @section -- 7. Asset storage + # @notationType -- reference s3: - # `ASSET_STORAGE_S3_ACCESS_KEY_ID` + # -- `ASSET_STORAGE_S3_ACCESS_KEY_ID` + # @section -- 7. Asset storage + # @ignored accessKeyId: "" - # `ASSET_STORAGE_S3_SECRET_ACCESS_KEY` + # --`ASSET_STORAGE_S3_SECRET_ACCESS_KEY` + # @section -- 7. Asset storage + # @ignored secretAccessKey: "" - # `ASSET_STORAGE_S3_BUCKET` + # --`ASSET_STORAGE_S3_BUCKET` + # @section -- 7. Asset storage bucket: "document-engine-assets" - # `ASSET_STORAGE_S3_REGION` + # --`ASSET_STORAGE_S3_REGION` + # @section -- 7. Asset storage region: "us-east-1" - # `ASSET_STORAGE_S3_HOST` - # host: "os.local" - # `ASSET_STORAGE_S3_PORT` + # --`ASSET_STORAGE_S3_HOST` + # @section -- 7. Asset storage + # @ignored + host: "" + # -- `ASSET_STORAGE_S3_PORT` + # @section -- 7. Asset storage + # @ignored port: 443 - # `ASSET_STORAGE_S3_SCHEME` + # -- `ASSET_STORAGE_S3_SCHEME` + # @section -- 7. Asset storage + # @ignored scheme: "https://" - # External secret name. Must contain + # -- External secret name. Must contain # `ASSET_STORAGE_S3_ACCESS_KEY_ID` and `ASSET_STORAGE_S3_SECRET_ACCESS_KEY` # if they are needed, and _may_ set other values + # @section -- 7. Asset storage + # @ignored externalSecretName: "" - # Azure blob storage settings, in case `assetStorage.backendType` is set to `azure` + # -- (object) Azure blob storage settings, in case `assetStorage.backendType` is set to `azure` + # @section -- 7. Asset storage + # @notationType -- reference azure: - # `AZURE_STORAGE_ACCOUNT_NAME` + # -- `AZURE_STORAGE_ACCOUNT_NAME` + # @section -- 7. Asset storage + # @ignored accountName: "" - # `AZURE_STORAGE_ACCOUNT_KEY` + # -- `AZURE_STORAGE_ACCOUNT_KEY` + # @section -- 7. Asset storage + # @ignored accountKey: "" - # `AZURE_STORAGE_DEFAULT_CONTAINER` + # -- `AZURE_STORAGE_DEFAULT_CONTAINER` + # @section -- 7. Asset storage container: "" - # `AZURE_STORAGE_ACCOUNT_CONNECTION_STRING`, takes priority over `accountName` and `accountKey` + # -- `AZURE_STORAGE_ACCOUNT_CONNECTION_STRING`, takes priority over `accountName` and `accountKey` + # @section -- 7. Asset storage + # @ignored connectionString: "" - # `AZURE_STORAGE_API_URL` for custom endpoints + # -- `AZURE_STORAGE_API_URL` for custom endpoints + # @section -- 7. Asset storage + # @ignored apiUrl: "" - # External secret name. Must contain + # -- External secret name. Must contain # `AZURE_STORAGE_ACCOUNT_NAME` and `AZURE_STORAGE_ACCOUNT_KEY` # if they are needed, and _may_ set other values + # @section -- 7. Asset storage + # @ignored externalSecretName: "" - # Redis settings for caching and prerendering + # -- (object) Redis settings for caching and prerendering + # @section -- 7. Asset storage + # @notationType -- reference redis: - # `USE_REDIS_CACHE` + # -- `USE_REDIS_CACHE` + # @section -- 7. Asset storage enabled: false - # `REDIS_TTL` + # -- `REDIS_TTL` + # @section -- 7. Asset storage ttlSeconds: 86400000 - # `USE_REDIS_TTL_FOR_PRERENDERING` - useTtlForPrerendering: true - # `REDIS_HOST` + # -- `USE_REDIS_TTL_FOR_PRERENDERING` + # @section -- 7. Asset storage + useTtl: true + # -- `REDIS_HOST` + # @section -- 7. Asset storage host: redis - # `REDIS_PORT` + # -- `REDIS_PORT` + # @section -- 7. Asset storage port: 6379 - # `REDIS_DATABASE` + # -- `REDIS_DATABASE` + # @section -- 7. Asset storage database: "" - # Sentinels + # -- (object) Redis Sentinel + # @section -- 7. Asset storage + # @default -- none + # @notationType -- reference sentinel: + # -- Enable Redis Sentinel + # @section -- 7. Asset storage + # @ignored enabled: false - # `REDIS_SENTINELS` + # -- `REDIS_SENTINELS` + # @section -- 7. Asset storage + # @ignored urls: [] # - "redis://sentinel1:26379" # - "redis://sentinel2:26379" # - "redis://sentinel3:26379" # `REDIS_SENTINELS_GROUP` + # @section -- 7. Asset storage + # @ignored group: none - # `REDIS_USERNAME` + # -- `REDIS_USERNAME` + # @section -- 7. Asset storage username: "" - # `REDIS_PASSWORD` + # -- `REDIS_PASSWORD` + # @section -- 7. Asset storage password: "" - # `REDIS_SSL` + # -- (object) TLS settings + # @section -- 7. Asset storage + # @notationType -- none tls: + # -- Enable TLS (`REDIS_SSL`) + # @section -- 7. Asset storage enabled: false - # External secret name. Must contain `REDIS_USERNAME` and `REDIS_PASSWORD` + # -- External secret name. Must contain `REDIS_USERNAME` and `REDIS_PASSWORD` # if they are needed, and _may_ set other values + # @section -- 7. Asset storage externalSecretName: "" -# Signing service parameters +# -- (object) Signing service parameters +# @section -- 8. Digital signatures +# @notationType -- none documentSigningService: - # Enable signing service integration + # -- Enable signing service integration + # @section -- 8. Digital signatures enabled: false - # `SIGNING_SERVICE_URL` + # -- `SIGNING_SERVICE_URL` + # @section -- 8. Digital signatures url: https://signing-thing.local/sign - # `SIGNING_SERVICE_TIMEOUT` in seconds + # -- `SIGNING_SERVICE_TIMEOUT` in seconds + # @section -- 8. Digital signatures timeoutSeconds: 10 - # `DEFAULT_SIGNER_NAME` + # -- `DEFAULT_SIGNER_NAME` + # @section -- 8. Digital signatures defaultSignerName: "John Doe" - # `DEFAULT_SIGNATURE_REASON` + # @section -- 8. Digital signatures + # -- `DEFAULT_SIGNATURE_REASON` + # @section -- 8. Digital signatures defaultSignatureReason: "approved" - # `DEFAULT_SIGNATURE_LOCATION` + # @section -- 8. Digital signatures + # -- `DEFAULT_SIGNATURE_LOCATION` + # @section -- 8. Digital signatures defaultSignatureLocation: "Head Quarters" - # `DIGITAL_SIGNATURE_HASH_ALGORITHM` - digitalSignatureHashAlgorithm: sha512 - # `DIGITAL_SIGNATURE_CADES_LEVEL` - digitalSignatureCadesLevel: "b-lt" - # `DIGITAL_SIGNATURE_CERTIFICATE_CHECK_TIME` - digitalSignatureCertificateCheckTime: current_time - # Timestamp Authority (TSA) settings + # -- `DIGITAL_SIGNATURE_HASH_ALGORITHM` + # @section -- 8. Digital signatures + hashAlgorithm: sha512 + # -- `DIGITAL_SIGNATURE_CADES_LEVEL` + # @section -- 8. Digital signatures + cadesLevel: "b-lt" + # -- `DIGITAL_SIGNATURE_CERTIFICATE_CHECK_TIME` + # @section -- 8. Digital signatures + certificateCheckTime: current_time + # -- (object) Timestamp Authority (TSA) settings + # @section -- 8. Digital signatures + # @notationType -- reference timestampAuthority: - # `TIMESTAMP_AUTHORITY_URL` + # -- `TIMESTAMP_AUTHORITY_URL` + # @section -- 8. Digital signatures url: https://freetsa.org/ - # `TIMESTAMP_AUTHORITY_USERNAME` + # -- `TIMESTAMP_AUTHORITY_USERNAME` + # @section -- 8. Digital signatures + # @ignored username: "" - # `TIMESTAMP_AUTHORITY_PASSWORD` + # -- `TIMESTAMP_AUTHORITY_PASSWORD` + # @section -- 8. Digital signatures + # @ignored password: "" -# Document Engine Dashboard settings +# -- Document Engine Dashboard settings dashboard: - # Enable dashboard + # -- Enable dashboard enabled: true - # Dashboard authentication + # -- Dashboard authentication auth: - # `DASHBOARD_USERNAME` + # -- `DASHBOARD_USERNAME` username: admin - # `DASHBOARD_PASSWORD` — will generate a random password if not set + # -- `DASHBOARD_PASSWORD` — will generate a random password if not set password: "" - # Use an external secret for dashboard credentials - # instead of the values from `pspdfkit.auth.dashboard.*` + # -- Use an external secret for dashboard credentials + # -- instead of the values from `pspdfkit.auth.dashboard.*` externalSecret: - # External secret name + # -- External secret name name: "" - # Key names + # -- Key names usernameKey: DASHBOARD_USERNAME passwordKey: DASHBOARD_PASSWORD -# Observability settings +# -- Observability settings observability: - # Logs + # -- Logs log: - # `LOG_LEVEL` + # -- `LOG_LEVEL` level: info - # `HEALTHCHECK_LOGLEVEL` — log level for health checks + # -- `HEALTHCHECK_LOGLEVEL` — log level for health checks healthcheckLevel: debug - # OpenTelemetry + # -- OpenTelemetry opentelemetry: - # Enable OpenTelemetry (`ENABLE_OPENTELEMETRY`), only tracing is currently supported + # -- Enable OpenTelemetry (`ENABLE_OPENTELEMETRY`), only tracing is currently supported enabled: false - # https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ + # -- https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ # `OTEL_EXPORTER_OTLP_ENDPOINT`, if not set, defaults to `http://localhost:4317` otlpExporterEndpoint: "" - # `OTEL_EXPORTER_OTLP_PROTOCOL`, if not set, defaults to `grpc` + # -- `OTEL_EXPORTER_OTLP_PROTOCOL`, if not set, defaults to `grpc` otlpExporterProtocol: "" - # `OTEL_SERVICE_NAME`, service name + # -- `OTEL_SERVICE_NAME`, service name otelServiceName: "" - # `OTEL_RESOURCE_ATTRIBUTES`, resource attributes + # -- `OTEL_RESOURCE_ATTRIBUTES`, resource attributes otelResourceAttributes: "" - # `OTEL_PROPAGATORS`, propagators + # -- `OTEL_PROPAGATORS`, propagators otelPropagators: "" - # `OTEL_TRACES_SAMPLER`, should normally not be touched + # -- `OTEL_TRACES_SAMPLER`, should normally not be touched # to allow custom `parent_based` work, # but something like `parentbased_traceidratio` may be considered otelTracesSampler: "" - # `OTEL_TRACES_SAMPLER_ARG`, argument for the sampler + # -- `OTEL_TRACES_SAMPLER_ARG`, argument for the sampler otelTracesSamplerArg: "" - # Metrics configuration + # -- Metrics configuration metrics: + # -- Enable metrics exporting + # @section -- Observability settings enabled: false - # StatsD parameters + # -- StatsD parameters + # @section -- Observability settings + # @default -- *See below* + # @notationType -- plain statsd: - # Enable StatsD exporting, required for Prometheus exporter + # -- Enable StatsD exporting, required for Prometheus exporter + # @section -- Observability settings enabled: false - # StatsD host, `STATSD_HOST` + # -- StatsD host, `STATSD_HOST` # Set to `localhost` if using the Prometheus exporter + # @section -- Observability settings host: localhost - # StatsD port, `STATSD_PORT` + # -- StatsD port, `STATSD_PORT` + # @section -- Observability settings port: 9125 - # (tpl) StatsD custom tags, `STATSD_CUSTOM_TAGS` + # -- (tpl/string) StatsD custom tags, `STATSD_CUSTOM_TAGS` + # @notationType -- tpl + # @section -- Observability settings + # @default -- *generated* + # @notationType -- plain customTags: "namespace={{ .Release.Namespace }},app={{ include \"document-engine.fullname\" . }}" # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.ServiceMonitor serviceMonitor: @@ -612,10 +814,9 @@ lifecycle: {} # exec: # command: ["/bin/sh", "-c", "sleep 180"] -# -# External PostgreSQL database chart -# See more: https://github.com/bitnami/charts/tree/main/bitnami/postgresql -# +# -- [External PostgreSQL database chart](https://github.com/bitnami/charts/tree/main/bitnami/postgresql) +# @default -- *See below* +# @notationType -- plain postgresql: enabled: false architecture: standalone @@ -635,23 +836,19 @@ postgresql: postgresPassword: despair database: document-engine -# -# External MinIO chart -# See more: https://github.com/bitnami/charts/tree/main/bitnami/minio -# +# -- [External MinIO chart](https://github.com/bitnami/charts/tree/main/bitnami/minio) +# @default -- *See below* +# @notationType -- plain minio: enabled: false mode: standalone auth: - rootUser: documentEngineObjectStorageRootKey - rootPassword: documentEngineObjectStorageRootPassword + rootUser: deObjStorageRootKey + rootPassword: deObjStorageSecret defaultBuckets: "document-engine-assets" disableWebUI: true -# -# External Redis chart -# See more: https://github.com/bitnami/charts/tree/main/bitnami/redis -# +# -- [External Redis chart](https://github.com/bitnami/charts/tree/main/bitnami/redis) redis: enabled: false architecture: standalone