Apicurio 3.1.2 Readme

https://charts.bitnami.com/bitnami

apicurioKeycloakMysql(mysql)

9.10.9

https://codecentric.github.io/helm-charts

apicurioKeycloak(keycloakx)

2.5.1

affinity

object

{}

The pod’s scheduling constraints. See the Kubernetes documentation on Affinity and Anti-affinity.

apicurioKeycloak

object

{"enabled":false,"proxy":{"http":{"enabled":true},"mode":"xforwarded"},"realm":""}

Apicurio Keycloak Instance

apicurioKeycloak.enabled

bool

false

Keycloak Components toggles

apicurioKeycloak.proxy

object

{"http":{"enabled":true},"mode":"xforwarded"}

Keycloak Proxy configuration

apicurioKeycloak.realm

string

""

Apicurio realm name

apicurioKeycloakMysql

object

{"enabled":false}

Apicurio Keycloak MySQL Components toggles

autoscaling.enabled

bool

false

Enables the creation of a HorizontalPodAutoscaler.

autoscaling.maxReplicas

int

10

Upper limit for the number of replicas to which the autoscaler can scale up. Cannot be less that minReplicas.

autoscaling.minReplicas

int

1

Lower limit for the number of replicas to which the autoscaler can scale down.

autoscaling.targetCPUUtilizationPercentage

int

80

Percentage of CPU utilization that the autoscaler will try to meet.

autoscaling.targetMemoryUtilizationPercentage

int

80

Percentage of memory utilization that the autoscaler will try to meet.

config

object

{"registry.auth.admin-override.enabled":"true","registry.auth.anonymous-read-access.enabled":"true","registry.auth.owner-only-authorization":"true","registry.auth.role-based-authorization":"true","registry.ccompat.legacy-id-mode.enabled":"false","registry.ccompat.use-canonical-hash":"true","registry.rules.global.compatibility":"NONE","registry.rules.global.validity":"FULL","registry.ui.config.auth.type":"oidc"}

Configuration passed to the container. Contents get injected to a ConfigMap, which gets mounted as an application.properties file.

debug

object

{"enabled":false}

Debug Configuration passed to the container. Enable 5005 port in the deployment.yaml

env

list

[]

Environment variables to define for the container. See the Kubernetes documentation on Environment Variables.

extraContainers

string

""

Additional sidecar containers, e. g. for a database proxy, such as Google’s cloudsql-proxy

extraInitContainers

string

""

Additional init containers, e. g. for configuring java-security

extraVolumeMounts

string

""

Add additional volumes mounts, e. g. for java-security

extraVolumes

string

""

Add additional volumes, e. g. for java-security

fullnameOverride

string

""

Override the fully qualified app name generated by the chart.

global.clusterDomain

string

"cluster.local"

The domain of the Kubernetes cluster. The vast majority of Kubernetes clusters use the default value.

global.imagePullSecrets

list

[]

Globally override the list of ImagePullSecrets provided.

global.imageRegistry

string

""

Globally override the registry to pull images from.

hostAliases

list

[]

Optional list of hosts and IPs that will be injected into the pod’s hosts file.

image.pullPolicy

string

"Always"

One of Always, IfNotPresent, or Never.

image.registry

string

"registry.axual.io"

Registry to pull the image from.

image.repository

string

"docker.io/apicurio/apicurio-registry-kafkasql"

Name of the image being deployed.

image.tag

string

"2.6.8"

Override the image tag whose default is the chart appVersion.

imagePullSecrets

list

[]

List of ImagePullSecrets to apply to the service account. If the service account is disabled, it will be applied to the pod instead.

ingress.annotations

object

{}

Annotations to add to the Ingress resource.

ingress.className

string

""

The name of the IngressClass cluster resource. The associated IngressClass defines which controller will implement the resource.

ingress.enabled

bool

false

Enable creation of the Ingress resource to expose this service.

ingress.hosts[0].host

string

"chart-example.local"

The fully qualified domain name of a network host.

ingress.hosts[0].paths[0].path

string

"/"

Matched against the path of an incoming request.

ingress.hosts[0].paths[0].pathType

string

"ImplementationSpecific"

Determines the interpretation of the Path matching. Can be one of the following values: Exact, Prefix, ImplementationSpecific.

ingress.tls

list

[]

TLS configuration for this Ingress.

kafka

object

{"bootstrapServers":"","groupPatternOverride":"","schemasTopic":""}

Kafka Configuration passed to the Apicurio Registry

kafka.bootstrapServers

string

""

Kafka bootstrap servers

kafka.groupPatternOverride

string

""

Override group prefix to give access to (typically {tenant}.{instance}.apicurio) If you’d like a custom group prefix, you can specify an override here.

kafka.schemasTopic

string

""

Fully resolved name of topic used to store topics (typically _{tenant}-{instance}-apicurio-schemas) -deployed by kafka init container

kafkaInitContainer.apicurioPrincipal

string

""

The principal common name used to produce and consume from schemas topic (should match the one on REGISTRY_KAFKA_COMMON_SSL_KEYSTORE_LOCATION) If Kafka is configured to validate ACLs over the full principal chain, please provide the principal chain as this example: [0] CN=Root CA, [1] CN=Intermediate CA, [3] CN=schema-registry Otherwise, just provide the common name prefixed with CN:

kafkaInitContainer.distributorPrincipal

Optional

""

Principal common name used to produce and consume from schemas topic by Distributor

kafkaInitContainer.imageRegistry

string

"registry.axual.io"

Registry to pull the image from

kafkaInitContainer.minIsr

string

""

min.isr of topic used to store topics

kafkaInitContainer.replicationFactor

string

""

Replication factor of topic used to store topics

kafkaInitContainer.repository

string

"axual/streaming/strimzi/kafka"

Name of the image being deployed

kafkaInitContainer.resources

object

{}

The resource requirements for this container.

kafkaInitContainer.tag

string

"0.43.0-kafka-3.8.0"

Tag of the image being deployed

kafkaInitContainer.tls.keypairSecretCertName

string

""

Existing Keypair certificate name

kafkaInitContainer.tls.keypairSecretKeyName

string

""

Existing Keypair key name

kafkaInitContainer.tls.keypairSecretName

string

""

Existing Keypair secret name

kafkaInitContainer.tls.truststoreCaSecretCertName

string

""

Existing Truststore certificate name

kafkaInitContainer.tls.truststoreCaSecretName

string

""

Existing Truststore secret name

keystoreProvider.image.registry

string

"registry.axual.io"

Registry to pull the image from.

keystoreProvider.image.repository

string

"axual/keystore-provider"

Name of the image being deployed.

keystoreProvider.image.tag

string

"0.2.6"

keystoreProvider.resources

object

{}

The resource requirements for this container.

livenessProbe.failureThreshold

int

3

Minimum consecutive failures for the probe to be considered failed after having succeeded. A failed livenessProbe will cause the container to be restarted.

livenessProbe.initialDelaySeconds

int

10

Number of seconds after the container has started before liveness probes are initiated.

livenessProbe.periodSeconds

int

10

How often (in seconds) to perform the probe.

livenessProbe.successThreshold

int

1

Minimum consecutive successes for the probe to be considered successful after having failed.

livenessProbe.timeoutSeconds

int

1

Number of seconds after which the probe times out.

logLevel

string

"info"

Log Level configuration passed as REGISTRY_LOG_LEVEL

nameOverride

string

""

Override the app name generated by the chart.

nodeSelector

object

{}

Selector which must match a node’s labels for the pod to be scheduled on that node.

podAnnotations

object

{}

Extra annotations to add to the Pods.

podDisruptionBudget.enabled

bool

true

Enables creation of the PodDisruptionBudget. Ignored if replicaCount is 1.

podDisruptionBudget.maxUnavailable

int

1

An eviction is allowed if at most “maxUnavailable” pods are unavailable after eviction. Mutually exclusive with minAvailable.

podDisruptionBudget.minAvailable

int

nil

An eviction is allowed if at least “minAvailable” pods will still be available after the eviction. Mutually exclusive with maxUnavailable.

podSecurityContext

object

{}

Pod-level security attributes and common container settings.

priorityClass

string

""

Assigns a PriorityClass to the Pod. See Kubernetes documentation on Pod Priority and Preemption.

prometheusRule.defaultRule.labels

object

{"severity":"medium","target":"business"}

Customize the labels to the default prometheusRule

prometheusRule.enabled

bool

true

Enables creation of Prometheus Operator PrometheusRule. Ignored if API monitoring.coreos.com/v1 is not available.

prometheusRule.extraRules

list

[]

A list alerting or recording rules to include on top of the defaults. These fields are templated.

prometheusRule.interval

string

""

Determines how often rules in the group are evaluated.

prometheusRule.labels

object

{}

Additional labels for the PrometheusRule

readinessProbe.failureThreshold

int

3

Minimum consecutive failures for the probe to be considered failed after having succeeded. A failed readinessProbe will cause the container to move to the NotReady state.

readinessProbe.initialDelaySeconds

int

0

Number of seconds after the container has started before readiness probes are initiated.

readinessProbe.periodSeconds

int

10

How often (in seconds) to perform the probe.

readinessProbe.successThreshold

int

1

Minimum consecutive successes for the probe to be considered successful after having failed.

readinessProbe.timeoutSeconds

int

1

Number of seconds after which the probe times out.

replicaCount

int

1

Number of pods to deploy.

resources

object

{"limits":{"memory":"512Mi"},"requests":{"cpu":"30m","memory":"128Mi"}}

The resource requirements for this container.

route.annotations

object

{}

Annotations to add to the Route.

route.enabled

bool

false

Enable creation of an OpenShift Route resource to expose this service.

route.host

string

""

An alias/DNS that points to the service. Optional. If not specified, a route name will typically be automatically chosen.

route.labels

object

{}

Labels to add to the route.

route.path

string

"/"

Path that the router watches for, to route traffic for to the service.

route.subdomain

string

""

Subdomain is a DNS subdomain requested within the ingress controller’s domain (as a subdomain). If host is set this field is ignored.

route.tls.caCertificate

string

""

The Certificate Authority certificate contents.

route.tls.certificate

string

""

Certificate contents. This should be a single serving certificate, not a certificate chain. Do not include a CA certificate.

route.tls.destinationCACertificate

string

""

The CA certificate of the final destination. When using reencrypt termination, this file should be provided in order to have routers use it for health checks on the secure connection.

route.tls.key

string

""

Key file contents.

route.tls.termination

string

"passthrough"

Indicates termination type. One of: edge, passthrough, or reencrypt.

security

object

{"authentication":{"basicAuthEnabled":false,"enabled":false},"keycloak":{"authUrl":"","realm":"","webClientId":"","webRedirectUrl":""}}

The configuration related to authentication and authorization of users to the registry Note: In order for any other authentication feature to work, security.authentication.enabled needs to be enabled

security.keycloak

object

{"authUrl":"","realm":"","webClientId":"","webRedirectUrl":""}

Attributes that are required for Apicurio to access the keycloak instance required only when security.authentication.enabled is true

security.keycloak.authUrl

string

""

Keycloak Authentication URL

security.keycloak.realm

string

""

Keycloak Realm used for Apicurio permissions and users

security.keycloak.webClientId

string

""

Client ID for the Apicurio UI

security.keycloak.webRedirectUrl

string

""

Apicurio UI URL

securityContext

object

See values.yaml file.

Defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.

service.httpPort

int

20500

service.httpsPort

int

21500

The port that will be exposed by the service. Note: this is independent of the ports opened on the container.

service.type

string

"ClusterIP"

Determines how the Service is exposed.

serviceAccount.annotations

object

{}

Annotations to add to the service account

serviceAccount.create

bool

true

Specifies whether a service account should be created

serviceAccount.name

string

""

The name of the service account to use. If not set and create is true, a name is generated using the fullname template.

serviceMonitor.enabled

bool

true

Enables creation of Prometheus Operator ServiceMonitor. Ignored if API monitoring.coreos.com/v1 is not available.

serviceMonitor.interval

string

"30s"

Interval at which metrics should be scraped.

serviceMonitor.labels

object

{}

Additional labels for the ServiceMonitor

serviceMonitor.scrapeTimeout

string

"10s"

Timeout after which the scrape is ended.

tls.clientKeypairSecretName

string

""

Name of the Client KeyPair Secret type: kubernetes.io/tls

tls.serverKeypairSecretName

string

""

Name of the Server KeyPair Secret type: kubernetes.io/tls

tls.truststoreCaSecretName

string

""

Name of the Truststore Certificates Secret type: Opaque

tolerations

list

[]

The tolerations on this pod. See the Kubernetes documentation on Taints and Tolerations.

topologySpreadConstraints

list

[]

Describes how a group of pods ought to spread across topology domains. See the Kubernetes documentation on Pod Topology Spread Constraints.