KOBIL Shift parameter reference
Shift Configuration and Installation: Parameter Reference
Note: always refer to the used KOBIL Shift release "README" file
For Shift deployment the metaconfiguration allows the below Parameter/Values for configuration:
Values
| Key | Type | Description | Default |
|---|---|---|---|
| nameOverride | string | "" | |
| fullnameOverride | string | "" | |
| global.imagePullSecrets | list | Image pull secrets added to pod spes generated by this chart. | ["registry-secret"] |
| global.registry | string | Docker registry for KOBIL provided docker images | "kobilsystems.azurecr.io" |
| global.limits | object | Limits for kubernetes object names | {"lengths":{"commonName":63,"fullname":43,"releaseName":16}} |
| global.annotations.common | object | Custom annotations added to deployment metadata and pod spec | {} |
| global.annotations.workload | object | Custom annotations added to pod spec | {} |
| global.labels.workloadPod | object | Custom labels added to pod spec | {} |
| global.routing.domain | string | External domain name | "local" |
| global.routing.tlsSecret | string | Name of kubernetes TLS secret for the required domain and subdomains | "tls-secret" |
| global.routing.ingress.enabled | bool | Globally enable/disable creation of ingress resources for services. | false |
| global.routing.ingress.class | string | Ingress class name of the ingress controller. | nil |
| global.routing.istio.enabled | bool | Globally enable/disable creation of istio ingress gateways and virtual services. Requires istio operator. | true |
| global.routing.istio.gateways | object | Enable/disable istio ingress gateways for the three API groups. public gateway only routes endpoints marked as public. external gateway routes endpoints marked as public and external. admin gateway routes all endpoints. | {"admin":true,"external":false,"public":false} |
| global.routing.istio.options.gatewayNamePrefix | string | Prefix for istio ingress gateway names. The final name is generated by appending -admin, -external, -public, respectively. Note, that istio ingress gateways names must be unique across the cluster. | "istio-ingressgateway" |
| global.routing.istio.options.gatewayAddAllHosts | bool | The default setting (false), configures a wildcard (*) for the hosts exposed by the Istio ingress gateway. This means that any host is exposed. If set to true, all hosts required by Shift are added explicitely. The default (false) should be used if dedicated Istio ingress gateways are used for Shift and the gateway workloads are running in the same namespace as shift. Setting this value to true allows using an Istio ingress gateway that is shared by multiple applications. Note: When using a shared Istio ingress gateway, the TLS certificate and optional ingress resources must be manually created in the namespace where the Istio ingress gateway workload is running. The resources optionally generated by shift will not work in that case. Note: When using a shared Istio ingress gateway, Shift will configure the gateway to perform an SNI match on incoming requests. This will lead to issues if load balancers in front of Istio ingress gateway do not forward the SNI. See here for further information. | false |
| global.routing.istio.options.gatewayHttpsRedirect | bool | If set to true, the Istio ingress gateway will send a redirect for all http requests asking clients to use https. | true |
| global.routing.istio.options.inject | bool | Globally enable/disable injection of envoy sidecars. | false |
| global.serviceMonitor.enabled | bool | Globally enable/disable creation of monitoring.coreos.com/v1 serviceMonitor object. Requires prometheus operator. | false |
| global.certs.managed | bool | true | |
| global.certs.issuerName | string | "mbattery-ca-issuer" | |
| global.certs.additionalDnsNames | list | [] | |
| global.ingress | object | Globally enable/disable service ingress resources. Legacy value. | {"enabled":false} |
| global.monitoring | object | Globally enable/disable creation of monitoring.coreos.com/v1 serviceMonitor object. Requires prometheus operator. Legacy value. | {"prometheus":{"serviceMonitor":{"enabled":false}}} |
| scp | object | SCP specific values | {"enabled":true} |
| idp | object | IDP specific values | {"enabled":true} |
| smartscreen | object | Smartscreen specific values | {"enabled":true} |
| smartdashboard | object | Smartdashboard specific values | {"enabled":true} |
| asts | object | AST services specific values | {"enabled":true} |
| payment | object | PAY services specific values | {"enabled":false} |
| apiProxy | object | CustomApisSuperapps services specific values | {"enabled":false} |
| partof | string | Value of label app.kubernetes.io/part-of added to resources generated by this chart. | "shift" |
| component | string | Value of label app.kubernetes.io/component added to resources generated by this chart. | "shift-chart" |
| testInstallation | bool | Set to 'true' for test or demo deployments. When set to true, defaults values for security related parameters are applied to simplify deployment. Must not be used for production deployments. | false |
| common | object | Section for configuration parameters that are common to more than one service. | {"ast":{"databaseEncryptionMasterKey":"","existingSecretEncryptionKeys":"","issuer":{"certs":[],"existingSecretIssuerCa":"","key":""},"redis":{"password":"password","user":"default"},"sessionEncryptionMasterKey":""},"datastores":{"database":{"tls":{"mode":"PREFER","trustStore":{"password":"","store":"","type":"JKS"}}},"mongoDb":{"host":"mongodb","port":27017,"tls":false,"tlsOpts":{"cacerts":"","certKey":""}},"redis":{"host":"redis","port":6379}},"existingSecretAdminCredentials":"","existingSecretDatastoreCredentials":"","idp":{"adminUser":{"password":"password","username":"admin"}},"payment":{"database":{"auth":{"password":"password","username":"user"},"host":"postgres","name":"payment","port":5432},"idp":{"authRole":"user","clientId":{"ui":"mpayUIPublic"}},"redis":{"password":"password"},"serviceProvider":{"tenant":"master"},"springBootAdmin":{"password":"password","username":"admin"},"stripe":{"apiKey":"apiKey","webhookSecret":"secret"}},"scp":{"enableP2PChat":true,"mediaMaxSizeBytes":16777216,"service":{"auth":{"password":"password","passwordHash":"password-hash","username":"scp-services"}}},"tracing":{"enable":{"ast":false,"idp":false,"scp":false,"smartscreen":false},"jaegerGrpcHost":"http://jaeger-collector.tracing.svc.cluster.local:14250/api/v2/spans","zipkinUrl":"http://jaeger-collector.tracing.svc.cluster.local:9411/api/v2/spans"}} |
| common.existingSecretDatastoreCredentials | string | The name of an existing secret with datastore credentials. See README.md for details and the required structure. NOTE: When it's set, the datastore credentials configured in this file are ignored. | "" |
| common.existingSecretAdminCredentials | string | The name of an existing secret with admin credentials. See README.md for details and the required structure. NOTE: When it's set, the admin credentials configured in this file are ignored. | "" |
| common.datastores.redis | object | Common configuration of Redis used by all services | {"host":"redis","port":6379} |
| common.datastores.database.tls | object | Optional TLS configuration for database connection. Currently used by smartscreen and ast services. | {"mode":"PREFER","trustStore":{"password":"","store":"","type":"JKS"}} |
| common.datastores.database.tls.mode | string | TLS mode. Supported values are PREFER: This mode tries to establish database connection using TLS. If that fails, it tries non-TLS connection. No server certificate validation is performed. VERIFY_CA: This mode requires TLS connection, i.e. there is no fallback to non-TLS. This mode performs server certificate validation against the provided trust store. VERIFY_FULL: This mode acts like VERIFY_CA with additional hostname verification of the server certificate. | "PREFER" |
| common.datastores.database.tls.trustStore.type | string | Type of the truststore. Supported types are JKS and PKCS12. | "JKS" |
| common.datastores.database.tls.trustStore.store | string | Truststore of the selected type in BASE64 encoding. This setting is required for TLS modes VERIFY_CA and VERIFY_FULL. | "" |
| common.datastores.database.tls.trustStore.password | string | Password to open the truststore. This setting is required when a truststore is provided. | "" |
| common.datastores.mongoDb | object | Common configuration of Mongo DB used by scp services | {"host":"mongodb","port":27017,"tls":false,"tlsOpts":{"cacerts":"","certKey":""}} |
| common.scp.mediaMaxSizeBytes | int | The maximum allowed size in Bytes of an attachment sent via SCP. Affects both attachments sent by apps and smartdashboard. | 16777216 |
| common.ast.existingSecretEncryptionKeys | string | The name of an existing secret with encryption keys. See README.md for details and the required structure. NOTE: When it's set, the encryption keys configured in this file are ignored. | "" |
| common.ast.sessionEncryptionMasterKey | string | Encryption master key for ast sessions. Must be randomly generated and unique for each Shift deployment. Must be set to an alphanumeric (UTF-8) string of length 64. Changing it invalidates all current ast sessions. | "" |
| common.ast.databaseEncryptionMasterKey | string | Encryption master key for sensitive data store in database. Must be randomly generated and unique for each Shift deployment. Must be set to an alphanumeric (UTF-8) string of length 64. This value cannot be changed after installation. | "" |
| common.ast.issuer | object | The issuer CA certificate and private key used to generate tenant signers. See README.md section Issuer CA for requirements on issuer CA generation. | {"certs":[],"existingSecretIssuerCa":"","key":""} |
| common.ast.issuer.existingSecretIssuerCa | string | The name of an existing secret with issuer CA. See README.md for details and the required structure. NOTE: When it's set, the issuer CA configured in this file is ignored. | "" |
| common.ast.issuer.certs | list | Valid certificate chain for the issuer public key. The list must consist of base64 encoded certificates ordered from the root to the issuer certificate. If the issuer certificate is self-signed, the list consists of this one entry only. The public key of the issuer certificate must match common.ast.issuer.key. While the certificates can be changed, the issuer public key must not. | [] |
| common.ast.issuer.key | string | Issuer private and public key in PKCS#8 format as base64 string. Public key must match the issuer certificate in common.ast.issuer.certs. Keys must not be changed after installation. It is recommended to keep a backup of the keys for productive environments. | "" |
| common.ast.redis | object | Redis credentials used by ast services. The redis password is also used by idp-scp-connector. | {"password":"password","user":"default"} |
| common.tracing.enable | object | Enable / Disable tracing for service groups. | {"ast":false,"idp":false,"scp":false,"smartscreen":false} |
| common.tracing.jaegerGrpcHost | string | hostname of tracing sink used by idp, ast and smartscreen services. Must support model.proto protocol on port 14250 (gRPC). For example a jaeger-collector: https://www.jaegertracing.io/docs/next-release/deployment/#agent | "http://jaeger-collector.tracing.svc.cluster.local:14250/api/v2/spans" |
| common.tracing.zipkinUrl | string | hostname of tracing sink used by scp services. Must support zipkin protocol on port 9411 (HTTP). For example a jaeger-collector: https://www.jaegertracing.io/docs/next-release/deployment/#collector | "http://jaeger-collector.tracing.svc.cluster.local:9411/api/v2/spans" |
| common.payment | object | Section for configuring common values for payment services. | {"database":{"auth":{"password":"password","username":"user"},"host":"postgres","name":"payment","port":5432},"idp":{"authRole":"user","clientId":{"ui":"mpayUIPublic"}},"redis":{"password":"password"},"serviceProvider":{"tenant":"master"},"springBootAdmin":{"password":"password","username":"admin"},"stripe":{"apiKey":"apiKey","webhookSecret":"secret"}} |
| common.payment.idp | object | Values to configure IDP integration of payment services. | {"authRole":"user","clientId":{"ui":"mpayUIPublic"}} |
| common.payment.idp.authRole | string | Realm role required for administrative access to GUI. Must exist in master realm. | "user" |
| common.payment.idp.clientId.ui | string | ID of public OICD client used for authenticating admin users. Must exist in master realm. | "mpayUIPublic" |
| common.payment.serviceProvider.tenant | string | Name of tenant for GUI admin user. | "master" |
| common.payment.redis.password | string | Redis credentials used by payment services | "password" |
| common.payment.stripe | object | Configuration for Stripe payment processing platform. | {"apiKey":"apiKey","webhookSecret":"secret"} |
| routing.istio.enabled | bool | Enable/disable creation of virtual service resource for endpoints currently maintained in this chart. | true |
| routing.istio.ingress | object | Definition of optional ingress resources for istio ingress gateways. For each API group (admin, external, public), the ingress can be enabled separately. This requires the respective istio ingress gateway to be enabled (global.routing.istio.gateways). Each ingress can be configured with ingress class, optional annotations. For TLS, the secret defined via global.routing.tlsSecret is used. | {"admin":{"annotations":{},"class":null,"enabled":false},"external":{"annotations":{},"class":null,"enabled":false},"public":{"annotations":{},"class":null,"enabled":false}} |
| strimzi | object | Configuration of the Kafka custom resources. Requires Strimzi Kafka operator | {"additionalTopics":null,"enabled":true,"sizing":{"custom":{"kafka":null,"zookeeper":null},"mode":"basic"},"storage":{"class":{"kafka":null,"zookeeper":null},"size":{"kafka":"20Gi","zookeeper":"5Gi"}}} |
| strimzi.enabled | bool | Enable/disable deployment of Kafka custom resources. | true |
| strimzi.storage | object | Storage configuration for Kafka and Zookeeper. | {"class":{"kafka":null,"zookeeper":null},"size":{"kafka":"20Gi","zookeeper":"5Gi"}} |
| strimzi.storage.size | object | Size of persistent volumes for Kafka and Zookeeper. | {"kafka":"20Gi","zookeeper":"5Gi"} |
| strimzi.storage.class | object | Storage class to use for the persistent volumes. The default ~ uses the default Kubernetes storage class. | {"kafka":null,"zookeeper":null} |
| strimzi.sizing.mode | string | Configure seizing for Kafka cluster. Supported values are 'basic', 'tuned', and 'custom'. When using mode 'custom', values .custom.kafka and custom.zookeeper must be provided. See README.md for details. Note: Changing the sizing mode after deployment is highly discouraged, as it effects the topic replica count and partition assignment to nodes. It can even lead to data loss. | "basic" |
| strimzi.additionalTopics | string | Configuration of additional Kafkatopic resource, c.f. https://strimzi.io/docs/operators/latest/configuring.html#ref-operator-topic-str | nil |
| idpCore | object | Configuration for idp-core | {"database":{"auth":{"password":"password","username":"user"},"host":"postgres","name":"idp_core","port":5432},"enabled":true,"replicaCount":1} |
| idpScpConnector | object | Configuration for idp-scp-connector | {"database":{"auth":{"password":"password","username":"user"},"host":"postgres","name":"idp_scp_connector","port":5432},"enabled":true,"replicaCount":1} |
| idpScheduler | object | Configuration for idp-scheduler | {"enabled":false,"replicaCount":1} |
| smartscreenFrontend | object | Configuration for smartscreenfrontend | {"enabled":true,"replicaCount":1} |
| smartscreenServices | object | Configuration for smartscreenservices | {"database":{"auth":{"password":"password","username":"user"},"host":"postgres","name":"smartscreen_services","port":5432},"enabled":true} |
| smartscreenSearch | object | Configuration for smartscreensearch | {"database":{"auth":{"password":"password","username":"user"},"enabled":false,"host":"postgres-segment","name":"shift","port":5432,"schema":"tenant","sslMode":"PREFER","trustStore":"","trustStorePassword":"","trustStoreType":"JKS"},"enabled":true,"forDashboard":{"replicaCount":1},"forFrontend":{"replicaCount":1},"searchProviders":[]} |
| smartscreenSearch.forFrontend | object | Specific configuration for the smartscreen-search-for-frontend deployment. valuesOverride must be added in this section. | {"replicaCount":1} |
| smartscreenSearch.forDashboard | object | Specific configuration for the smartscreen-search-for-dashboard deployment. valuesOverride must be added in this section. | {"replicaCount":1} |
| smartscreenSearch.database | object | Optional configuration of database used by Segment | {"auth":{"password":"password","username":"user"},"enabled":false,"host":"postgres-segment","name":"shift","port":5432,"schema":"tenant","sslMode":"PREFER","trustStore":"","trustStorePassword":"","trustStoreType":"JKS"} |
| smartscreenSearch.database.sslMode | string | TLS mode. Supported values are PREFER: This mode tries to establish database connection using TLS. If that fails, it tries non-TLS connection. No server certificate validation is performed. VERIFY_CA: This mode requires TLS connection, i.e. there is no fallback to non-TLS. This mode performs server certificate validation against the provided trust store. VERIFY_FULL: This mode acts like VERIFY_CA with additional hostname verification of the server certificate. | "PREFER" |
| smartscreenSearch.database.trustStoreType | string | Type of the truststore. Supported types are JKS and PKCS12. | "JKS" |
| smartscreenSearch.database.trustStore | string | Truststore of the selected type in BASE64 encoding. This setting is required for TLS modes VERIFY_CA and VERIFY_FULL. | "" |
| smartscreenSearch.database.trustStorePassword | string | Password to open the truststore. This setting is required when a truststore is provided. | "" |
| smartscreenSearch.searchProviders | list | An array defining additional search providers. See below for an example. | [] |
| smartscreenDashboard | object | Configuration for smartscreendashboard | {"enabled":true,"replicaCount":1} |
| smartscreenConnector | object | Configuration for smartscreenconnector | {"enabled":false,"replicaCount":1} |
| smartscreenMedia | object | Configuration for smartscreenmedia Uses the same physical db and db settings as smartscreenServices | {"enabled":true,"replicaCount":1} |
| smartdashboardRoutes | object | Configuration for smartdashboard-routes | {"database":{"auth":{"password":"password","username":"user"},"host":"postgres","name":"smartdashboard","port":5432,"schema":"routes"}} |
| smartdashboardFrontend | object | Configuration for smartdashboard-frontend | {"enabled":true,"replicaCount":1} |
| smartdashboardSmartscreen | object | Configuration for smartdashboard-smartscreen | {"config":{"authenticationBrowserFlow":"browser"},"database":{"auth":{"password":"password","username":"user"},"host":"postgres","name":"smartdashboard","port":5432,"schema":"smartscreen"},"enabled":true,"replicaCount":1} |
| smartdashboardSmartscreen.config.authenticationBrowserFlow | string | Default browser flow for OIDC clients created for MiniApps. | "browser" |
| smartdashboardUserManagement | object | Configuration for smartdashboard-user-management | {"config":{"mailTemplateName":"smartdashboard-update-profile.ftl","mailType":"UPDATE_USER_PROFILE","requiredActions":"KOBIL_UPDATE_USER_PROFILE","updateMailSubject":"Welcome to your KOBIL Shift Portal"},"enabled":true,"replicaCount":1} |
| smartdashboardUserManagement.config.mailTemplateName | string | Email template to use when sending emails. | "smartdashboard-update-profile.ftl" |
| smartdashboardUserManagement.config.updateMailSubject | string | Email subject for invitation emails. | "Welcome to your KOBIL Shift Portal" |
| smartdashboardUserManagement.config.mailType | string | Defines mail type to be sent when inviting a user. Should be set to UPDATE_USER_PROFILE when using ast-services and VERIFY when using SSMS. | "UPDATE_USER_PROFILE" |
| smartdashboardUserManagement.config.requiredActions | string | Defines required actions that need to be performed by user during first login. Should be set to KOBIL_UPDATE_USER_PROFILE when using ast-services and UPDATE_PASSWORD when using SSMS. | "KOBIL_UPDATE_USER_PROFILE" |
| smartdashboardAnalytics | object | Configuration for smartdashboard-analytics | {"database":{"auth":{"password":"password","username":"user"},"host":"postgres-segment","name":"shift","port":5432,"schema":"tenant"},"enabled":false,"replicaCount":1} |
| smartdashboardAnalytics.database | object | Database used by Segment | {"auth":{"password":"password","username":"user"},"host":"postgres-segment","name":"shift","port":5432,"schema":"tenant"} |
| smartdashboardReports | object | Configuration for smartdashboard-reports | {"config":{"defaultEnv":"shift"},"enabled":false,"redis":{"password":"password","user":"default"},"replicaCount":1,"sentry":{"env":"environment=store","issueId":"sentry issue id","organization":"kobil-gmbh","project":"customer app","token":"sentry token","url":"https://sentry.io/api/0/","urlEvent":"events"}} |
| smartdashboardReports.sentry | object | Sentry configuration | {"env":"environment=store","issueId":"sentry issue id","organization":"kobil-gmbh","project":"customer app","token":"sentry token","url":"https://sentry.io/api/0/","urlEvent":"events"} |
| smartdashboardReports.sentry.urlEvent | string | Events endpoint for sentry. Change to eventsv2 for older on premise installations. | "events" |
| smartdashboardReports.config.defaultEnv | string | Default sentry environment | "shift" |
| smartdashboardReports.redis | object | Redis credentials used by smartdashboard-reports | {"password":"password","user":"default"} |
| smartdashboardBroadcast | object | Configuration for smartdashboard-broadcast | {"database":{"auth":{"password":"password","username":"user"},"host":"postgres","name":"smartdashboard","port":5432,"schema":"broadcast"},"enabled":true,"replicaCount":1} |
| smartdashboardAppManagement | object | Configuration for smartdashboard-app-management | {"enabled":true,"replicaCount":1} |
| smartdashboardAppBuilder | object | Configuration for smartdashboard-app-builder | {"config":{"appBuilderProxyBaseUrl":"https://app-builder-proxy.example.com","bundleId":"com.example.app.{tenant}","externalApiKey":"api-key","flavorEnv":"test","flavorName":"shift","segment":{"authToken":"segment auth token","baseUrl":"https://api.segmentapis.com","selectedWarehouseId":"warehouse id for environment","sourceMetadataId":"source meta data id"},"sentry":{"baseToken":"sentry token","baseUrl":"https://sentry.io/api/0/","envName":"shift","orgEvent":"kobil-gmbh","team":"development"},"tlsBundle":""},"database":{"auth":{"password":"password","username":"user"},"host":"postgres","name":"smartdashboard","port":5432,"schema":"appbuilder"},"enabled":false,"replicaCount":1} |
| smartdashboardAppBuilder.config.bundleId | string | App bundle IP | "com.example.app.{tenant}" |
| smartdashboardAppBuilder.config.externalApiKey | string | API key for authentication at app builder proxy | "api-key" |
| smartdashboardAppBuilder.config.appBuilderProxyBaseUrl | string | URL of app-builder proxy | "https://app-builder-proxy.example.com" |
| smartdashboardAppBuilder.config.tlsBundle | string | The TLS bundle to be included in sdk-config.jwt. Only a single certificate is supported. Must be set to the root CA that issued the TLS certificate on the public AST endpoints. Expected format is BASE64 encoded PEM. | "" |
| smartdashboardAppBuilder.config.segment | object | Segment configuration | {"authToken":"segment auth token","baseUrl":"https://api.segmentapis.com","selectedWarehouseId":"warehouse id for environment","sourceMetadataId":"source meta data id"} |
| smartdashboardAppBuilder.config.sentry | object | Sentry configuration | {"baseToken":"sentry token","baseUrl":"https://sentry.io/api/0/","envName":"shift","orgEvent":"kobil-gmbh","team":"development"} |
| smartdashboardWorkspaceManagement | object | Configuration for smartdashboard-workspace-management | {"config":{"emailTheme":"kobilv2","inviteMailSubject":"Welcome to your KOBIL Shift Portal","loginAccountAdminTheme":"kobilv2","loginTheme":"smart-dashboard","mailTemplateName":"smartdashboard-password-reset.ftl"},"enabled":true,"replicaCount":1} |
| smartdashboardWorkspaceManagement.config | object | Email and theme settings | {"emailTheme":"kobilv2","inviteMailSubject":"Welcome to your KOBIL Shift Portal","loginAccountAdminTheme":"kobilv2","loginTheme":"smart-dashboard","mailTemplateName":"smartdashboard-password-reset.ftl"} |
| smartdashboardKongConfigurationBackend | object | Configuration for smartdashboard-kong-configuration-backend | {"config":{"masterClientId":"client_id","masterClientSecret":"client_secret"},"enabled":true,"replicaCount":1} |
| smartdashboardKongConfigurationBackend.config | object | client_id and client_secret of an OIDC client in IDP master realm. Must be manually created. | {"masterClientId":"client_id","masterClientSecret":"client_secret"} |
| smartdashboardTile38 | object | Configuration for smartdashboard-tile38 | {"config":{"tile38Host":"hostname","tile38Password":"password","tile38Protocol":"https","tile38User":"user"},"enabled":false,"replicaCount":1} |
| smartdashboardTile38.config | object | Configuration of Tile38 server and basic auth credentials The Tile38 server must be reachable via standard ports, i.e. 80 for http and 443 for https. | {"tile38Host":"hostname","tile38Password":"password","tile38Protocol":"https","tile38User":"user"} |
| audience | object | Configuration for audience services | {"apiGateway":{"replicaCount":1},"custom":{},"database":{"auth":{"password":"password","username":"user"},"host":"postgres","name":"audience","port":5432,"schema":"audience"},"enabled":false,"getEndpoints":{"replicaCount":1}} |
| audience.getEndpoints | object | Specific configuration for the audience-get-endpoints deployment. valuesOverride must be added in this section. | {"replicaCount":1} |
| audience.apiGateway | object | Specific configuration for the audience-api-gateway deployment. valuesOverride must be added in this section. | {"replicaCount":1} |
| audience.custom | object | Specific configuration for the audience-custom deployment. valuesOverride must be added in this section. | {} |
| scpAddressbook | object | Configuration for scp-addressbook | {"db":{"name":"scp_addressbook","password":"password","poolSize":5,"username":"user"},"enabled":true,"replicaCount":1} |
| scpPresence | object | Configuration for scp-presence | {"db":{"name":"scp_presence","password":"password","poolSize":5,"username":"user"},"enabled":true,"replicaCount":1} |
| scpMessenger | object | Configuration for scp-messenger | {"db":{"name":"scp_messenger","password":"password","poolSize":5,"username":"user"},"enabled":true,"replicaCount":1} |
| scpMedia | object | Configuration for scp-media | {"db":{"name":"scp_media","password":"password","poolSize":5,"username":"user"},"enabled":true,"replicaCount":1} |
| scpGateway | object | Configuration for scp-gateway | {"db":{"name":"scp_gateway","password":"password","poolSize":5,"username":"user"},"enabled":true,"replicaCount":1} |
| scpNotifier | object | Configuration for scp-notifier | {"app":{"body":"Body","title":"Push notification title"},"database":{"auth":{"password":"password","username":"user"},"host":"postgres","name":"scp_notifier","poolSize":10,"port":5432,"ssl":{"enabled":false,"trustStore":""}},"enabled":true,"replicaCount":1} |
| scpNotifier.database.poolSize | int | Size of database connection pool. | 10 |
| scpNotifier.database.ssl.enabled | bool | Set to true to enable SSL connection to the postgres database without certificate validation. | false |
| scpNotifier.database.ssl.trustStore | string | When SSL it enabled, specify trust store to enable certificate chain validation. The truststore must be provided as single line string and contain a base64 encoded list of certificates in PEM format. | "" |
| scpNotifier.app.title | string | Default push notification title used in case it is not specified in the push notification payload. | "Push notification title" |
| scpNotifier.app.body | string | Default push notification body used in case it is not provided in the push notification payload. | "Body" |
| astca | object | Configuration for astca | {"database":{"auth":{"password":"password","username":"user"},"host":"postgres","name":"ast_ca","port":5432},"enabled":true,"replicaCount":1} |
| astcpb | object | Configuration for astcpb | {"enabled":true,"replicaCount":1} |
| astClientManagement | object | Configuration for astclientmanagement | {"database":{"auth":{"password":"password","username":"user"},"host":"postgres","name":"ast_client_management","port":5432},"enabled":true,"replicaCount":1} |
| astClientProperties | object | Configuration for ast-client-properties | {"database":{"auth":{"password":"password","username":"user"},"host":"postgres","name":"ast_client_properties","port":5432},"enabled":true,"replicaCount":1} |
| astLogin | object | Configuration for astlogin | {"database":{"auth":{"password":"password","username":"user"},"host":"postgres","name":"ast_login","port":5432},"enabled":true,"replicaCount":1} |
| astStream | object | Configuration for ast-stream | {"enabled":true,"replicaCount":1} |
| astVersion | object | Configuration for ast-version | {"database":{"auth":{"password":"password","username":"user"},"host":"postgres","name":"ast_version","port":5432},"enabled":true,"replicaCount":1} |
| astLocalization | object | Configuration for ast-localization | {"database":{"auth":{"password":"password","username":"user"},"host":"postgres","name":"ast_localization","port":5432},"enabled":true,"replicaCount":1} |
| astTms | object | Configuration for ast-tms | {"database":{"auth":{"password":"password","username":"user"},"host":"postgres","name":"ast_tms","port":5432},"enabled":true,"replicaCount":1} |
| astWebhooks | object | Configuration for ast-webhooks | {"enabled":true,"replicaCount":1} |
| astKeyProtection | object | Configuration for ast-key-protection | {"database":{"auth":{"password":"password","username":"user"},"host":"postgres","name":"ast_key_protection","port":5432},"enabled":true,"replicaCount":1} |
| payGui | object | Configuration for pay-gui | {"enabled":true,"replicaCount":1} |
| payScheduler | object | Configuration for pay-scheduler | {"enabled":true,"replicaCount":1} |
| payMerchant | object | Configuration for pay-merchant | {"enabled":true,"replicaCount":1} |
| payUi | object | Configuration for pay-ui | {"enabled":true,"replicaCount":1} |
| payScp | object | Configuration for pay-scp | {"enabled":true,"replicaCount":1} |
| payNotification | object | Configuration for pay-notification | {"enabled":true,"replicaCount":1} |
| payResult | object | Configuration for pay-result | {"enabled":true,"replicaCount":1} |
| payPayment | object | Configuration for pay-payment | {"enabled":true,"replicaCount":1} |
| payProcessing | object | Configuration for pay-processing | {"enabled":true,"replicaCount":1} |
| profileBackend | object | Configuration for profile-backend | {"app":{"awsAccessKeyId":"xxxxxxxxxxxxxxxxxxxx","awsRegion":"eu-central-1","awsS3BucketName":"profile-backend","awsSecretAccessKey":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"},"enabled":true,"replicaCount":1} |
| otpManagement | object | Configuration for otp-management | {"database":{"auth":{"password":"password","username":"user"},"host":"postgres","name":"otp_management","port":5432},"enabled":false,"otpVerification":{"maxResyncWindowSize":100,"maxVerifyWindowSize":3,"maximumRetryCounter":10},"replicaCount":1,"tokenImport":{"certificate":"","privateKey":""}} |
| otpManagement.otpVerification.maximumRetryCounter | int | How many retries are allowed. | 10 |
| otpManagement.otpVerification.maxVerifyWindowSize | int | How many consecutive OTPs the server tries at most in order to find an entered OTP. | 3 |
| otpManagement.otpVerification.maxResyncWindowSize | int | How many values the server is trying out in order to find the 2 OTPs during a resync. | 100 |
| otpManagement.tokenImport.certificate | string | The base64 encoded token import certificate. Token data (XML format) is encrypted based on respective public key. The public key needs to be provided with a certificate, as the certificate will be included in respective import files. This value must be provided. | "" |
| otpManagement.tokenImport.privateKey | string | Token import private key in PKCS#8 format as base64 string. The private key is required to decrypt token data during import. This value must be provided. | "" |