diff --git a/charts/document-engine/CHANGELOG.md b/charts/document-engine/CHANGELOG.md index 3d1f6cd..a40934a 100644 --- a/charts/document-engine/CHANGELOG.md +++ b/charts/document-engine/CHANGELOG.md @@ -1,130 +1,133 @@ # Changelog - [Changelog](#changelog) - - [8.3.1 (2026-05-08)](#831-2026-05-08) + - [8.4.0 (2026-05-28)](#840-2026-05-28) + - [Added](#added) - [Changed](#changed) + - [8.3.1 (2026-05-08)](#831-2026-05-08) + - [Changed](#changed-1) - [8.3.0 (2026-05-06)](#830-2026-05-06) - - [Added](#added) - - [8.2.3 (2026-05-04)](#823-2026-05-04) - [Added](#added-1) + - [8.2.3 (2026-05-04)](#823-2026-05-04) + - [Added](#added-2) - [8.2.2 (2026-04-20)](#822-2026-04-20) - - [Changed](#changed-1) - - [8.2.1 (2026-04-09)](#821-2026-04-09) - [Changed](#changed-2) - - [8.2.0 (2026-03-26)](#820-2026-03-26) + - [8.2.1 (2026-04-09)](#821-2026-04-09) - [Changed](#changed-3) - - [8.1.2 (2026-03-24)](#812-2026-03-24) + - [8.2.0 (2026-03-26)](#820-2026-03-26) - [Changed](#changed-4) + - [8.1.2 (2026-03-24)](#812-2026-03-24) + - [Changed](#changed-5) - [8.1.1 (2026-03-12)](#811-2026-03-12) - [Fixed](#fixed) - [8.1.0 (2026-02-28)](#810-2026-02-28) - - [Added](#added-2) - - [Changed](#changed-5) + - [Added](#added-3) + - [Changed](#changed-6) - [8.0.7 (2026-02-27)](#807-2026-02-27) - [Fixed](#fixed-1) - [8.0.6 (2026-02-26)](#806-2026-02-26) - - [Changed](#changed-6) + - [Changed](#changed-7) - [8.0.5 (2026-02-26)](#805-2026-02-26) - [Fixed](#fixed-2) - - [Changed](#changed-7) + - [Changed](#changed-8) - [8.0.4 (2026-02-26)](#804-2026-02-26) - [Fixed](#fixed-3) - [8.0.3 (2026-02-26)](#803-2026-02-26) - [Fixed](#fixed-4) - [8.0.0 (2026-02-26)](#800-2026-02-26) - - [Added](#added-3) - - [Changed](#changed-8) + - [Added](#added-4) + - [Changed](#changed-9) - [7.6.1 (2026-02-24)](#761-2026-02-24) - [Fixed](#fixed-5) - [7.6.0 (2026-02-03)](#760-2026-02-03) - - [Changed](#changed-9) - - [7.5.1 (2026-02-01)](#751-2026-02-01) - - [Added](#added-4) - [Changed](#changed-10) - - [7.5.0 (2026-01-09)](#750-2026-01-09) + - [7.5.1 (2026-02-01)](#751-2026-02-01) - [Added](#added-5) - - [7.4.0 (2025-12-15)](#740-2025-12-15) - [Changed](#changed-11) + - [7.5.0 (2026-01-09)](#750-2026-01-09) + - [Added](#added-6) + - [7.4.0 (2025-12-15)](#740-2025-12-15) + - [Changed](#changed-12) - [Fixed](#fixed-6) - [7.3.0 (2025-11-21)](#730-2025-11-21) - - [Changed](#changed-12) - - [7.2.1 (2025-11-01)](#721-2025-11-01) - [Changed](#changed-13) + - [7.2.1 (2025-11-01)](#721-2025-11-01) + - [Changed](#changed-14) - [7.2.0 (2025-11-01)](#720-2025-11-01) - - [Added](#added-6) + - [Added](#added-7) - [7.1.4 (2025-10-27)](#714-2025-10-27) - - [Changed](#changed-14) - - [7.1.3 (2025-10-23)](#713-2025-10-23) - [Changed](#changed-15) + - [7.1.3 (2025-10-23)](#713-2025-10-23) + - [Changed](#changed-16) - [7.1.2 (2025-10-22)](#712-2025-10-22) - [Fixed](#fixed-7) - [7.1.1 (2025-10-22)](#711-2025-10-22) - [Fixed](#fixed-8) - [7.1.0 (2025-10-22)](#710-2025-10-22) - - [Changed](#changed-16) - - [7.0.1 (2025-10-13)](#701-2025-10-13) - [Changed](#changed-17) - - [7.0.0 (2025-10-09)](#700-2025-10-09) - - [Added](#added-7) + - [7.0.1 (2025-10-13)](#701-2025-10-13) - [Changed](#changed-18) - - [6.3.1 (2025-10-08)](#631-2025-10-08) + - [7.0.0 (2025-10-09)](#700-2025-10-09) + - [Added](#added-8) - [Changed](#changed-19) - - [6.3.0 (2025-10-07)](#630-2025-10-07) + - [6.3.1 (2025-10-08)](#631-2025-10-08) - [Changed](#changed-20) - - [6.2.0 (2025-10-07)](#620-2025-10-07) - - [Added](#added-8) - - [6.1.0 (2025-10-05)](#610-2025-10-05) + - [6.3.0 (2025-10-07)](#630-2025-10-07) - [Changed](#changed-21) - - [6.0.0 (2025-10-01)](#600-2025-10-01) + - [6.2.0 (2025-10-07)](#620-2025-10-07) - [Added](#added-9) + - [6.1.0 (2025-10-05)](#610-2025-10-05) - [Changed](#changed-22) - - [5.4.1 (2025-09-28)](#541-2025-09-28) + - [6.0.0 (2025-10-01)](#600-2025-10-01) - [Added](#added-10) - - [5.4.0 (2025-09-23)](#540-2025-09-23) - [Changed](#changed-23) + - [5.4.1 (2025-09-28)](#541-2025-09-28) + - [Added](#added-11) + - [5.4.0 (2025-09-23)](#540-2025-09-23) + - [Changed](#changed-24) - [Fixed](#fixed-9) - [5.3.0 (2025-09-21)](#530-2025-09-21) - - [Added](#added-11) + - [Added](#added-12) - [5.2.0 (2025-08-25)](#520-2025-08-25) - - [Changed](#changed-24) - - [5.1.3 (2025-07-24)](#513-2025-07-24) - [Changed](#changed-25) + - [5.1.3 (2025-07-24)](#513-2025-07-24) + - [Changed](#changed-26) - [5.1.2 (2025-07-16)](#512-2025-07-16) - - [Added](#added-12) + - [Added](#added-13) - [5.1.1 (2025-07-08)](#511-2025-07-08) - - [Changed](#changed-26) - - [5.1.0 (2025-07-05)](#510-2025-07-05) - [Changed](#changed-27) + - [5.1.0 (2025-07-05)](#510-2025-07-05) + - [Changed](#changed-28) - [5.0.1 (2025-06-27)](#501-2025-06-27) - [Fixed](#fixed-10) - [5.0.0 (2025-06-27)](#500-2025-06-27) - - [Added](#added-13) - - [Changed](#changed-28) + - [Added](#added-14) + - [Changed](#changed-29) - [4.0.1 (2025-06-24)](#401-2025-06-24) - [Fixed](#fixed-11) - [4.0.0 (2025-06-24)](#400-2025-06-24) - - [Added](#added-14) - - [Changed](#changed-29) - - [3.10.1 (2025-06-18)](#3101-2025-06-18) + - [Added](#added-15) - [Changed](#changed-30) + - [3.10.1 (2025-06-18)](#3101-2025-06-18) + - [Changed](#changed-31) - [3.10.0 (2025-06-10)](#3100-2025-06-10) - - [Added](#added-15) + - [Added](#added-16) - [3.9.1 (2025-06-09)](#391-2025-06-09) - - [Changed](#changed-31) - - [3.9.0 (2025-05-29)](#390-2025-05-29) - [Changed](#changed-32) - - [3.8.11 (2025-05-28)](#3811-2025-05-28) + - [3.9.0 (2025-05-29)](#390-2025-05-29) - [Changed](#changed-33) - - [3.8.10 (2025-05-20)](#3810-2025-05-20) + - [3.8.11 (2025-05-28)](#3811-2025-05-28) - [Changed](#changed-34) + - [3.8.10 (2025-05-20)](#3810-2025-05-20) + - [Changed](#changed-35) - [3.8.9 (2025-05-12)](#389-2025-05-12) - [Fixed](#fixed-12) - [3.8.8 (2025-05-12)](#388-2025-05-12) - - [Changed](#changed-35) + - [Changed](#changed-36) - [3.8.7 (2025-05-12)](#387-2025-05-12) - - [Added](#added-16) + - [Added](#added-17) - [3.8.6 (2025-04-09)](#386-2025-04-09) - - [Changed](#changed-36) + - [Changed](#changed-37) - [3.8.5 (2025-04-03)](#385-2025-04-03) - [Fixed](#fixed-13) - [3.8.4 (2025-04-03)](#384-2025-04-03) @@ -135,103 +138,114 @@ - [Fixed](#fixed-16) - [3.8.1 (2025-04-03)](#381-2025-04-03) - [Fixed](#fixed-17) - - [Changed](#changed-37) + - [Changed](#changed-38) - [3.8.0 (2025-04-03)](#380-2025-04-03) - - [Added](#added-17) + - [Added](#added-18) - [3.7.1 (2025-03-26)](#371-2025-03-26) - - [Changed](#changed-38) - - [3.7.0 (2025-03-20)](#370-2025-03-20) - [Changed](#changed-39) - - [3.6.0 (2025-03-19)](#360-2025-03-19) + - [3.7.0 (2025-03-20)](#370-2025-03-20) - [Changed](#changed-40) - - [3.5.0 (2025-02-14)](#350-2025-02-14) + - [3.6.0 (2025-03-19)](#360-2025-03-19) - [Changed](#changed-41) - - [3.4.0 (2025-02-11)](#340-2025-02-11) + - [3.5.0 (2025-02-14)](#350-2025-02-14) - [Changed](#changed-42) - - [3.3.4 (2025-01-28)](#334-2025-01-28) + - [3.4.0 (2025-02-11)](#340-2025-02-11) - [Changed](#changed-43) - - [3.3.3 (2024-01-15)](#333-2024-01-15) + - [3.3.4 (2025-01-28)](#334-2025-01-28) - [Changed](#changed-44) - - [3.3.2 (2025-01-15)](#332-2025-01-15) + - [3.3.3 (2024-01-15)](#333-2024-01-15) - [Changed](#changed-45) + - [3.3.2 (2025-01-15)](#332-2025-01-15) + - [Changed](#changed-46) - [3.3.1 (2025-01-10)](#331-2025-01-10) - - [Added](#added-18) + - [Added](#added-19) - [3.2.12 (2024-12-05)](#3212-2024-12-05) - - [Changed](#changed-46) - - [3.2.11 (2024-11-21)](#3211-2024-11-21) - [Changed](#changed-47) - - [3.2.10 (2024-11-18)](#3210-2024-11-18) + - [3.2.11 (2024-11-21)](#3211-2024-11-21) - [Changed](#changed-48) - - [3.2.9 (2024-11-15)](#329-2024-11-15) + - [3.2.10 (2024-11-18)](#3210-2024-11-18) - [Changed](#changed-49) - - [3.2.7 (2024-11-15)](#327-2024-11-15) - - [Added](#added-19) + - [3.2.9 (2024-11-15)](#329-2024-11-15) - [Changed](#changed-50) - - [3.2.6 (2024-10-29)](#326-2024-10-29) + - [3.2.7 (2024-11-15)](#327-2024-11-15) - [Added](#added-20) - [Changed](#changed-51) - - [3.2.5 (2024-10-24)](#325-2024-10-24) + - [3.2.6 (2024-10-29)](#326-2024-10-29) + - [Added](#added-21) - [Changed](#changed-52) + - [3.2.5 (2024-10-24)](#325-2024-10-24) + - [Changed](#changed-53) - [3.2.4 (2024-10-17)](#324-2024-10-17) - [Fixed](#fixed-18) - [3.2.3 (2024-10-16)](#323-2024-10-16) - [Fixed](#fixed-19) - [3.2.2 (2024-10-09)](#322-2024-10-09) - - [Changed](#changed-53) - - [3.2.1 (2024-09-20)](#321-2024-09-20) - [Changed](#changed-54) - - [3.2.0 (2024-08-29)](#320-2024-08-29) + - [3.2.1 (2024-09-20)](#321-2024-09-20) - [Changed](#changed-55) - - [3.1.2 (2024-08-23)](#312-2024-08-23) + - [3.2.0 (2024-08-29)](#320-2024-08-29) - [Changed](#changed-56) + - [3.1.2 (2024-08-23)](#312-2024-08-23) + - [Changed](#changed-57) - [3.1.1 (2024-08-23)](#311-2024-08-23) - [Fixed](#fixed-20) - [3.1.0 (2024-08-22)](#310-2024-08-22) - - [Added](#added-21) + - [Added](#added-22) - [3.0.6 (2024-08-22)](#306-2024-08-22) - - [Changed](#changed-57) + - [Changed](#changed-58) - [3.0.5 (2024-08-21)](#305-2024-08-21) - [Fixed](#fixed-21) - [3.0.4 (2024-08-21)](#304-2024-08-21) - - [Changed](#changed-58) - - [Added](#added-22) + - [Changed](#changed-59) + - [Added](#added-23) - [2.9.3 (2024-08-16)](#293-2024-08-16) - [Fixed](#fixed-22) - [2.9.2 (2024-08-13)](#292-2024-08-13) - - [Changed](#changed-59) - - [2.9.1 (2024-08-10)](#291-2024-08-10) - - [Added](#added-23) - [Changed](#changed-60) - - [2.9.0 (2024-08-01)](#290-2024-08-01) + - [2.9.1 (2024-08-10)](#291-2024-08-10) - [Added](#added-24) - [Changed](#changed-61) - - [Fixed](#fixed-23) - - [2.8.0](#280) + - [2.9.0 (2024-08-01)](#290-2024-08-01) - [Added](#added-25) - [Changed](#changed-62) + - [Fixed](#fixed-23) + - [2.8.0](#280) + - [Added](#added-26) + - [Changed](#changed-63) - [Fixed](#fixed-24) - [2.7.3](#273) - - [Changed](#changed-63) + - [Changed](#changed-64) - [Fixed](#fixed-25) - [2.7.2](#272) - [Fixed](#fixed-26) - [2.7.0](#270) - - [Changed](#changed-64) - - [2.6.2](#262) - - [Added](#added-26) - [Changed](#changed-65) - - [2.6.0](#260) + - [2.6.2](#262) - [Added](#added-27) - - [2.4.0](#240) + - [Changed](#changed-66) + - [2.6.0](#260) - [Added](#added-28) - - [2.3.0](#230) + - [2.4.0](#240) - [Added](#added-29) - - [2.2.0](#220) + - [2.3.0](#230) - [Added](#added-30) + - [2.2.0](#220) + - [Added](#added-31) - [2.1.0](#210) - - [Changed](#changed-66) - - [2.0.0](#200) - [Changed](#changed-67) + - [2.0.0](#200) + - [Changed](#changed-68) + +## 8.4.0 (2026-05-28) + +### Added + +* Added `observability.log.structuredFlatten`, which renders the `LOG_STRUCTURED_FLATTEN` environment variable. Only applies when `observability.log.structured` is `true`. Defaults to `true`, matching the Document Engine 1.16.0 default. + +### Changed + +* Updated Document Engine to 1.16.0. +* `config.tileMaxScale` now defaults to unlimited (unset). Previously the chart pinned `TILE_MAX_SCALE=16`. Document Engine 1.16.0 enforces the limit on `GET`, `POST` and HTTP/2 tile rendering, so leaving it unset matches the upstream default. To preserve the previous behavior, set `config.tileMaxScale: 16` explicitly. ## 8.3.1 (2026-05-08) diff --git a/charts/document-engine/Chart.yaml b/charts/document-engine/Chart.yaml index 9f6e3e2..7454c14 100644 --- a/charts/document-engine/Chart.yaml +++ b/charts/document-engine/Chart.yaml @@ -4,8 +4,8 @@ type: application description: Document Engine is a backend software for processing documents and powering automation workflows. home: https://www.nutrient.io/sdk/document-engine icon: https://cdn.prod.website-files.com/65fdb7696055f07a05048833/66e58e33c3880ff24aa34027_nutrient-logo.png -version: 8.3.1 -appVersion: "1.15.1" +version: 8.4.0 +appVersion: "1.16.0" keywords: - nutrient diff --git a/charts/document-engine/README.md b/charts/document-engine/README.md index 3805d84..5929092 100644 --- a/charts/document-engine/README.md +++ b/charts/document-engine/README.md @@ -1,6 +1,6 @@ # Document Engine Helm chart -![Version: 8.3.1](https://img.shields.io/badge/Version-8.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.15.1](https://img.shields.io/badge/AppVersion-1.15.1-informational?style=flat-square) +![Version: 8.4.0](https://img.shields.io/badge/Version-8.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) Document Engine is a backend software for processing documents and powering automation workflows. @@ -413,20 +413,20 @@ Note: | [`config.daemonReadTimeoutSeconds`](./values.yaml#L100) | `PSPDFKITD_READ_TIMEOUT` in seconds | `120` | | [`config.daemonWriteTimeoutSeconds`](./values.yaml#L103) | `PSPDFKITD_WRITE_TIMEOUT` in seconds | `10` | | [`config.generationTimeoutSeconds`](./values.yaml#L106) | `PDF_GENERATION_TIMEOUT` in seconds | `20` | -| [`config.hoard`](./values.yaml#L148) | Hoard — internal caching service parameters | [...](./values.yaml#L148) | -| [`config.hoard.maxSizeMegaBytes`](./values.yaml#L151) | `HOARD_MAX_SIZE` — maximum size in millions of bytes | `100` | -| [`config.http2SharedRendering`](./values.yaml#L160) | Optimised rendering relying on HTTP/2 | [...](./values.yaml#L160) | -| [`config.http2SharedRendering.enabled`](./values.yaml#L163) | `HTTP2_SHARED_RENDERING_PROCESS_ENABLE` — enable shared rendering processes | `false` | +| [`config.hoard`](./values.yaml#L149) | Hoard — internal caching service parameters | [...](./values.yaml#L149) | +| [`config.hoard.maxSizeMegaBytes`](./values.yaml#L152) | `HOARD_MAX_SIZE` — maximum size in millions of bytes | `100` | +| [`config.http2SharedRendering`](./values.yaml#L161) | Optimised rendering relying on HTTP/2 | [...](./values.yaml#L161) | +| [`config.http2SharedRendering.enabled`](./values.yaml#L164) | `HTTP2_SHARED_RENDERING_PROCESS_ENABLE` — enable shared rendering processes | `false` | | [`config.ignoreInvalidAnnotations`](./values.yaml#L133) | `IGNORE_INVALID_ANNOTATIONS` | `true` | | [`config.maxUploadSizeMegaBytes`](./values.yaml#L115) | `MAX_UPLOAD_SIZE_BYTES` in megabytes | `950` | | [`config.minSearchQueryLength`](./values.yaml#L139) | `MIN_SEARCH_QUERY_LENGTH` | `3` | -| [`config.port`](./values.yaml#L181) | `PORT` for the Document Engine API | `5000` | -| [`config.proxy`](./values.yaml#L176) | Proxy settings, `HTTP_PROXY` and `HTTPS_PROXY` | `{"http":"","https":""}` | +| [`config.port`](./values.yaml#L182) | `PORT` for the Document Engine API | `5000` | +| [`config.proxy`](./values.yaml#L177) | Proxy settings, `HTTP_PROXY` and `HTTPS_PROXY` | `{"http":"","https":""}` | | [`config.readAnnotationBatchTimeoutSeconds`](./values.yaml#L112) | `READ_ANNOTATION_BATCH_TIMEOUT` in seconds | `20` | -| [`config.replaceSecretsFromEnv`](./values.yaml#L186) | `REPLACE_SECRETS_FROM_ENV` — whether to consider environment variables, values and secrets for `JWT_PUBLIC_KEY`, `SECRET_KEY_BASE` and `DASHBOARD_PASSWORD` | `true` | +| [`config.replaceSecretsFromEnv`](./values.yaml#L187) | `REPLACE_SECRETS_FROM_ENV` — whether to consider environment variables, values and secrets for `JWT_PUBLIC_KEY`, `SECRET_KEY_BASE` and `DASHBOARD_PASSWORD` | `true` | | [`config.requestTimeoutSeconds`](./values.yaml#L88) | Full request timeout in seconds (`SERVER_REQUEST_TIMEOUT`). Should be lesser than `terminationGracePeriodSeconds`. | `60` | -| [`config.tileMaxScale`](./values.yaml#L143) | `TILE_MAX_SCALE` — maximum allowed tile scale, calculated as requested tile size divided by actual page size. Must be greater than 1. | `16` | -| [`config.trustedProxies`](./values.yaml#L173) | `TRUSTED_PROXIES` — comma-separated list of IP addresses or IP address ranges of trusted proxies. Setting to `default` will use private IP ranges. | `"default"` | +| [`config.tileMaxScale`](./values.yaml#L144) | `TILE_MAX_SCALE` — maximum allowed tile scale, calculated as requested tile size divided by actual page size. Must be greater than 1. When unset, no limit is enforced. | `unlimited` | +| [`config.trustedProxies`](./values.yaml#L174) | `TRUSTED_PROXIES` — comma-separated list of IP addresses or IP address ranges of trusted proxies. Setting to `default` will use private IP ranges. | `"default"` | | [`config.urlFetchTimeoutSeconds`](./values.yaml#L109) | `REMOTE_URL_FETCH_TIMEOUT` in seconds | `5` | | [`config.workerPoolMaxRestarts`](./values.yaml#L94) | Maximum number of restarts (`PSPDFKIT_WORKER_POOL_MAX_RESTARTS`) before supervisor starts throttling them. | `20` | | [`config.workerPoolMaxSeconds`](./values.yaml#L97) | Time window in which the supervisor monitors the number of restarts (`PSPDFKIT_WORKER_POOL_MAX_SECONDS`). | `60` | @@ -437,123 +437,123 @@ Note: | Key | Description | Default | |-----|-------------|---------| -| [`certificateTrust`](./values.yaml#L191) | [Certificate trust](https://www.nutrient.io/guides/document-engine/configuration/certificate-trust/) | | -| [`certificateTrust.customCertificates`](./values.yaml#L204) | ConfigMap and Secret references for trust configuration, stored in `/certificate-stores-custom` | `[]` | -| [`certificateTrust.digitalSignatures`](./values.yaml#L195) | CAs for digital signatures (`/certificate-stores/`) from ConfigMap and Secret resources. | `[]` | -| [`certificateTrust.downloaderTrustFileName`](./values.yaml#L214) | Override `DOWNLOADER_CERT_FILE_PATH` to set HTTP client trust. If empty, defaults to Mozilla's CA bundle. | `""` | +| [`certificateTrust`](./values.yaml#L192) | [Certificate trust](https://www.nutrient.io/guides/document-engine/configuration/certificate-trust/) | | +| [`certificateTrust.customCertificates`](./values.yaml#L205) | ConfigMap and Secret references for trust configuration, stored in `/certificate-stores-custom` | `[]` | +| [`certificateTrust.digitalSignatures`](./values.yaml#L196) | CAs for digital signatures (`/certificate-stores/`) from ConfigMap and Secret resources. | `[]` | +| [`certificateTrust.downloaderTrustFileName`](./values.yaml#L215) | Override `DOWNLOADER_CERT_FILE_PATH` to set HTTP client trust. If empty, defaults to Mozilla's CA bundle. | `""` | ### Database | Key | Description | Default | |-----|-------------|---------| -| [`database`](./values.yaml#L219) | Database | | -| [`database.connections`](./values.yaml#L228) | `DATABASE_CONNECTIONS` | `20` | -| [`database.enabled`](./values.yaml#L222) | Persistent storage enabled | `true` | -| [`database.engine`](./values.yaml#L225) | Database engine: only `postgres` is currently supported | `"postgres"` | -| [`database.migrationJob`](./values.yaml#L292) | Database migration jobs. | [...](./values.yaml#L292) | -| [`database.migrationJob.enabled`](./values.yaml#L295) | It `true`, results in `ENABLE_DATABASE_MIGRATIONS=false` in the main Document Engine container | `false` | -| [`database.postgres`](./values.yaml#L233) | PostgreSQL database settings | [...](./values.yaml#L233) | -| [`database.postgres.adminPassword`](./values.yaml#L254) | `PG_ADMIN_PASSWORD` | `"despair"` | -| [`database.postgres.adminUsername`](./values.yaml#L251) | `PG_ADMIN_USER` | `"postgres"` | -| [`database.postgres.database`](./values.yaml#L242) | `PGDATABASE` | `"document-engine"` | -| [`database.postgres.externalAdminSecretName`](./values.yaml#L263) | External secret for administrative database credentials, used for migrations: `PG_ADMIN_USER` and `PG_ADMIN_PASSWORD` | `""` | -| [`database.postgres.externalSecretName`](./values.yaml#L259) | Use external secret for database credentials. `PGUSER` and `PGPASSWORD` must be provided and, if not defined: `PGDATABASE`, `PGHOST`, `PGPORT`, `PGSSL` | `""` | -| [`database.postgres.host`](./values.yaml#L236) | `PGHOST`, if not set, and `cloudNativePG.enabled`, will rely on the Cluster | `""` | -| [`database.postgres.password`](./values.yaml#L248) | `PGPASSWORD` | `"despair"` | -| [`database.postgres.port`](./values.yaml#L239) | `PGPORT` | `5432` | -| [`database.postgres.tls`](./values.yaml#L268) | TLS settings | [...](./values.yaml#L268) | -| [`database.postgres.tls.commonName`](./values.yaml#L281) | Common name for the certificate (`PGSSL_CERT_COMMON_NAME`), defaults to `PGHOST` value | `""` | -| [`database.postgres.tls.enabled`](./values.yaml#L271) | Enable TLS (`PGSSL`) | `false` | -| [`database.postgres.tls.hostVerify`](./values.yaml#L277) | Negated `PGSSL_DISABLE_HOSTNAME_VERIFY` | `true` | -| [`database.postgres.tls.trustBundle`](./values.yaml#L285) | Trust bundle for PostgreSQL, sets `PGSSL_CA_CERTS`, mutually exclusive with `trustFileName` and takes precedence | `""` | -| [`database.postgres.tls.trustFileName`](./values.yaml#L288) | Path from `certificateTrust.customCertificates`, wraps around `PGSSL_CA_CERT_PATH` | `""` | -| [`database.postgres.tls.verify`](./values.yaml#L274) | Negated `PGSSL_DISABLE_VERIFY` | `true` | -| [`database.postgres.username`](./values.yaml#L245) | `PGUSER` | `"postgres"` | +| [`database`](./values.yaml#L220) | Database | | +| [`database.connections`](./values.yaml#L229) | `DATABASE_CONNECTIONS` | `20` | +| [`database.enabled`](./values.yaml#L223) | Persistent storage enabled | `true` | +| [`database.engine`](./values.yaml#L226) | Database engine: only `postgres` is currently supported | `"postgres"` | +| [`database.migrationJob`](./values.yaml#L293) | Database migration jobs. | [...](./values.yaml#L293) | +| [`database.migrationJob.enabled`](./values.yaml#L296) | It `true`, results in `ENABLE_DATABASE_MIGRATIONS=false` in the main Document Engine container | `false` | +| [`database.postgres`](./values.yaml#L234) | PostgreSQL database settings | [...](./values.yaml#L234) | +| [`database.postgres.adminPassword`](./values.yaml#L255) | `PG_ADMIN_PASSWORD` | `"despair"` | +| [`database.postgres.adminUsername`](./values.yaml#L252) | `PG_ADMIN_USER` | `"postgres"` | +| [`database.postgres.database`](./values.yaml#L243) | `PGDATABASE` | `"document-engine"` | +| [`database.postgres.externalAdminSecretName`](./values.yaml#L264) | External secret for administrative database credentials, used for migrations: `PG_ADMIN_USER` and `PG_ADMIN_PASSWORD` | `""` | +| [`database.postgres.externalSecretName`](./values.yaml#L260) | Use external secret for database credentials. `PGUSER` and `PGPASSWORD` must be provided and, if not defined: `PGDATABASE`, `PGHOST`, `PGPORT`, `PGSSL` | `""` | +| [`database.postgres.host`](./values.yaml#L237) | `PGHOST`, if not set, and `cloudNativePG.enabled`, will rely on the Cluster | `""` | +| [`database.postgres.password`](./values.yaml#L249) | `PGPASSWORD` | `"despair"` | +| [`database.postgres.port`](./values.yaml#L240) | `PGPORT` | `5432` | +| [`database.postgres.tls`](./values.yaml#L269) | TLS settings | [...](./values.yaml#L269) | +| [`database.postgres.tls.commonName`](./values.yaml#L282) | Common name for the certificate (`PGSSL_CERT_COMMON_NAME`), defaults to `PGHOST` value | `""` | +| [`database.postgres.tls.enabled`](./values.yaml#L272) | Enable TLS (`PGSSL`) | `false` | +| [`database.postgres.tls.hostVerify`](./values.yaml#L278) | Negated `PGSSL_DISABLE_HOSTNAME_VERIFY` | `true` | +| [`database.postgres.tls.trustBundle`](./values.yaml#L286) | Trust bundle for PostgreSQL, sets `PGSSL_CA_CERTS`, mutually exclusive with `trustFileName` and takes precedence | `""` | +| [`database.postgres.tls.trustFileName`](./values.yaml#L289) | Path from `certificateTrust.customCertificates`, wraps around `PGSSL_CA_CERT_PATH` | `""` | +| [`database.postgres.tls.verify`](./values.yaml#L275) | Negated `PGSSL_DISABLE_VERIFY` | `true` | +| [`database.postgres.username`](./values.yaml#L246) | `PGUSER` | `"postgres"` | ### Document lifecycle | Key | Description | Default | |-----|-------------|---------| -| [`documentLifecycle`](./values.yaml#L308) | Document lifecycle management | | -| [`documentLifecycle.bulkDocumentDeletionEnabled`](./values.yaml#L311) | `ENABLE_BULK_DOCUMENT_DELETION`: enable `/api/async/delete_documents` API endpoint | `false` | -| [`documentLifecycle.expirationJob`](./values.yaml#L315) | Regular job to remove documents from the database, requires `documentLifecycle.bulkDocumentDeletionEnabled` to be `true` | [...](./values.yaml#L315) | -| [`documentLifecycle.expirationJob.deletionPrefix`](./values.yaml#L328) | Only delete documents with IDs beginning with this prefix. Leave empty to delete all documents matching the time filter. | `"ephemeral"` | -| [`documentLifecycle.expirationJob.enabled`](./values.yaml#L318) | Enable the document expiration job | `false` | -| [`documentLifecycle.expirationJob.keepHours`](./values.yaml#L324) | Documents TTL in hours | `24` | -| [`documentLifecycle.expirationJob.schedule`](./values.yaml#L321) | Expiration job schedule in cron format | `"13 * * * *"` | -| [`documentLifecycle.expirationJob.serviceAccountName`](./values.yaml#L339) | Service account name to specify for the expiration jobs | `""` | +| [`documentLifecycle`](./values.yaml#L309) | Document lifecycle management | | +| [`documentLifecycle.bulkDocumentDeletionEnabled`](./values.yaml#L312) | `ENABLE_BULK_DOCUMENT_DELETION`: enable `/api/async/delete_documents` API endpoint | `false` | +| [`documentLifecycle.expirationJob`](./values.yaml#L316) | Regular job to remove documents from the database, requires `documentLifecycle.bulkDocumentDeletionEnabled` to be `true` | [...](./values.yaml#L316) | +| [`documentLifecycle.expirationJob.deletionPrefix`](./values.yaml#L329) | Only delete documents with IDs beginning with this prefix. Leave empty to delete all documents matching the time filter. | `"ephemeral"` | +| [`documentLifecycle.expirationJob.enabled`](./values.yaml#L319) | Enable the document expiration job | `false` | +| [`documentLifecycle.expirationJob.keepHours`](./values.yaml#L325) | Documents TTL in hours | `24` | +| [`documentLifecycle.expirationJob.schedule`](./values.yaml#L322) | Expiration job schedule in cron format | `"13 * * * *"` | +| [`documentLifecycle.expirationJob.serviceAccountName`](./values.yaml#L340) | Service account name to specify for the expiration jobs | `""` | ### Asset storage | Key | Description | Default | |-----|-------------|---------| -| [`assetStorage`](./values.yaml#L350) | Everything about storing and caching assets | | -| [`assetStorage.azure`](./values.yaml#L422) | Azure blob storage settings, in case `assetStorage.backendType` is set to `azure` | [...](./values.yaml#L422) | -| [`assetStorage.azure.container`](./values.yaml#L433) | `AZURE_STORAGE_DEFAULT_CONTAINER` | `""` | -| [`assetStorage.backendFallback`](./values.yaml#L369) | Asset storage fallback settings | [...](./values.yaml#L369) | -| [`assetStorage.backendFallback.enabled`](./values.yaml#L372) | `ENABLE_ASSET_STORAGE_FALLBACK` | `false` | -| [`assetStorage.backendFallback.enabledAzure`](./values.yaml#L381) | `ENABLE_ASSET_STORAGE_FALLBACK_AZURE` | `false` | -| [`assetStorage.backendFallback.enabledPostgres`](./values.yaml#L375) | `ENABLE_ASSET_STORAGE_FALLBACK_POSTGRES` | `false` | -| [`assetStorage.backendFallback.enabledS3`](./values.yaml#L378) | `ENABLE_ASSET_STORAGE_FALLBACK_S3` | `false` | -| [`assetStorage.backendType`](./values.yaml#L362) | Asset storage backend is only available if `database.enabled` is `true` Sets `ASSET_STORAGE_BACKEND`: `built-in`, `s3` or `azure` | `"built-in"` | -| [`assetStorage.fileUploadTimeoutSeconds`](./values.yaml#L365) | `FILE_UPLOAD_TIMEOUT_MS` in seconds | `30` | -| [`assetStorage.localCacheSizeMegabytes`](./values.yaml#L354) | Sets local asset storage value in megabytes Results in `ASSET_STORAGE_CACHE_SIZE` (in bytes) | `2000` | -| [`assetStorage.localCacheTimeoutSeconds`](./values.yaml#L358) | Sets local asset storage cache timeout in seconds Results in `ASSET_STORAGE_CACHE_TIMEOUT` (in milliseconds) | `5` | -| [`assetStorage.redis`](./values.yaml#L451) | Redis settings for caching and prerendering | [...](./values.yaml#L451) | -| [`assetStorage.redis.database`](./values.yaml#L469) | `REDIS_DATABASE` | `""` | -| [`assetStorage.redis.enabled`](./values.yaml#L454) | `USE_REDIS_CACHE` | `false` | -| [`assetStorage.redis.externalSecretName`](./values.yaml#L506) | External secret name. Must contain `REDIS_USERNAME` and `REDIS_PASSWORD` if they are needed, and _may_ set other values | `""` | -| [`assetStorage.redis.host`](./values.yaml#L463) | `REDIS_HOST` | `"{{ .Release.Name }}-redis-master"` | -| [`assetStorage.redis.password`](./values.yaml#L495) | `REDIS_PASSWORD` | `""` | -| [`assetStorage.redis.port`](./values.yaml#L466) | `REDIS_PORT` | `6379` | -| [`assetStorage.redis.sentinel`](./values.yaml#L474) | Redis Sentinel | [...](./values.yaml#L474) | -| [`assetStorage.redis.tls`](./values.yaml#L499) | TLS settings | | -| [`assetStorage.redis.tls.enabled`](./values.yaml#L502) | Enable TLS (`REDIS_SSL`) | `false` | -| [`assetStorage.redis.ttlSeconds`](./values.yaml#L460) | `REDIS_TTL` Time to live in seconds | `86400` | -| [`assetStorage.redis.useTtl`](./values.yaml#L457) | `USE_REDIS_TTL_FOR_PRERENDERING` | `true` | -| [`assetStorage.redis.username`](./values.yaml#L492) | `REDIS_USERNAME` | `""` | -| [`assetStorage.s3`](./values.yaml#L385) | S3 backend storage settings, in case `assetStorage.backendType` is set to `s3 | [...](./values.yaml#L385) | -| [`assetStorage.s3.bucket`](./values.yaml#L396) | `ASSET_STORAGE_S3_BUCKET` | `"document-engine-assets"` | -| [`assetStorage.s3.region`](./values.yaml#L399) | `ASSET_STORAGE_S3_REGION` | `"us-east-1"` | +| [`assetStorage`](./values.yaml#L351) | Everything about storing and caching assets | | +| [`assetStorage.azure`](./values.yaml#L423) | Azure blob storage settings, in case `assetStorage.backendType` is set to `azure` | [...](./values.yaml#L423) | +| [`assetStorage.azure.container`](./values.yaml#L434) | `AZURE_STORAGE_DEFAULT_CONTAINER` | `""` | +| [`assetStorage.backendFallback`](./values.yaml#L370) | Asset storage fallback settings | [...](./values.yaml#L370) | +| [`assetStorage.backendFallback.enabled`](./values.yaml#L373) | `ENABLE_ASSET_STORAGE_FALLBACK` | `false` | +| [`assetStorage.backendFallback.enabledAzure`](./values.yaml#L382) | `ENABLE_ASSET_STORAGE_FALLBACK_AZURE` | `false` | +| [`assetStorage.backendFallback.enabledPostgres`](./values.yaml#L376) | `ENABLE_ASSET_STORAGE_FALLBACK_POSTGRES` | `false` | +| [`assetStorage.backendFallback.enabledS3`](./values.yaml#L379) | `ENABLE_ASSET_STORAGE_FALLBACK_S3` | `false` | +| [`assetStorage.backendType`](./values.yaml#L363) | Asset storage backend is only available if `database.enabled` is `true` Sets `ASSET_STORAGE_BACKEND`: `built-in`, `s3` or `azure` | `"built-in"` | +| [`assetStorage.fileUploadTimeoutSeconds`](./values.yaml#L366) | `FILE_UPLOAD_TIMEOUT_MS` in seconds | `30` | +| [`assetStorage.localCacheSizeMegabytes`](./values.yaml#L355) | Sets local asset storage value in megabytes Results in `ASSET_STORAGE_CACHE_SIZE` (in bytes) | `2000` | +| [`assetStorage.localCacheTimeoutSeconds`](./values.yaml#L359) | Sets local asset storage cache timeout in seconds Results in `ASSET_STORAGE_CACHE_TIMEOUT` (in milliseconds) | `5` | +| [`assetStorage.redis`](./values.yaml#L452) | Redis settings for caching and prerendering | [...](./values.yaml#L452) | +| [`assetStorage.redis.database`](./values.yaml#L470) | `REDIS_DATABASE` | `""` | +| [`assetStorage.redis.enabled`](./values.yaml#L455) | `USE_REDIS_CACHE` | `false` | +| [`assetStorage.redis.externalSecretName`](./values.yaml#L507) | External secret name. Must contain `REDIS_USERNAME` and `REDIS_PASSWORD` if they are needed, and _may_ set other values | `""` | +| [`assetStorage.redis.host`](./values.yaml#L464) | `REDIS_HOST` | `"{{ .Release.Name }}-redis-master"` | +| [`assetStorage.redis.password`](./values.yaml#L496) | `REDIS_PASSWORD` | `""` | +| [`assetStorage.redis.port`](./values.yaml#L467) | `REDIS_PORT` | `6379` | +| [`assetStorage.redis.sentinel`](./values.yaml#L475) | Redis Sentinel | [...](./values.yaml#L475) | +| [`assetStorage.redis.tls`](./values.yaml#L500) | TLS settings | | +| [`assetStorage.redis.tls.enabled`](./values.yaml#L503) | Enable TLS (`REDIS_SSL`) | `false` | +| [`assetStorage.redis.ttlSeconds`](./values.yaml#L461) | `REDIS_TTL` Time to live in seconds | `86400` | +| [`assetStorage.redis.useTtl`](./values.yaml#L458) | `USE_REDIS_TTL_FOR_PRERENDERING` | `true` | +| [`assetStorage.redis.username`](./values.yaml#L493) | `REDIS_USERNAME` | `""` | +| [`assetStorage.s3`](./values.yaml#L386) | S3 backend storage settings, in case `assetStorage.backendType` is set to `s3 | [...](./values.yaml#L386) | +| [`assetStorage.s3.bucket`](./values.yaml#L397) | `ASSET_STORAGE_S3_BUCKET` | `"document-engine-assets"` | +| [`assetStorage.s3.region`](./values.yaml#L400) | `ASSET_STORAGE_S3_REGION` | `"us-east-1"` | ### Statefulness | Key | Description | Default | |-----|-------------|---------| -| [`persistence`](./values.yaml#L524) | Persistent storage settings for StatefulSet pods. Only used when `workloadType` is `StatefulSet`. | [...](./values.yaml#L524) | -| [`persistence.accessModes`](./values.yaml#L530) | PVC access modes | `["ReadWriteOnce"]` | -| [`persistence.annotations`](./values.yaml#L540) | Annotations for each PVC | `{}` | -| [`persistence.mountPath`](./values.yaml#L537) | Mount path inside the container | `"/srv/pspdfkit/assets"` | -| [`persistence.selectorLabels`](./values.yaml#L543) | Selector labels for PVCs | `{}` | -| [`persistence.size`](./values.yaml#L534) | PVC storage size | `"10Gi"` | -| [`persistence.storageClassName`](./values.yaml#L527) | Storage class for PVCs. Empty string uses cluster default. | `"standard"` | -| [`podManagementPolicy`](./values.yaml#L518) | Pod management policy for StatefulSet: `OrderedReady` or `Parallel`. Only used when `workloadType` is `StatefulSet`. | `"OrderedReady"` | -| [`workloadType`](./values.yaml#L513) | Workload type: `Deployment` or `StatefulSet`. When `StatefulSet`, persistent storage is provisioned per pod via volumeClaimTemplates. **Note:** Switching an existing release from Deployment to StatefulSet requires deleting the existing Deployment first, as Kubernetes cannot change a resource kind in-place. | `"Deployment"` | +| [`persistence`](./values.yaml#L525) | Persistent storage settings for StatefulSet pods. Only used when `workloadType` is `StatefulSet`. | [...](./values.yaml#L525) | +| [`persistence.accessModes`](./values.yaml#L531) | PVC access modes | `["ReadWriteOnce"]` | +| [`persistence.annotations`](./values.yaml#L541) | Annotations for each PVC | `{}` | +| [`persistence.mountPath`](./values.yaml#L538) | Mount path inside the container | `"/srv/pspdfkit/assets"` | +| [`persistence.selectorLabels`](./values.yaml#L544) | Selector labels for PVCs | `{}` | +| [`persistence.size`](./values.yaml#L535) | PVC storage size | `"10Gi"` | +| [`persistence.storageClassName`](./values.yaml#L528) | Storage class for PVCs. Empty string uses cluster default. | `"standard"` | +| [`podManagementPolicy`](./values.yaml#L519) | Pod management policy for StatefulSet: `OrderedReady` or `Parallel`. Only used when `workloadType` is `StatefulSet`. | `"OrderedReady"` | +| [`workloadType`](./values.yaml#L514) | Workload type: `Deployment` or `StatefulSet`. When `StatefulSet`, persistent storage is provisioned per pod via volumeClaimTemplates. **Note:** Switching an existing release from Deployment to StatefulSet requires deleting the existing Deployment first, as Kubernetes cannot change a resource kind in-place. | `"Deployment"` | ### Digital signatures | Key | Description | Default | |-----|-------------|---------| -| [`documentSigningService`](./values.yaml#L548) | Signing service parameters | | -| [`documentSigningService.cadesLevel`](./values.yaml#L574) | `DIGITAL_SIGNATURE_CADES_LEVEL` | `"b-lt"` | -| [`documentSigningService.certificateCheckTime`](./values.yaml#L577) | `DIGITAL_SIGNATURE_CERTIFICATE_CHECK_TIME` | `"current_time"` | -| [`documentSigningService.defaultSignatureLocation`](./values.yaml#L568) | `DEFAULT_SIGNATURE_LOCATION` | `"Head Quarters"` | -| [`documentSigningService.defaultSignatureReason`](./values.yaml#L564) | `DEFAULT_SIGNATURE_REASON` | `"approved"` | -| [`documentSigningService.defaultSignerName`](./values.yaml#L560) | `DEFAULT_SIGNER_NAME` | `"John Doe"` | -| [`documentSigningService.enabled`](./values.yaml#L551) | Enable signing service integration | `false` | -| [`documentSigningService.hashAlgorithm`](./values.yaml#L571) | `DIGITAL_SIGNATURE_HASH_ALGORITHM` | `"sha512"` | -| [`documentSigningService.timeoutSeconds`](./values.yaml#L557) | `SIGNING_SERVICE_TIMEOUT` in seconds | `10` | -| [`documentSigningService.timestampAuthority`](./values.yaml#L581) | Timestamp Authority (TSA) settings | [...](./values.yaml#L581) | -| [`documentSigningService.timestampAuthority.url`](./values.yaml#L584) | `TIMESTAMP_AUTHORITY_URL` | `"https://freetsa.org/"` | -| [`documentSigningService.url`](./values.yaml#L554) | `SIGNING_SERVICE_URL` | `"https://signing-thing.local/sign"` | +| [`documentSigningService`](./values.yaml#L549) | Signing service parameters | | +| [`documentSigningService.cadesLevel`](./values.yaml#L575) | `DIGITAL_SIGNATURE_CADES_LEVEL` | `"b-lt"` | +| [`documentSigningService.certificateCheckTime`](./values.yaml#L578) | `DIGITAL_SIGNATURE_CERTIFICATE_CHECK_TIME` | `"current_time"` | +| [`documentSigningService.defaultSignatureLocation`](./values.yaml#L569) | `DEFAULT_SIGNATURE_LOCATION` | `"Head Quarters"` | +| [`documentSigningService.defaultSignatureReason`](./values.yaml#L565) | `DEFAULT_SIGNATURE_REASON` | `"approved"` | +| [`documentSigningService.defaultSignerName`](./values.yaml#L561) | `DEFAULT_SIGNER_NAME` | `"John Doe"` | +| [`documentSigningService.enabled`](./values.yaml#L552) | Enable signing service integration | `false` | +| [`documentSigningService.hashAlgorithm`](./values.yaml#L572) | `DIGITAL_SIGNATURE_HASH_ALGORITHM` | `"sha512"` | +| [`documentSigningService.timeoutSeconds`](./values.yaml#L558) | `SIGNING_SERVICE_TIMEOUT` in seconds | `10` | +| [`documentSigningService.timestampAuthority`](./values.yaml#L582) | Timestamp Authority (TSA) settings | [...](./values.yaml#L582) | +| [`documentSigningService.timestampAuthority.url`](./values.yaml#L585) | `TIMESTAMP_AUTHORITY_URL` | `"https://freetsa.org/"` | +| [`documentSigningService.url`](./values.yaml#L555) | `SIGNING_SERVICE_URL` | `"https://signing-thing.local/sign"` | ### Document conversion | Key | Description | Default | |-----|-------------|---------| -| [`documentConversion`](./values.yaml#L597) | Document conversion parameters | | -| [`documentConversion.spreadsheetMaxContentHeightMm`](./values.yaml#L601) | Maximal spreadsheet content height in millimetres (`SPREADSHEET_MAX_CONTENT_HEIGHT_MM`). Defaults to `0` for unlimited height. | `0` | -| [`documentConversion.spreadsheetMaxContentWidthMm`](./values.yaml#L605) | Maximal spreadsheet content width in millimetres (`SPREADSHEET_MAX_CONTENT_WIDTH_MM`). Defaults to `0` for unlimited width. | `0` | +| [`documentConversion`](./values.yaml#L598) | Document conversion parameters | | +| [`documentConversion.spreadsheetMaxContentHeightMm`](./values.yaml#L602) | Maximal spreadsheet content height in millimetres (`SPREADSHEET_MAX_CONTENT_HEIGHT_MM`). Defaults to `0` for unlimited height. | `0` | +| [`documentConversion.spreadsheetMaxContentWidthMm`](./values.yaml#L606) | Maximal spreadsheet content width in millimetres (`SPREADSHEET_MAX_CONTENT_WIDTH_MM`). Defaults to `0` for unlimited width. | `0` | ### Clustering @@ -562,191 +562,192 @@ Note: | Key | Description | Default | |-----|-------------|---------| -| [`clustering`](./values.yaml#L610) | Clustering settings | | -| [`clustering.enabled`](./values.yaml#L613) | `CLUSTERING_ENABLED`, enable clustering, only works when `replicaCount` is greater than 1 | `false` | -| [`clustering.method`](./values.yaml#L616) | `CLUSTERING_METHOD`, only `kubernetes_dns` is currently supported | `"kubernetes_dns"` | +| [`clustering`](./values.yaml#L611) | Clustering settings | | +| [`clustering.enabled`](./values.yaml#L614) | `CLUSTERING_ENABLED`, enable clustering, only works when `replicaCount` is greater than 1 | `false` | +| [`clustering.method`](./values.yaml#L617) | `CLUSTERING_METHOD`, only `kubernetes_dns` is currently supported | `"kubernetes_dns"` | ### Dashboard | Key | Description | Default | |-----|-------------|---------| -| [`dashboard`](./values.yaml#L627) | Document Engine Dashboard settings | | -| [`dashboard.auth`](./values.yaml#L647) | Dashboard authentication | [...](./values.yaml#L647) | -| [`dashboard.auth.externalSecret`](./values.yaml#L657) | Use an external secret for dashboard credentials | [...](./values.yaml#L657) | -| [`dashboard.auth.externalSecret.name`](./values.yaml#L660) | External secret name | `""` | -| [`dashboard.auth.externalSecret.passwordKey`](./values.yaml#L666) | Secret key name for the password | `"DASHBOARD_PASSWORD"` | -| [`dashboard.auth.externalSecret.usernameKey`](./values.yaml#L663) | Secret key name for the username | `"DASHBOARD_USERNAME"` | -| [`dashboard.auth.password`](./values.yaml#L653) | `DASHBOARD_PASSWORD` — will generate a random password if not set | `""` | -| [`dashboard.auth.username`](./values.yaml#L650) | `DASHBOARD_USERNAME` | `"admin"` | -| [`dashboard.enabled`](./values.yaml#L630) | Enable dashboard | `true` | -| [`dashboard.rateLimitingEnabled`](./values.yaml#L635) | `DASHBOARD_RATE_LIMITING_ENABLED` — enables rate limiting for dashboard authentication to prevent brute force attacks. When enabled, failed authentication attempts are tracked per IP address. | `true` | -| [`dashboard.rateLimitingMaxRequests`](./values.yaml#L639) | `DASHBOARD_RATE_LIMITING_MAX_REQUESTS` — maximum number of failed authentication attempts allowed per IP address within the time window before blocking. | `5` | -| [`dashboard.rateLimitingWindowMs`](./values.yaml#L643) | `DASHBOARD_RATE_LIMITING_WINDOW_MS` — time window in milliseconds for tracking failed authentication attempts. After this period, the counter resets. | `60000` | +| [`dashboard`](./values.yaml#L628) | Document Engine Dashboard settings | | +| [`dashboard.auth`](./values.yaml#L648) | Dashboard authentication | [...](./values.yaml#L648) | +| [`dashboard.auth.externalSecret`](./values.yaml#L658) | Use an external secret for dashboard credentials | [...](./values.yaml#L658) | +| [`dashboard.auth.externalSecret.name`](./values.yaml#L661) | External secret name | `""` | +| [`dashboard.auth.externalSecret.passwordKey`](./values.yaml#L667) | Secret key name for the password | `"DASHBOARD_PASSWORD"` | +| [`dashboard.auth.externalSecret.usernameKey`](./values.yaml#L664) | Secret key name for the username | `"DASHBOARD_USERNAME"` | +| [`dashboard.auth.password`](./values.yaml#L654) | `DASHBOARD_PASSWORD` — will generate a random password if not set | `""` | +| [`dashboard.auth.username`](./values.yaml#L651) | `DASHBOARD_USERNAME` | `"admin"` | +| [`dashboard.enabled`](./values.yaml#L631) | Enable dashboard | `true` | +| [`dashboard.rateLimitingEnabled`](./values.yaml#L636) | `DASHBOARD_RATE_LIMITING_ENABLED` — enables rate limiting for dashboard authentication to prevent brute force attacks. When enabled, failed authentication attempts are tracked per IP address. | `true` | +| [`dashboard.rateLimitingMaxRequests`](./values.yaml#L640) | `DASHBOARD_RATE_LIMITING_MAX_REQUESTS` — maximum number of failed authentication attempts allowed per IP address within the time window before blocking. | `5` | +| [`dashboard.rateLimitingWindowMs`](./values.yaml#L644) | `DASHBOARD_RATE_LIMITING_WINDOW_MS` — time window in milliseconds for tracking failed authentication attempts. After this period, the counter resets. | `60000` | ### Environment | Key | Description | Default | |-----|-------------|---------| -| [`extraEnvFrom`](./values.yaml#L855) | Extra environment variables from resources | `[]` | -| [`extraEnvs`](./values.yaml#L852) | Extra environment variables | `[]` | -| [`extraVolumeMounts`](./values.yaml#L861) | Additional volume mounts for Document Engine container | `[]` | -| [`extraVolumes`](./values.yaml#L858) | Additional volumes | `[]` | -| [`image`](./values.yaml#L812) | Image settings | [...](./values.yaml#L812) | -| [`imagePullSecrets`](./values.yaml#L819) | Pull secrets | `[]` | -| [`initContainers`](./values.yaml#L867) | Init containers | `[]` | -| [`podSecurityContext`](./values.yaml#L838) | Pod security context | `{"fsGroup":999}` | -| [`securityContext`](./values.yaml#L842) | Security context | `{}` | -| [`serviceAccount`](./values.yaml#L831) | ServiceAccount | [...](./values.yaml#L831) | -| [`sidecars`](./values.yaml#L864) | Additional containers | `[]` | +| [`extraEnvFrom`](./values.yaml#L862) | Extra environment variables from resources | `[]` | +| [`extraEnvs`](./values.yaml#L859) | Extra environment variables | `[]` | +| [`extraVolumeMounts`](./values.yaml#L868) | Additional volume mounts for Document Engine container | `[]` | +| [`extraVolumes`](./values.yaml#L865) | Additional volumes | `[]` | +| [`image`](./values.yaml#L819) | Image settings | [...](./values.yaml#L819) | +| [`imagePullSecrets`](./values.yaml#L826) | Pull secrets | `[]` | +| [`initContainers`](./values.yaml#L874) | Init containers | `[]` | +| [`podSecurityContext`](./values.yaml#L845) | Pod security context | `{"fsGroup":999}` | +| [`securityContext`](./values.yaml#L849) | Security context | `{}` | +| [`serviceAccount`](./values.yaml#L838) | ServiceAccount | [...](./values.yaml#L838) | +| [`sidecars`](./values.yaml#L871) | Additional containers | `[]` | ### Metadata | Key | Description | Default | |-----|-------------|---------| -| [`deploymentAnnotations`](./values.yaml#L877) | Workload annotations (`Deployment`/`StatefulSet`) | `{}` | -| [`deploymentExtraSelectorLabels`](./values.yaml#L882) | Additional selector labels for the workload (`Deployment`/`StatefulSet`) **Note:** Kubernetes selectors are immutable. Changing this value after first install may require recreating the workload. | `{}` | -| [`fullnameOverride`](./values.yaml#L826) | Release full name override | `""` | -| [`nameOverride`](./values.yaml#L823) | Release name override | `""` | -| [`podAnnotations`](./values.yaml#L874) | Pod annotations | `{}` | -| [`podLabels`](./values.yaml#L871) | Pod labels | `{}` | +| [`deploymentAnnotations`](./values.yaml#L884) | Workload annotations (`Deployment`/`StatefulSet`) | `{}` | +| [`deploymentExtraSelectorLabels`](./values.yaml#L889) | Additional selector labels for the workload (`Deployment`/`StatefulSet`) **Note:** Kubernetes selectors are immutable. Changing this value after first install may require recreating the workload. | `{}` | +| [`fullnameOverride`](./values.yaml#L833) | Release full name override | `""` | +| [`nameOverride`](./values.yaml#L830) | Release name override | `""` | +| [`podAnnotations`](./values.yaml#L881) | Pod annotations | `{}` | +| [`podLabels`](./values.yaml#L878) | Pod labels | `{}` | ### Networking | Key | Description | Default | |-----|-------------|---------| -| [`envoySidecar`](./values.yaml#L1051) | Envoy sidecar for consistent hashing by document ID | [...](./values.yaml#L1051) | -| [`envoySidecar.adminPort`](./values.yaml#L1067) | Admin port for Envoy | `9901` | -| [`envoySidecar.enabled`](./values.yaml#L1054) | Enable Envoy sidecar for consistent hashing | `false` | -| [`envoySidecar.healthCheck`](./values.yaml#L1071) | Health check configuration for upstream cluster | [...](./values.yaml#L1071) | -| [`envoySidecar.healthCheck.healthyThreshold`](./values.yaml#L1083) | Healthy threshold | `2` | -| [`envoySidecar.healthCheck.interval`](./values.yaml#L1077) | Health check interval | `"10s"` | -| [`envoySidecar.healthCheck.timeout`](./values.yaml#L1074) | Health check timeout | `"5s"` | -| [`envoySidecar.healthCheck.unhealthyThreshold`](./values.yaml#L1080) | Unhealthy threshold | `2` | -| [`envoySidecar.image`](./values.yaml#L1058) | Envoy sidecar image configuration | [...](./values.yaml#L1058) | -| [`envoySidecar.port`](./values.yaml#L1064) | Port where Envoy sidecar listens | `8080` | -| [`envoySidecar.resources`](./values.yaml#L1087) | Resource limits for Envoy sidecar | [...](./values.yaml#L1087) | -| [`extraIngresses`](./values.yaml#L942) | Additional ingresses, e.g. for the dashboard | [...](./values.yaml#L942) | -| [`gateway`](./values.yaml#L958) | Kubernetes [Gateway API](https://gateway-api.sigs.k8s.io/) | [...](./values.yaml#L958) | -| [`gateway.annotations`](./values.yaml#L964) | Annotations for the HTTPRoute resource | `{}` | -| [`gateway.enabled`](./values.yaml#L961) | Enable Gateway API HTTPRoute | `false` | -| [`gateway.extraHTTPRoutes`](./values.yaml#L1032) | Additional HTTPRoutes, e.g. for the dashboard | [...](./values.yaml#L1032) | -| [`gateway.gateway`](./values.yaml#L994) | Optional [Gateway](https://gateway-api.sigs.k8s.io/api-types/gateway/) resource. Most clusters have Gateways managed by platform teams; enable this only if you want the chart to create one. | [...](./values.yaml#L994) | -| [`gateway.gateway.addresses`](./values.yaml#L1027) | Gateway [addresses](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.GatewayAddress) | `[]` | -| [`gateway.gateway.annotations`](./values.yaml#L1003) | Annotations for the Gateway resource | `{}` | -| [`gateway.gateway.enabled`](./values.yaml#L997) | Create a Gateway resource | `false` | -| [`gateway.gateway.gatewayClassName`](./values.yaml#L1000) | GatewayClass name (e.g. `amazon-vpc-lattice`, or a custom ALB class) | `""` | -| [`gateway.gateway.infrastructure`](./values.yaml#L1020) | [Infrastructure](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.GatewayInfrastructure) parameters, e.g. `parametersRef` for AWS Load Balancer Controller | `{}` | -| [`gateway.gateway.labels`](./values.yaml#L1006) | Labels for the Gateway resource | `{}` | -| [`gateway.gateway.listeners`](./values.yaml#L1009) | Gateway [listeners](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Listener) | `[]` | -| [`gateway.hostnames`](./values.yaml#L978) | Hostnames for the HTTPRoute | `[]` | -| [`gateway.labels`](./values.yaml#L967) | Labels for the HTTPRoute resource | `{}` | -| [`gateway.parentRefs`](./values.yaml#L972) | References to Gateway resources this route attaches to. When `gateway.gateway.enabled` is true and this is empty, the chart-created Gateway is used automatically. See [ParentRef](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.ParentReference) | `[]` | -| [`gateway.rules`](./values.yaml#L984) | HTTP routing rules. When empty, a default catch-all rule routing to the chart service is created. When rules are provided without `backendRefs`, the chart service is used as the default backend. | `[]` | -| [`ingress`](./values.yaml#L907) | Ingress | [...](./values.yaml#L907) | -| [`ingress.annotations`](./values.yaml#L916) | Ingress annotations | `{}` | -| [`ingress.className`](./values.yaml#L913) | Ingress class name | `""` | -| [`ingress.enabled`](./values.yaml#L910) | Enable ingress | `false` | -| [`ingress.hosts`](./values.yaml#L919) | Hosts | `[]` | -| [`ingress.tls`](./values.yaml#L933) | Ingress TLS section | `[]` | -| [`networkPolicy`](./values.yaml#L1099) | [Network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) | [...](./values.yaml#L1099) | -| [`networkPolicy.allowExternal`](./values.yaml#L1107) | Allow access from anywhere | `true` | -| [`networkPolicy.allowExternalEgress`](./values.yaml#L1131) | Allow the pod to access any range of port and all destinations. | `true` | -| [`networkPolicy.enabled`](./values.yaml#L1102) | Enable network policy | `true` | -| [`networkPolicy.extraEgress`](./values.yaml#L1134) | Extra egress rules | `[]` | -| [`networkPolicy.extraIngress`](./values.yaml#L1110) | Additional ingress rules | `[]` | -| [`networkPolicy.ingressMatchSelectorLabels`](./values.yaml#L1125) | Allow traffic from other namespaces | `[]` | -| [`service`](./values.yaml#L887) | Service | [...](./values.yaml#L887) | -| [`service.annotations`](./values.yaml#L896) | Service annotations | `{}` | -| [`service.internalTrafficPolicy`](./values.yaml#L899) | Service internal traffic policy | `"Cluster"` | -| [`service.port`](./values.yaml#L893) | Service port — see also `config.port` | `5000` | -| [`service.trafficDistribution`](./values.yaml#L902) | Service [traffic distribution policy](https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution) | `nil` | -| [`service.type`](./values.yaml#L890) | Service type | `"ClusterIP"` | +| [`envoySidecar`](./values.yaml#L1058) | Envoy sidecar for consistent hashing by document ID | [...](./values.yaml#L1058) | +| [`envoySidecar.adminPort`](./values.yaml#L1074) | Admin port for Envoy | `9901` | +| [`envoySidecar.enabled`](./values.yaml#L1061) | Enable Envoy sidecar for consistent hashing | `false` | +| [`envoySidecar.healthCheck`](./values.yaml#L1078) | Health check configuration for upstream cluster | [...](./values.yaml#L1078) | +| [`envoySidecar.healthCheck.healthyThreshold`](./values.yaml#L1090) | Healthy threshold | `2` | +| [`envoySidecar.healthCheck.interval`](./values.yaml#L1084) | Health check interval | `"10s"` | +| [`envoySidecar.healthCheck.timeout`](./values.yaml#L1081) | Health check timeout | `"5s"` | +| [`envoySidecar.healthCheck.unhealthyThreshold`](./values.yaml#L1087) | Unhealthy threshold | `2` | +| [`envoySidecar.image`](./values.yaml#L1065) | Envoy sidecar image configuration | [...](./values.yaml#L1065) | +| [`envoySidecar.port`](./values.yaml#L1071) | Port where Envoy sidecar listens | `8080` | +| [`envoySidecar.resources`](./values.yaml#L1094) | Resource limits for Envoy sidecar | [...](./values.yaml#L1094) | +| [`extraIngresses`](./values.yaml#L949) | Additional ingresses, e.g. for the dashboard | [...](./values.yaml#L949) | +| [`gateway`](./values.yaml#L965) | Kubernetes [Gateway API](https://gateway-api.sigs.k8s.io/) | [...](./values.yaml#L965) | +| [`gateway.annotations`](./values.yaml#L971) | Annotations for the HTTPRoute resource | `{}` | +| [`gateway.enabled`](./values.yaml#L968) | Enable Gateway API HTTPRoute | `false` | +| [`gateway.extraHTTPRoutes`](./values.yaml#L1039) | Additional HTTPRoutes, e.g. for the dashboard | [...](./values.yaml#L1039) | +| [`gateway.gateway`](./values.yaml#L1001) | Optional [Gateway](https://gateway-api.sigs.k8s.io/api-types/gateway/) resource. Most clusters have Gateways managed by platform teams; enable this only if you want the chart to create one. | [...](./values.yaml#L1001) | +| [`gateway.gateway.addresses`](./values.yaml#L1034) | Gateway [addresses](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.GatewayAddress) | `[]` | +| [`gateway.gateway.annotations`](./values.yaml#L1010) | Annotations for the Gateway resource | `{}` | +| [`gateway.gateway.enabled`](./values.yaml#L1004) | Create a Gateway resource | `false` | +| [`gateway.gateway.gatewayClassName`](./values.yaml#L1007) | GatewayClass name (e.g. `amazon-vpc-lattice`, or a custom ALB class) | `""` | +| [`gateway.gateway.infrastructure`](./values.yaml#L1027) | [Infrastructure](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.GatewayInfrastructure) parameters, e.g. `parametersRef` for AWS Load Balancer Controller | `{}` | +| [`gateway.gateway.labels`](./values.yaml#L1013) | Labels for the Gateway resource | `{}` | +| [`gateway.gateway.listeners`](./values.yaml#L1016) | Gateway [listeners](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Listener) | `[]` | +| [`gateway.hostnames`](./values.yaml#L985) | Hostnames for the HTTPRoute | `[]` | +| [`gateway.labels`](./values.yaml#L974) | Labels for the HTTPRoute resource | `{}` | +| [`gateway.parentRefs`](./values.yaml#L979) | References to Gateway resources this route attaches to. When `gateway.gateway.enabled` is true and this is empty, the chart-created Gateway is used automatically. See [ParentRef](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.ParentReference) | `[]` | +| [`gateway.rules`](./values.yaml#L991) | HTTP routing rules. When empty, a default catch-all rule routing to the chart service is created. When rules are provided without `backendRefs`, the chart service is used as the default backend. | `[]` | +| [`ingress`](./values.yaml#L914) | Ingress | [...](./values.yaml#L914) | +| [`ingress.annotations`](./values.yaml#L923) | Ingress annotations | `{}` | +| [`ingress.className`](./values.yaml#L920) | Ingress class name | `""` | +| [`ingress.enabled`](./values.yaml#L917) | Enable ingress | `false` | +| [`ingress.hosts`](./values.yaml#L926) | Hosts | `[]` | +| [`ingress.tls`](./values.yaml#L940) | Ingress TLS section | `[]` | +| [`networkPolicy`](./values.yaml#L1106) | [Network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) | [...](./values.yaml#L1106) | +| [`networkPolicy.allowExternal`](./values.yaml#L1114) | Allow access from anywhere | `true` | +| [`networkPolicy.allowExternalEgress`](./values.yaml#L1138) | Allow the pod to access any range of port and all destinations. | `true` | +| [`networkPolicy.enabled`](./values.yaml#L1109) | Enable network policy | `true` | +| [`networkPolicy.extraEgress`](./values.yaml#L1141) | Extra egress rules | `[]` | +| [`networkPolicy.extraIngress`](./values.yaml#L1117) | Additional ingress rules | `[]` | +| [`networkPolicy.ingressMatchSelectorLabels`](./values.yaml#L1132) | Allow traffic from other namespaces | `[]` | +| [`service`](./values.yaml#L894) | Service | [...](./values.yaml#L894) | +| [`service.annotations`](./values.yaml#L903) | Service annotations | `{}` | +| [`service.internalTrafficPolicy`](./values.yaml#L906) | Service internal traffic policy | `"Cluster"` | +| [`service.port`](./values.yaml#L900) | Service port — see also `config.port` | `5000` | +| [`service.trafficDistribution`](./values.yaml#L909) | Service [traffic distribution policy](https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution) | `nil` | +| [`service.type`](./values.yaml#L897) | Service type | `"ClusterIP"` | ### Observability | Key | Description | Default | |-----|-------------|---------| -| [`observability`](./values.yaml#L671) | Observability settings | | -| [`observability.log`](./values.yaml#L675) | Logs | [...](./values.yaml#L675) | -| [`observability.log.healthcheckLevel`](./values.yaml#L684) | `HEALTHCHECK_LOGLEVEL` — log level for health checks | `"debug"` | -| [`observability.log.level`](./values.yaml#L678) | `LOG_LEVEL` | `"info"` | -| [`observability.log.structured`](./values.yaml#L681) | `LOG_STRUCTURED` — enable structured logging in JSON format | `false` | -| [`observability.metrics`](./values.yaml#L719) | Metrics configuration | [...](./values.yaml#L719) | -| [`observability.metrics.customTags`](./values.yaml#L725) | Global metrics tags for all exporters: `METRICS_CUSTOM_TAGS` | *generated* | -| [`observability.metrics.grafanaDashboard`](./values.yaml#L767) | Grafana dashboard | [...](./values.yaml#L767) | -| [`observability.metrics.grafanaDashboard.configMap`](./values.yaml#L775) | ConfigMap parameters | [...](./values.yaml#L775) | -| [`observability.metrics.grafanaDashboard.configMap.labels`](./values.yaml#L778) | ConfigMap labels | `{"grafana_dashboard":"1"}` | -| [`observability.metrics.grafanaDashboard.enabled`](./values.yaml#L771) | Enable Grafana dashboard. To work, requires Prometheus metrics enabled in `observability.metrics.prometheusEndpoint.enabled` | `false` | -| [`observability.metrics.grafanaDashboard.tags`](./values.yaml#L788) | Dashboard tags | `["Nutrient","document-engine"]` | -| [`observability.metrics.grafanaDashboard.title`](./values.yaml#L785) | Dashboard title | *generated* | -| [`observability.metrics.prometheusEndpoint`](./values.yaml#L729) | Prometheus metrics endpoint settings | [...](./values.yaml#L729) | -| [`observability.metrics.prometheusEndpoint.enabled`](./values.yaml#L732) | Enable Prometheus metrics endpoint, `ENABLE_PROMETHEUS` | `false` | -| [`observability.metrics.prometheusEndpoint.port`](./values.yaml#L735) | Port for the Prometheus metrics endpoint, `PROMETHEUS_PORT` | `10254` | -| [`observability.metrics.prometheusRule`](./values.yaml#L759) | Prometheus [PrometheusRule](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.PrometheusRule) Requires `observability.metrics.prometheusEndpoint.enabled` to be `true` | [...](./values.yaml#L759) | -| [`observability.metrics.serviceMonitor`](./values.yaml#L744) | Prometheus [ServiceMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.ServiceMonitor) Requires `observability.metrics.prometheusEndpoint.enabled` to be `true` | [...](./values.yaml#L744) | -| [`observability.metrics.statsd`](./values.yaml#L794) | StatsD parameters | [...](./values.yaml#L794) | -| [`observability.metrics.statsd.customTags`](./values.yaml#L807) | StatsD custom tags, `STATSD_CUSTOM_TAGS` | `` | -| [`observability.metrics.statsd.port`](./values.yaml#L803) | StatsD port, `STATSD_PORT` | `9125` | -| [`observability.opentelemetry`](./values.yaml#L688) | OpenTelemetry settings | [...](./values.yaml#L688) | -| [`observability.opentelemetry.enabled`](./values.yaml#L691) | Enable OpenTelemetry (`ENABLE_OPENTELEMETRY`), only tracing is currently supported | `false` | -| [`observability.opentelemetry.otelPropagators`](./values.yaml#L707) | `OTEL_PROPAGATORS`, propagators | `""` | -| [`observability.opentelemetry.otelResourceAttributes`](./values.yaml#L704) | `OTEL_RESOURCE_ATTRIBUTES`, resource attributes | `""` | -| [`observability.opentelemetry.otelServiceName`](./values.yaml#L701) | `OTEL_SERVICE_NAME`, service name | `""` | -| [`observability.opentelemetry.otelTracesSampler`](./values.yaml#L712) | `OTEL_TRACES_SAMPLER`, should normally not be touched to allow custom `parent_based` work, but something like `parentbased_traceidratio` may be considered | `""` | -| [`observability.opentelemetry.otelTracesSamplerArg`](./values.yaml#L715) | `OTEL_TRACES_SAMPLER_ARG`, argument for the sampler | `""` | -| [`observability.opentelemetry.otlpExporterEndpoint`](./values.yaml#L695) | https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ `OTEL_EXPORTER_OTLP_ENDPOINT`, if not set, defaults to `http://localhost:4317` | `""` | -| [`observability.opentelemetry.otlpExporterProtocol`](./values.yaml#L698) | `OTEL_EXPORTER_OTLP_PROTOCOL`, if not set, defaults to `grpc` | `""` | +| [`observability`](./values.yaml#L672) | Observability settings | | +| [`observability.log`](./values.yaml#L676) | Logs | [...](./values.yaml#L676) | +| [`observability.log.healthcheckLevel`](./values.yaml#L691) | `HEALTHCHECK_LOGLEVEL` — log level for health checks | `"debug"` | +| [`observability.log.level`](./values.yaml#L679) | `LOG_LEVEL` | `"info"` | +| [`observability.log.structured`](./values.yaml#L682) | `LOG_STRUCTURED` — enable structured logging in JSON format | `false` | +| [`observability.log.structuredFlatten`](./values.yaml#L688) | `LOG_STRUCTURED_FLATTEN` — when structured logging is enabled, emit `meta`, `location`, `exception`, and `extra` fields as top-level dotted fields (e.g. `meta.event`, `location.file`) instead of nested JSON. Useful for OpenTelemetry collector pipelines and log backends that index top-level attributes. Only applies when `observability.log.structured` is `true`. | `true` | +| [`observability.metrics`](./values.yaml#L726) | Metrics configuration | [...](./values.yaml#L726) | +| [`observability.metrics.customTags`](./values.yaml#L732) | Global metrics tags for all exporters: `METRICS_CUSTOM_TAGS` | *generated* | +| [`observability.metrics.grafanaDashboard`](./values.yaml#L774) | Grafana dashboard | [...](./values.yaml#L774) | +| [`observability.metrics.grafanaDashboard.configMap`](./values.yaml#L782) | ConfigMap parameters | [...](./values.yaml#L782) | +| [`observability.metrics.grafanaDashboard.configMap.labels`](./values.yaml#L785) | ConfigMap labels | `{"grafana_dashboard":"1"}` | +| [`observability.metrics.grafanaDashboard.enabled`](./values.yaml#L778) | Enable Grafana dashboard. To work, requires Prometheus metrics enabled in `observability.metrics.prometheusEndpoint.enabled` | `false` | +| [`observability.metrics.grafanaDashboard.tags`](./values.yaml#L795) | Dashboard tags | `["Nutrient","document-engine"]` | +| [`observability.metrics.grafanaDashboard.title`](./values.yaml#L792) | Dashboard title | *generated* | +| [`observability.metrics.prometheusEndpoint`](./values.yaml#L736) | Prometheus metrics endpoint settings | [...](./values.yaml#L736) | +| [`observability.metrics.prometheusEndpoint.enabled`](./values.yaml#L739) | Enable Prometheus metrics endpoint, `ENABLE_PROMETHEUS` | `false` | +| [`observability.metrics.prometheusEndpoint.port`](./values.yaml#L742) | Port for the Prometheus metrics endpoint, `PROMETHEUS_PORT` | `10254` | +| [`observability.metrics.prometheusRule`](./values.yaml#L766) | Prometheus [PrometheusRule](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.PrometheusRule) Requires `observability.metrics.prometheusEndpoint.enabled` to be `true` | [...](./values.yaml#L766) | +| [`observability.metrics.serviceMonitor`](./values.yaml#L751) | Prometheus [ServiceMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.ServiceMonitor) Requires `observability.metrics.prometheusEndpoint.enabled` to be `true` | [...](./values.yaml#L751) | +| [`observability.metrics.statsd`](./values.yaml#L801) | StatsD parameters | [...](./values.yaml#L801) | +| [`observability.metrics.statsd.customTags`](./values.yaml#L814) | StatsD custom tags, `STATSD_CUSTOM_TAGS` | `` | +| [`observability.metrics.statsd.port`](./values.yaml#L810) | StatsD port, `STATSD_PORT` | `9125` | +| [`observability.opentelemetry`](./values.yaml#L695) | OpenTelemetry settings | [...](./values.yaml#L695) | +| [`observability.opentelemetry.enabled`](./values.yaml#L698) | Enable OpenTelemetry (`ENABLE_OPENTELEMETRY`), only tracing is currently supported | `false` | +| [`observability.opentelemetry.otelPropagators`](./values.yaml#L714) | `OTEL_PROPAGATORS`, propagators | `""` | +| [`observability.opentelemetry.otelResourceAttributes`](./values.yaml#L711) | `OTEL_RESOURCE_ATTRIBUTES`, resource attributes | `""` | +| [`observability.opentelemetry.otelServiceName`](./values.yaml#L708) | `OTEL_SERVICE_NAME`, service name | `""` | +| [`observability.opentelemetry.otelTracesSampler`](./values.yaml#L719) | `OTEL_TRACES_SAMPLER`, should normally not be touched to allow custom `parent_based` work, but something like `parentbased_traceidratio` may be considered | `""` | +| [`observability.opentelemetry.otelTracesSamplerArg`](./values.yaml#L722) | `OTEL_TRACES_SAMPLER_ARG`, argument for the sampler | `""` | +| [`observability.opentelemetry.otlpExporterEndpoint`](./values.yaml#L702) | https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ `OTEL_EXPORTER_OTLP_ENDPOINT`, if not set, defaults to `http://localhost:4317` | `""` | +| [`observability.opentelemetry.otlpExporterProtocol`](./values.yaml#L705) | `OTEL_EXPORTER_OTLP_PROTOCOL`, if not set, defaults to `grpc` | `""` | ### Pod lifecycle | Key | Description | Default | |-----|-------------|---------| -| [`lifecycle`](./values.yaml#L1194) | [Lifecycle](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) | `map[]` | -| [`livenessProbe`](./values.yaml#L1164) | [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | [...](./values.yaml#L1164) | -| [`readinessProbe`](./values.yaml#L1177) | [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | [...](./values.yaml#L1177) | -| [`startupProbe`](./values.yaml#L1151) | [Startup probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | [...](./values.yaml#L1151) | -| [`terminationGracePeriodSeconds`](./values.yaml#L1190) | [Termination grace period](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/). Should be greater than the longest expected request processing time (`config.requestTimeoutSeconds`). | `65` | +| [`lifecycle`](./values.yaml#L1201) | [Lifecycle](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/) | `map[]` | +| [`livenessProbe`](./values.yaml#L1171) | [Liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | [...](./values.yaml#L1171) | +| [`readinessProbe`](./values.yaml#L1184) | [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | [...](./values.yaml#L1184) | +| [`startupProbe`](./values.yaml#L1158) | [Startup probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | [...](./values.yaml#L1158) | +| [`terminationGracePeriodSeconds`](./values.yaml#L1197) | [Termination grace period](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/). Should be greater than the longest expected request processing time (`config.requestTimeoutSeconds`). | `65` | ### Scheduling | Key | Description | Default | |-----|-------------|---------| -| [`affinity`](./values.yaml#L1249) | Node affinity | `{}` | -| [`autoscaling`](./values.yaml#L1202) | [Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | [...](./values.yaml#L1202) | -| [`nodeSelector`](./values.yaml#L1246) | [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) | `{}` | -| [`podDisruptionBudget`](./values.yaml#L1239) | [Pod disruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) | [...](./values.yaml#L1239) | -| [`priorityClassName`](./values.yaml#L1258) | [Priority classs](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) | `""` | -| [`replicaCount`](./values.yaml#L1227) | Number of replicas | `1` | -| [`resources`](./values.yaml#L1224) | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | `{}` | -| [`schedulerName`](./values.yaml#L1261) | [Scheduler](https://kubernetes.io/docs/concepts/scheduling-eviction/kube-scheduler/) | `""` | -| [`tolerations`](./values.yaml#L1252) | [Node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | `[]` | -| [`topologySpreadConstraints`](./values.yaml#L1255) | [Topology spread constraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/) | `[]` | -| [`updateStrategy`](./values.yaml#L1230) | [Update strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) | `{"rollingUpdate":{},"type":"RollingUpdate"}` | +| [`affinity`](./values.yaml#L1256) | Node affinity | `{}` | +| [`autoscaling`](./values.yaml#L1209) | [Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | [...](./values.yaml#L1209) | +| [`nodeSelector`](./values.yaml#L1253) | [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) | `{}` | +| [`podDisruptionBudget`](./values.yaml#L1246) | [Pod disruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) | [...](./values.yaml#L1246) | +| [`priorityClassName`](./values.yaml#L1265) | [Priority classs](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) | `""` | +| [`replicaCount`](./values.yaml#L1234) | Number of replicas | `1` | +| [`resources`](./values.yaml#L1231) | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | `{}` | +| [`schedulerName`](./values.yaml#L1268) | [Scheduler](https://kubernetes.io/docs/concepts/scheduling-eviction/kube-scheduler/) | `""` | +| [`tolerations`](./values.yaml#L1259) | [Node tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | `[]` | +| [`topologySpreadConstraints`](./values.yaml#L1262) | [Topology spread constraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/) | `[]` | +| [`updateStrategy`](./values.yaml#L1237) | [Update strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) | `{"rollingUpdate":{},"type":"RollingUpdate"}` | ### Storage resource definitions | Key | Description | Default | |-----|-------------|---------| -| [`cloudNativePG`](./values.yaml#L1266) | [CloudNativePG](https://cloudnative-pg.io/) resources | [...](./values.yaml#L1266) | -| [`cloudNativePG.clusterAnnotations`](./values.yaml#L1301) | Cluster annotations | `{}` | -| [`cloudNativePG.clusterLabels`](./values.yaml#L1298) | Cluster labels | `{}` | -| [`cloudNativePG.clusterName`](./values.yaml#L1278) | CloudNativePG custom Cluster name | `"{{ .Release.Name }}-postgres"` | -| [`cloudNativePG.clusterSpec`](./values.yaml#L1282) | CloudNativePG [cluster spec](https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-ClusterSpec) | [...](./values.yaml#L1282) | -| [`cloudNativePG.enabled`](./values.yaml#L1269) | Enable CloudNativePG resources | `false` | -| [`cloudNativePG.networkPolicy`](./values.yaml#L1310) | Network policy to allow access to the cluster | `{"enabled":true}` | -| [`cloudNativePG.operatorNamespace`](./values.yaml#L1272) | CloudNativePG operator namespace | `"cnpg-system"` | -| [`cloudNativePG.operatorReleaseName`](./values.yaml#L1275) | CloudNativePG operator release name | `"cloudnative-pg"` | -| [`cloudNativePG.superuserSecret`](./values.yaml#L1304) | Superuser secret to use with the cluster | `{"create":true,"password":"despair","username":"postgres"}` | +| [`cloudNativePG`](./values.yaml#L1273) | [CloudNativePG](https://cloudnative-pg.io/) resources | [...](./values.yaml#L1273) | +| [`cloudNativePG.clusterAnnotations`](./values.yaml#L1308) | Cluster annotations | `{}` | +| [`cloudNativePG.clusterLabels`](./values.yaml#L1305) | Cluster labels | `{}` | +| [`cloudNativePG.clusterName`](./values.yaml#L1285) | CloudNativePG custom Cluster name | `"{{ .Release.Name }}-postgres"` | +| [`cloudNativePG.clusterSpec`](./values.yaml#L1289) | CloudNativePG [cluster spec](https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-ClusterSpec) | [...](./values.yaml#L1289) | +| [`cloudNativePG.enabled`](./values.yaml#L1276) | Enable CloudNativePG resources | `false` | +| [`cloudNativePG.networkPolicy`](./values.yaml#L1317) | Network policy to allow access to the cluster | `{"enabled":true}` | +| [`cloudNativePG.operatorNamespace`](./values.yaml#L1279) | CloudNativePG operator namespace | `"cnpg-system"` | +| [`cloudNativePG.operatorReleaseName`](./values.yaml#L1282) | CloudNativePG operator release name | `"cloudnative-pg"` | +| [`cloudNativePG.superuserSecret`](./values.yaml#L1311) | Superuser secret to use with the cluster | `{"create":true,"password":"despair","username":"postgres"}` | ### Other Values | Key | Description | Default | |-----|-------------|---------| -| [`config.hoard.binaryCopyEnabled`](./values.yaml#L153) | `HOARD_BINARY_COPY_ENABLED` — internal parameter, do not change unless explicitly recommended by Nutrient support. | `true` | -| [`config.hoard.binaryCopyThreshold`](./values.yaml#L155) | `HOARD_BINARY_COPY_THRESHOLD` — internal parameter, do not change unless explicitly recommended by Nutrient support. | `2` | -| [`config.http2SharedRendering.checkinTimeoutMilliseconds`](./values.yaml#L166) | `HTTP2_SHARED_RENDERING_PROCESS_CHECKIN_TIMEOUT` — document processing daemon checkin timeout. Do not change unless explicitly recommended by Nutrient support. | `0` | -| [`config.http2SharedRendering.checkoutTimeoutMilliseconds`](./values.yaml#L169) | `HTTP2_SHARED_RENDERING_PROCESS_CHECKOUT_TIMEOUT` — document processing daemon checkout timeout. Do not change unless explicitly recommended by Nutrient support. | `5000` | -| [`revisionHistoryLimit`](./values.yaml#L1234) | [Revision history limit](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) | `10` | +| [`config.hoard.binaryCopyEnabled`](./values.yaml#L154) | `HOARD_BINARY_COPY_ENABLED` — internal parameter, do not change unless explicitly recommended by Nutrient support. | `true` | +| [`config.hoard.binaryCopyThreshold`](./values.yaml#L156) | `HOARD_BINARY_COPY_THRESHOLD` — internal parameter, do not change unless explicitly recommended by Nutrient support. | `2` | +| [`config.http2SharedRendering.checkinTimeoutMilliseconds`](./values.yaml#L167) | `HTTP2_SHARED_RENDERING_PROCESS_CHECKIN_TIMEOUT` — document processing daemon checkin timeout. Do not change unless explicitly recommended by Nutrient support. | `0` | +| [`config.http2SharedRendering.checkoutTimeoutMilliseconds`](./values.yaml#L170) | `HTTP2_SHARED_RENDERING_PROCESS_CHECKOUT_TIMEOUT` — document processing daemon checkout timeout. Do not change unless explicitly recommended by Nutrient support. | `5000` | +| [`revisionHistoryLimit`](./values.yaml#L1241) | [Revision history limit](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) | `10` | ## Contribution diff --git a/charts/document-engine/templates/configmap.yaml b/charts/document-engine/templates/configmap.yaml index 6faa51e..7eec4c3 100644 --- a/charts/document-engine/templates/configmap.yaml +++ b/charts/document-engine/templates/configmap.yaml @@ -28,7 +28,9 @@ data: IGNORE_INVALID_ANNOTATIONS: {{ .Values.config.ignoreInvalidAnnotations | quote }} AUTOMATIC_LINK_EXTRACTION: {{ .Values.config.automaticLinkExtraction | quote }} MIN_SEARCH_QUERY_LENGTH: {{ .Values.config.minSearchQueryLength | quote }} - TILE_MAX_SCALE: {{ .Values.config.tileMaxScale | quote }} + {{- with .Values.config.tileMaxScale }} + TILE_MAX_SCALE: {{ . | quote }} + {{- end }} {{- with .Values.config.hoard }} HOARD_MAX_SIZE: {{ mul 1000000 .maxSizeMegaBytes | quote }} HOARD_BINARY_COPY_ENABLED: {{ .binaryCopyEnabled | quote }} @@ -200,6 +202,9 @@ data: {{- end }} LOG_LEVEL: {{ .log.level | quote }} LOG_STRUCTURED: {{ .log.structured | quote }} +{{- if .log.structured }} + LOG_STRUCTURED_FLATTEN: {{ .log.structuredFlatten | quote }} +{{- end }} HEALTHCHECK_LOGLEVEL: {{ .log.healthcheckLevel | quote }} {{- with .opentelemetry }} {{- if .enabled }} diff --git a/charts/document-engine/values.schema.json b/charts/document-engine/values.schema.json index 11a0a5e..f1f12e7 100644 --- a/charts/document-engine/values.schema.json +++ b/charts/document-engine/values.schema.json @@ -505,10 +505,6 @@ "minSearchQueryLength": { "type": "integer" }, - "tileMaxScale": { - "type": "number", - "exclusiveMinimum": 1 - }, "port": { "type": "integer" }, @@ -532,6 +528,13 @@ "requestTimeoutSeconds": { "type": "integer" }, + "tileMaxScale": { + "type": [ + "number", + "null" + ], + "minimum": 1 + }, "trustedProxies": { "type": "string" }, @@ -1108,6 +1111,9 @@ }, "structured": { "type": "boolean" + }, + "structuredFlatten": { + "type": "boolean" } } }, diff --git a/charts/document-engine/values.yaml b/charts/document-engine/values.yaml index 38c3ffb..777e2a4 100644 --- a/charts/document-engine/values.yaml +++ b/charts/document-engine/values.yaml @@ -138,9 +138,10 @@ config: # @section -- 03. Configuration options minSearchQueryLength: 3 # -- `TILE_MAX_SCALE` — maximum allowed tile scale, calculated as requested tile size divided by actual page size. - # Must be greater than 1. + # Must be greater than 1. When unset, no limit is enforced. # @section -- 03. Configuration options - tileMaxScale: 16 # @schema type: number; exclusiveMinimum: 1 + # @default -- unlimited + tileMaxScale: null # @schema type: number, null; minimum: 1 # -- Hoard — internal caching service parameters # @default -- none # @notationType -- reference @@ -679,6 +680,12 @@ observability: # -- `LOG_STRUCTURED` — enable structured logging in JSON format # @section -- D. Observability structured: false + # -- `LOG_STRUCTURED_FLATTEN` — when structured logging is enabled, emit `meta`, `location`, `exception`, and `extra` + # fields as top-level dotted fields (e.g. `meta.event`, `location.file`) instead of nested JSON. Useful for + # OpenTelemetry collector pipelines and log backends that index top-level attributes. Only applies when + # `observability.log.structured` is `true`. + # @section -- D. Observability + structuredFlatten: true # -- `HEALTHCHECK_LOGLEVEL` — log level for health checks # @section -- D. Observability healthcheckLevel: debug # @schema pattern:^(debug|info|warn|error)$