# SPDX-FileCopyrightText: Copyright (c) 2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved. # SPDX-License-Identifier: Apache-2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Used to generate top-level secrets (overridden by custom-values.yaml) imagePullSecrets: # Subcharts dynamo-operator: enabled: true imagePullSecrets: - name: gitlab-imagepull - name: nvcrimagepullsecret - name: docker-imagepullsecret natsAddr: "" etcdAddr: "" namespaceRestriction: enabled: true targetNamespace: "" controllerManager: manager: image: repository: "" tag: "latest" args: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 dynamo: apiStore: endpoint: http://dynamo-store clusterName: default internalImages: dynamoComponentsDownloader: rapidfort/curl:latest kaniko: gcr.io/kaniko-project/executor:debug buildkit: moby/buildkit:v0.20.2 buildkitRootless: moby/buildkit:v0.20.2-rootless debugger: python:3.12-slim enableRestrictedSecurityContext: false dockerRegistry: server: "" inClusterServer: "" username: "" password: "" secure: true dynamoComponentsRepositoryName: dynamo-pipelines imageBuildEngine: buildkit addNamespacePrefixToImageName: false estargz: enabled: false kaniko: cacheRepo: "" snapshotMode: "" dynamo-api-store: enabled: true namespaceRestriction: enabled: true targetNamespace: "" istio: enabled: false host: "" gateway: "" dynamo: env: resource_scope: "user" image: repository: "" tag: "latest" pullPolicy: IfNotPresent imagePullSecrets: ingress: enabled: false className: nginx hosts: - host: "" paths: - path: / pathType: Prefix postgresql: primary: persistence: enabled: false minio: persistence: enabled: true size: 5Gi storageClass: "" apiIngress: enabled: false ingressClassName: nginx hostname: minio.example.com pathType: Prefix etcd: enabled: false replicaCount: 1 # Explicitly remove authentication auth: rbac: create: false readinessProbe: enabled: false livenessProbe: enabled: false nats: enabled: false # reference a common CA Certificate or Bundle in all nats config `tls` blocks and nats-box contexts # note: `tls.verify` still must be set in the appropriate nats config `tls` blocks to require mTLS tlsCA: enabled: false config: cluster: enabled: false jetstream: enabled: true fileStore: enabled: true dir: /data ############################################################ # stateful set -> volume claim templates -> jetstream pvc ############################################################ pvc: enabled: true size: 10Gi storageClassName: # merge or patch the jetstream pvc # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#persistentvolumeclaim-v1-core merge: {} patch: [] # defaults to "{{ include "nats.fullname" $ }}-js" name: # defaults to the PVC size maxSize: memoryStore: enabled: false # merge or patch the jetstream config # https://docs.nats.io/running-a-nats-service/configuration#jetstream merge: {} patch: [] nats: port: 4222 tls: enabled: false # merge or patch the tls config # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls merge: {} patch: [] leafnodes: enabled: false websocket: enabled: false mqtt: enabled: false gateway: enabled: false monitor: enabled: true port: 8222 tls: # config.nats.tls must be enabled also # when enabled, monitoring port will use HTTPS with the options from config.nats.tls enabled: false profiling: enabled: false port: 65432 resolver: enabled: false # adds a prefix to the server name, which defaults to the pod name # helpful for ensuring server name is unique in a super cluster serverNamePrefix: "" # merge or patch the nats config # https://docs.nats.io/running-a-nats-service/configuration # following special rules apply # 1. strings that start with << and end with >> will be unquoted # use this for variables and numbers with units # 2. keys ending in $include will be switched to include directives # keys are sorted alphabetically, use prefix before $includes to control includes ordering # paths should be relative to /etc/nats-config/nats.conf # example: # # merge: # $include: ./my-config.conf # zzz$include: ./my-config-last.conf # server_name: nats # authorization: # token: << $TOKEN >> # jetstream: # max_memory_store: << 1GB >> # # will yield the config: # { # include ./my-config.conf; # "authorization": { # "token": $TOKEN # }, # "jetstream": { # "max_memory_store": 1GB # }, # "server_name": "nats", # include ./my-config-last.conf; # } merge: {} patch: [] ############################################################ # stateful set -> pod template -> nats container ############################################################ container: image: repository: nats tag: 2.10.21-alpine pullPolicy: registry: # container port options # must be enabled in the config section also # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#containerport-v1-core ports: nats: {} leafnodes: {} websocket: {} mqtt: {} cluster: {} gateway: {} monitor: {} profiling: {} # map with key as env var name, value can be string or map # example: # # env: # GOMEMLIMIT: 7GiB # TOKEN: # valueFrom: # secretKeyRef: # name: nats-auth # key: token env: {} # merge or patch the container # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core merge: {} patch: [] ############################################################ # stateful set -> pod template -> reloader container ############################################################ reloader: enabled: true image: repository: natsio/nats-server-config-reloader tag: 0.16.0 pullPolicy: registry: # env var map, see nats.env for an example env: {} # all nats container volume mounts with the following prefixes # will be mounted into the reloader container natsVolumeMountPrefixes: - /etc/ # merge or patch the container # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core merge: {} patch: [] ############################################################ # stateful set -> pod template -> prom-exporter container ############################################################ # config.monitor must be enabled promExporter: enabled: false ############################################################ # service ############################################################ service: enabled: true # service port options # additional boolean field enable to control whether port is exposed in the service # must be enabled in the config section also # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#serviceport-v1-core ports: nats: enabled: true leafnodes: enabled: true websocket: enabled: true mqtt: enabled: true cluster: enabled: false gateway: enabled: false monitor: enabled: false profiling: enabled: false # merge or patch the service # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#service-v1-core merge: {} patch: [] # defaults to "{{ include "nats.fullname" $ }}" name: ############################################################ # other nats extension points ############################################################ # stateful set statefulSet: # merge or patch the stateful set # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#statefulset-v1-apps merge: {} patch: [] # defaults to "{{ include "nats.fullname" $ }}" name: # stateful set -> pod template podTemplate: # adds a hash of the ConfigMap as a pod annotation # this will cause the StatefulSet to roll when the ConfigMap is updated configChecksumAnnotation: true # map of topologyKey: topologySpreadConstraint # labelSelector will be added to match StatefulSet pods # # topologySpreadConstraints: # kubernetes.io/hostname: # maxSkew: 1 # topologySpreadConstraints: {} # merge or patch the pod template # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#pod-v1-core merge: {} patch: [] # headless service headlessService: # merge or patch the headless service # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#service-v1-core merge: {} patch: [] # defaults to "{{ include "nats.fullname" $ }}-headless" name: # config map configMap: # merge or patch the config map # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#configmap-v1-core merge: {} patch: [] # defaults to "{{ include "nats.fullname" $ }}-config" name: # pod disruption budget podDisruptionBudget: enabled: true # service account serviceAccount: enabled: false ############################################################ # natsBox # # NATS Box Deployment and associated resources ############################################################ natsBox: enabled: true ############################################################ # NATS contexts ############################################################ contexts: default: creds: # set contents in order to create a secret with the creds file contents contents: # set secretName in order to mount an existing secret to dir secretName: # defaults to /etc/nats-creds/ dir: key: nats.creds nkey: # set contents in order to create a secret with the nkey file contents contents: # set secretName in order to mount an existing secret to dir secretName: # defaults to /etc/nats-nkeys/ dir: key: nats.nk # used to connect with client certificates tls: # set secretName in order to mount an existing secret to dir secretName: # defaults to /etc/nats-certs/ dir: cert: tls.crt key: tls.key # merge or patch the context # https://docs.nats.io/using-nats/nats-tools/nats_cli#nats-contexts merge: {} patch: [] # name of context to select by default defaultContextName: default ############################################################ # deployment -> pod template -> nats-box container ############################################################ container: image: repository: natsio/nats-box tag: 0.14.5 pullPolicy: registry: # env var map, see nats.env for an example env: {} # merge or patch the container # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core merge: {} patch: [] # service account serviceAccount: enabled: false