From da8ea8a2d609831ddbe092abd56d5ae8ad1868b0 Mon Sep 17 00:00:00 2001 From: Burak Berk Date: Thu, 9 Jan 2025 07:44:04 +0300 Subject: [PATCH] BE-5194 Improve Kubernete (helm deploy) documents (#777) --- docs/enterprise-app-store/portal-settings.md | 18 + .../_apply-helm-configuration-changes.mdx | 11 + .../configuration/advanced-configuration.md | 693 +++++------------- .../configuration/ca-certificates.md | 3 + .../enterprise-store-configuration.md | 3 + .../git-providers-configuration.md | 3 + .../configuration/ingress-configuration.md | 81 ++ .../configuration/ldap-configuration.md | 5 + .../configuration/license-configuration.md | 4 + .../request-size-configuration.md | 34 - .../configuration/sensitive-configuration.md | 5 + .../configuration/ssl-configuration.md | 51 +- .../configuration/storage-configuration.md | 2 +- .../helm-chart/installation/kubernetes.md | 56 +- .../install-server/helm-chart/upgrades.md | 112 ++- .../_configure-for-self-hosted.mdx | 5 +- 16 files changed, 510 insertions(+), 576 deletions(-) create mode 100644 docs/self-hosted-appcircle/install-server/helm-chart/configuration/_apply-helm-configuration-changes.mdx create mode 100644 docs/self-hosted-appcircle/install-server/helm-chart/configuration/ingress-configuration.md delete mode 100644 docs/self-hosted-appcircle/install-server/helm-chart/configuration/request-size-configuration.md diff --git a/docs/enterprise-app-store/portal-settings.md b/docs/enterprise-app-store/portal-settings.md index 62053880c..58af90fa0 100644 --- a/docs/enterprise-app-store/portal-settings.md +++ b/docs/enterprise-app-store/portal-settings.md @@ -167,6 +167,24 @@ Open your DNS provider's website and add a CNAME with the below details **Destination:** _**store-domain.appcircle.io**_ +:::info +For self-hosted users with a Kubernetes deployment, it is essential to configure DNS records appropriately for your environment. + +- Retrieve the ingress objects: + + ```bash + kubectl get ingress -n appcircle + ``` + +- Examine the `ADDRESS` column: + - If internal IP addresses are listed for the ingress objects: + - For internal-only access to Appcircle, use these IP addresses as the destination for `A` records. + - For internet access to Appcircle, use the public IP addresses of these nodes as the destination for `A` records. + - If `CNAME` records are listed for the ingress objects: + - Use the `CNAME` as the destination for `CNAME` records. + +::: + The below screenshot shows an example configuration screen from Cloudflare. diff --git a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/_apply-helm-configuration-changes.mdx b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/_apply-helm-configuration-changes.mdx new file mode 100644 index 000000000..2ecc99c8a --- /dev/null +++ b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/_apply-helm-configuration-changes.mdx @@ -0,0 +1,11 @@ +To apply configuration changes to the Appcircle server installation, update the Helm release with the new configuration using the following command: + +:::info +The namespace, release name, and Helm repository name in the example command below are written for the example installation document. If you have changed these values while installing the Appcircle server, adjust the values if required. +::: + +```bash +helm upgrade appcircle-server appcircle/appcircle \ + -n appcircle \ + -f values.yaml +``` \ No newline at end of file diff --git a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/advanced-configuration.md b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/advanced-configuration.md index 0b856b52e..e24f123e2 100644 --- a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/advanced-configuration.md +++ b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/advanced-configuration.md @@ -7,6 +7,7 @@ sidebar_label: Advanced Configuration --- import NeedHelp from '@site/docs/\_need-help.mdx'; +import ApplyHelmConfigurationChanges from '@site/docs/self-hosted-appcircle/install-server/helm-chart/configuration/\_apply-helm-configuration-changes.mdx'; For advanced configuration options, open the `values.yaml` file with your preferred text editor and modify the settings as needed. @@ -17,20 +18,20 @@ Once you have updated the `values.yaml` file, please proceed to the [Upgrade App To configure a custom domain for the Appcircle Testing Distribution, update your `values.yaml` file with the custom domain settings. Below is an example configuration for a custom Testing Distribution domain usage: ```yaml -global: +global: distribution: distribution-testerweb: url: https://dist.spacetech.com distribution: distribution-testerweb: ingress: - extraHosts: - - name: dist.spacetech.com - path: / + extraHosts: + - name: dist.spacetech.com + path: / extraTls: - - secretName: k8s-dist-spacetech-com-tls - hosts: - - dist.spacetech.com + - secretName: k8s-dist-spacetech-com-tls + hosts: + - dist.spacetech.com ``` :::caution @@ -40,9 +41,10 @@ The emails related to the Testing Distribution will now include the new domain i After updating the `values.yaml` file, create a TLS secret for the custom domain using the following command: :::info + - The certificate (`cert`) should be in **PEM format** and it's recommended to include the leaf (app), intermediate, and root (CA) certificates to form a **full-chain** certificate. - The private key (`key`) **should not be password-protected**. -::: + ::: ```bash kubectl create secret tls k8s-dist-spacetech-com-tls \ @@ -50,7 +52,6 @@ kubectl create secret tls k8s-dist-spacetech-com-tls \ --key=private.key ``` - ## Increase the Replica Counts With the default Helm values, the Appcircle server services being deployed with one replica. If you want to increase this number for high availability, you can do so by updating your `values.yaml` file: @@ -124,525 +125,169 @@ webhook: replicaCount: 2 ``` -## Values Table - -Users can view all available parameters of the Appcircle server Helm chart. - -### Parameters - -#### Global Parameters - -Example usage: - -```yaml -# Example usage: -global: - imageRegistry: "myregistry.com" -``` - -| Key | Type | Default Value | Description | -| --------------------------------------------------- | ------------------ | ------------- | ------------------------------------------- | -| global | object | - | Application global configuration | -| global.appEnvironment | string | Development | Global app environment | -| global.appVersion | string | - | Global app version | -| global.isSelfHosted | boolean | True | Global Is self-hosted setup | -| global.imageRegistry | string | | Global Docker image registry | -| global.imageRepositoryPath | string | | Global Docker image repository path | -| global.imageTag | string | | Global Docker image tag | -| global.imagePullSecrets | array | [] | Image pull secrets | -| global.ingressClassName | string | appcircle | Global ingress class name for all ingresses | -| global.defaultStorageClass | string | - | | -| global.urls | object | - | Global URLs configuration | -| global.urls.domainName | string | - | Domain name for the app (.example.com) | -| global.urls.scheme | string | http | URL scheme | -| global.urls.prefixSubdomain | ['string', 'null'] | - | Prefix subdomain for the app | -| global.urls.auth | object | - | | -| global.urls.auth.subdomain | string | auth | Auth subdomain | -| global.urls.privateApi | object | - | | -| global.urls.privateApi.subdomain | string | api | Private API subdomain | -| global.urls.webApp | object | - | | -| global.urls.webApp.subdomain | string | my | Web app subdomain | -| global.urls.webEvent | object | - | | -| global.urls.webEvent.subdomain | string | hook | Web event subdomain | -| global.urls.distributionTesterWeb | object | - | | -| global.urls.distributionTesterWeb.subdomain | string | dist | Distribution tester web subdomain | -| global.urls.store | object | - | | -| global.urls.store.subdomain | string | store | Store subdomain | -| global.urls.webEventRedis | object | - | | -| global.urls.webEventRedis.subdomain | string | kvs | Web event redis subdomain | -| global.urls.resource | object | - | | -| global.urls.resource.subdomain | string | resource | Resource subdomain | -| global.keycloak | object | - | | -| global.keycloak.clients | object | - | | -| global.keycloak.clients.appcircleWeb | object | - | | -| global.keycloak.clients.appcircleWeb.id | string | - | | -| global.keycloak.clients.reportingServer | object | - | | -| global.keycloak.clients.reportingServer.id | string | - | | -| global.keycloak.clients.licenseServer | object | - | | -| global.keycloak.clients.licenseServer.id | string | - | | -| global.keycloak.clients.storeServer | object | - | | -| global.keycloak.clients.storeServer.id | string | - | | -| global.keycloak.clients.storeWeb | object | - | | -| global.keycloak.clients.storeWeb.id | string | - | | -| global.keycloak.clients.storeAdminService | object | - | | -| global.keycloak.clients.storeAdminService.id | string | - | | -| global.keycloak.clients.distributionServer | object | - | | -| global.keycloak.clients.distributionServer.id | string | - | | -| global.keycloak.clients.distributionAdminService | object | - | | -| global.keycloak.clients.distributionAdminService.id | string | - | | -| global.keycloak.clients.distributionTesterWeb | object | - | | -| global.keycloak.clients.distributionTesterWeb.id | string | - | | -| global.keycloak.clients.publishServer | object | - | | -| global.keycloak.clients.publishServer.id | string | - | | -| global.keycloak.clients.buildServer | object | - | | -| global.keycloak.clients.buildServer.id | string | - | | -| global.mail | object | - | Global Mail configuration | -| global.mail.provider | string | - | | -| global.mail.smtp | object | - | SMTP configuration | -| global.mail.smtp.host | string | - | | -| global.mail.smtp.username | string | - | | -| global.mail.smtp.from | string | - | | -| global.mail.smtp.fromDisplayName | string | - | | -| global.mail.smtp.port | string | - | | -| global.mail.smtp.password | string | - | | -| global.mail.smtp.ssl | string | - | | -| global.mail.smtp.auth | string | - | | -| global.mail.smtp.starttls | string | - | | -| global.tlsWildcard | object | - | Global TLS wildcard configuration | -| global.tlsWildcard.cert | string | - | | -| global.tlsWildcard.caCert | string | - | | -| global.tlsWildcard.key | string | - | | -| global.trustedCerts | array | [] | Global Trusted certificates | -| global.minio | object | - | Global Minio configuration | -| global.minio.url | string | - | External Minio URL | -| global.minio.region | string | - | | -| global.minio.bucketPrefix | string | - | | -| global.minio.buckets | string | - | | -| global.containerRegistrySecret | string | - | Global container registry secret | -| global.redis | object | - | Global Redis configuration | -| global.redis.enabled | boolean | - | Enable common redis for all modules | -| global.redis.everyModule | boolean | - | Enable redis instances for every module | -| global.vault | object | - | Global Vault configuration | -| global.vault.url | string | - | External Vault URL | - -#### General Parameters - -```yaml -# Example usage: -redis: - architecture: "standalone" -``` - -| Key | Type | Default Value | Description | -| ----------------------------------------------------------------------------- | ------- | ------------- | --------------------------- | -| redis.architecture | string | - | | -| redis.auth | object | - | | -| redis.auth.sentinel | boolean | - | | -| redis.auth.existingSecret | string | - | | -| redis.auth.existingSecretPasswordKey | string | - | | -| redis.image | object | - | | -| redis.image.name | string | - | | -| redis.master | object | - | | -| redis.master.persistence | object | - | | -| redis.master.persistence.enabled | boolean | - | | -| redis.replica | object | - | | -| redis.replica.persistence | object | - | | -| redis.replica.persistence.enabled | boolean | - | | -| redis.replica.replicaCount | integer | - | | -| redis.replica.service | object | - | | -| redis.replica.service.resourcesPreset | string | - | | -| vault | object | - | Vault configuration | -| vault.injector | object | - | | -| vault.injector.enabled | boolean | - | | -| vault.server | object | - | | -| vault.server.dataStorage | object | - | | -| vault.server.dataStorage.size | string | - | | -| vault.server.authDelegator | object | - | | -| vault.server.authDelegator.enabled | boolean | - | | -| vault.server.image | object | - | | -| vault.server.image.repository | string | - | | -| vault.server.image.tag | string | - | | -| vault.server.standalone | object | - | | -| vault.server.standalone.enabled | boolean | - | | -| vault.server.standalone.config | string | - | | -| vault.server.extraVolumes | array | - | | -| vault.server.postStart | array | - | | -| vault.ui | object | - | | -| vault.ui.enabled | boolean | - | | -| vault.ui.externalPort | integer | - | | -| kafka | object | - | Kafka configuration | -| kafka.image | object | - | | -| kafka.image.name | string | - | | -| kafka.heapOpts | string | - | | -| kafka.controller | object | - | | -| kafka.controller.replicaCount | integer | - | | -| kafka.controller.resourcesPreset | string | - | | -| kafka.controller.persistence | object | - | | -| kafka.controller.persistence.enabled | boolean | - | | -| kafka.controller.persistence.size | string | - | | -| kafka.listeners | object | - | | -| kafka.listeners.client | object | - | | -| kafka.listeners.client.protocol | string | - | | -| kafka.listeners.controller | object | - | | -| kafka.listeners.controller.protocol | string | - | | -| kafka.listeners.interbroker | object | - | | -| kafka.listeners.interbroker.protocol | string | - | | -| kafka.metrics | object | - | | -| kafka.metrics.kafka | object | - | | -| kafka.metrics.kafka.enabled | boolean | - | | -| kafka.metrics.jmx | object | - | | -| kafka.metrics.jmx.enabled | boolean | - | | -| kafka.zookeeper | object | - | | -| kafka.zookeeper.auth | object | - | | -| kafka.zookeeper.auth.enabled | boolean | - | | -| kafka.zookeeper.metrics | object | - | | -| kafka.zookeeper.metrics.enabled | boolean | - | | -| kafka.client | object | - | | -| kafka.client.protocol | string | - | | -| kafka.extraConfig | string | - | | -| webeventredis | object | - | Webeventredis configuration | -| webeventredis.enabled | boolean | - | | -| webeventredis.architecture | string | - | | -| webeventredis.image | object | - | | -| webeventredis.image.name | string | - | | -| webeventredis.commonLabels | object | - | | -| webeventredis.commonLabels.app | string | - | | -| webeventredis.tls | object | - | | -| webeventredis.tls.enabled | boolean | - | | -| webeventredis.tls.authClients | boolean | - | | -| webeventredis.tls.existingSecret | string | - | | -| webeventredis.tls.certCAFilename | string | - | | -| webeventredis.tls.certFilename | string | - | | -| webeventredis.tls.certKeyFilename | string | - | | -| webeventredis.sentinel | object | - | | -| webeventredis.sentinel.enabled | boolean | - | | -| webeventredis.auth | object | - | | -| webeventredis.auth.sentinel | boolean | - | | -| webeventredis.auth.existingSecret | string | - | | -| webeventredis.auth.existingSecretPasswordKey | string | - | | -| webeventredis.replica | object | - | | -| webeventredis.replica.persistence | object | - | | -| webeventredis.replica.persistence.size | string | - | | -| webeventredis.replica.replicaCount | integer | - | | -| webeventredis.replica.service | object | - | | -| webeventredis.replica.service.resourcesPreset | string | - | | -| webeventredis.master | object | - | | -| webeventredis.master.persistence | object | - | | -| webeventredis.master.persistence.size | string | - | | -| webeventredis.master.service | object | - | | -| webeventredis.master.service.resourcesPreset | string | - | | -| webeventredis.master.service.extraPorts | array | - | | -| webeventredis.master.preExecCmds | string | - | | -| webeventredis.ingress | object | - | | -| webeventredis.ingress.enabled | boolean | - | | -| webeventredis.ingress.tls | boolean | - | | -| webeventredis.ingress.selfSigned | boolean | - | | -| webeventredis.ingress.ingressClassName | string | - | | -| webeventredis.ingress.annotations | object | - | | -| webeventredis.ingress.annotations.nginx.ingress.kubernetes.io/ssl-passthrough | string | - | | -| minio | object | - | Minio configuration | -| minio.mode | string | - | | -| minio.image | object | - | | -| minio.image.name | string | - | | -| minio.image.pullPolicy | string | - | | -| minio.persistence | object | - | | -| minio.persistence.enabled | boolean | - | | -| minio.persistence.size | string | - | | -| minio.resources | object | - | | -| minio.resources.requests | object | - | | -| minio.resources.requests.memory | string | - | | -| minio.resources.requests.cpu | string | - | | -| minio.extraVolumes | string | - | | -| minio.extraVolumeMounts | string | - | | -| minio.lifecycleHooks | object | - | | -| minio.lifecycleHooks.postStart | object | - | | -| minio.lifecycleHooks.postStart.exec | object | - | | -| minio.lifecycleHooks.postStart.exec.command | array | - | | -| minio.auth | object | - | | -| minio.auth.existingSecret | string | - | | -| minio.auth.rootUserSecretKey | string | - | | -| minio.auth.rootPasswordSecretKey | string | - | | -| auth | object | - | | -| auth.auth-keycloak | object | - | | -| auth.auth-keycloak.image | object | - | | -| auth.auth-keycloak.image.repository | string | - | | -| auth.auth-keycloak.imagePullSecrets | array | - | | -| auth.auth-keycloak.adminUsername | string | - | | -| auth.auth-keycloak.initialUsername | string | - | | -| auth.auth-keycloak.organizationName | string | - | | -| auth.ingress | object | - | | -| auth.ingress.enabled | boolean | - | | -| auth.migrations | object | - | | -| auth.migrations.enabled | string | - | | -| auth.migrations.extraFiles | array | - | | -| auth.auth-postgresql | object | - | | -| auth.auth-postgresql.image | object | - | | -| auth.auth-postgresql.image.name | string | - | | -| auth.auth-postgresql.primary | object | - | | -| auth.auth-postgresql.primary.persistence | object | - | | -| auth.auth-postgresql.primary.persistence.size | string | - | | -| mongodb | object | - | | -| mongodb.enabled | boolean | - | | -| mongodb.architecture | string | - | | -| mongodb.replicaSetName | string | - | | -| mongodb.image | object | - | | -| mongodb.image.name | string | - | | -| mongodb.replicaCount | integer | - | | -| mongodb.persistence | object | - | | -| mongodb.persistence.size | string | - | | -| mongodb.annotations | object | - | | -| mongodb.annotations.helm.sh/hook-weight | string | - | | -| mongodb.auth | object | - | | -| mongodb.auth.rootPassword | string | - | | -| mongodb.auth.replicaSetKey | string | - | | -| mongodb.auth.usernames | array | - | | -| mongodb.auth.passwords | array | - | | -| mongodb.auth.databases | array | - | | -| ingress-nginx | object | - | | -| ingress-nginx.enabled | boolean | True | Enable ingress-nginx | -| ingress-nginx.imagePullSecrets | array | - | | -| ingress-nginx.tcp | object | - | | -| ingress-nginx.tcp.6379 | string | - | | -| ingress-nginx.controller | object | - | | -| ingress-nginx.controller.kind | string | - | | -| ingress-nginx.controller.ingressClass | string | - | | -| ingress-nginx.controller.extraArgs | object | - | | -| ingress-nginx.controller.extraArgs.enable-ssl-passthrough | string | - | | -| ingress-nginx.controller.extraArgs.ingress-class | string | - | | -| ingress-nginx.controller.ingressClassResource | object | - | | -| ingress-nginx.controller.ingressClassResource.name | string | - | | -| ingress-nginx.controller.ingressClassResource.enabled | boolean | - | | -| ingress-nginx.controller.ingressClassResource.default | boolean | - | | -| ingress-nginx.controller.ingressClassResource.controllerClass | string | - | | -| ingress-nginx.controller.ingressClassResource.parameters | object | - | | -| ingress-nginx.controller.image | object | - | | -| ingress-nginx.controller.image.repository | string | - | | -| ingress-nginx.controller.image.tag | string | - | | -| ingress-nginx.controller.image.digest | string | - | | -| ingress-nginx.controller.config | object | - | | -| ingress-nginx.controller.config.proxy-body-size | string | - | | -| ingress-nginx.controller.config.proxy-connect-timeout | string | - | | -| ingress-nginx.controller.config.proxy-read-timeout | string | - | | -| ingress-nginx.controller.config.client-header-timeout | string | - | | -| ingress-nginx.controller.config.client-body-timeout | string | - | | -| ingress-nginx.controller.config.send-timeout | string | - | | -| ingress-nginx.controller.config.keepalive-timeout | string | - | | -| ingress-nginx.controller.admissionWebhooks | object | - | | -| ingress-nginx.controller.admissionWebhooks.enabled | boolean | - | | -| ingress-nginx.controller.admissionWebhooks.patch | object | - | | -| ingress-nginx.controller.admissionWebhooks.patch.image | object | - | | -| ingress-nginx.controller.admissionWebhooks.patch.image.repository | string | - | | -| ingress-nginx.controller.admissionWebhooks.patch.image.tag | string | - | | -| ingress-nginx.controller.admissionWebhooks.patch.image.pullPolicy | string | - | | -| ingress-nginx.controller.admissionWebhooks.patch.image.digest | string | - | | -| ingress-nginx.defaultBackend | object | - | | -| ingress-nginx.defaultBackend.enabled | boolean | - | | -| ingress-nginx.defaultBackend.image | object | - | | -| ingress-nginx.defaultBackend.image.repository | string | - | | -| ingress-nginx.defaultBackend.image.tag | string | - | | -| ingress-nginx.defaultBackend.image.pullPolicy | string | - | | -| ingress-nginx.defaultBackend.image.digest | string | - | | - -#### Auth Parameters - -Users can configure `auth.` values in `values.yaml` - -```yaml -# Example usage: -auth: - auth-keycloak: - adminPassword: password -``` +## Applying Configuration Changes -| Key | Type | Default Value | Description | -| ------------------------------------------------------ | ------- | ------------- | -------------------------------------- | -| auth-keycloak.adminPassword | string | - | Admin password for keycloak | -| auth-keycloak.adminUsername | string | - | Admin username for keycloak | -| auth-keycloak.allowDisposableEmails | boolean | - | Allow disposable emails | -| auth-keycloak.annotations | object | - | Annotations for keycloak | -| auth-keycloak.bruteForce | object | - | Brute force configuration for keycloak | -| auth-keycloak.bruteForce.bruteForceProtected | string | - | | -| auth-keycloak.bruteForce.failureFactor | string | - | | -| auth-keycloak.bruteForce.maxDeltaTimeSeconds | string | - | | -| auth-keycloak.bruteForce.maxFailureWaitSeconds | string | - | | -| auth-keycloak.bruteForce.minimumQuickLoginWaitSeconds | string | - | | -| auth-keycloak.bruteForce.permanentLockout | string | - | | -| auth-keycloak.bruteForce.quickLoginCheckMilliSeconds | string | - | | -| auth-keycloak.bruteForce.waitIncrementSeconds | string | - | | -| auth-keycloak.cli | object | - | | -| auth-keycloak.cli.enabled | boolean | - | | -| auth-keycloak.database | object | - | Database configuration for keycloak | -| auth-keycloak.database.database | string | - | | -| auth-keycloak.database.hostname | string | - | | -| auth-keycloak.database.password | string | - | | -| auth-keycloak.database.port | string | - | | -| auth-keycloak.database.username | string | - | | -| auth-keycloak.database.vendor | string | - | | -| auth-keycloak.defaultUserGroupRoles | string | - | | -| auth-keycloak.dmzCustomDomain | object | - | | -| auth-keycloak.dmzCustomDomain.domain | null | - | | -| auth-keycloak.dmzCustomDomain.enabled | boolean | - | | -| auth-keycloak.enabledOrganization | boolean | - | | -| auth-keycloak.enabledRegistration | boolean | - | | -| auth-keycloak.extraEnv | string | - | | -| auth-keycloak.extraInitContainers | string | - | | -| auth-keycloak.extraVolumeMounts | string | - | | -| auth-keycloak.extraVolumes | string | - | | -| auth-keycloak.identityProviders | object | - | | -| auth-keycloak.identityProviders.bitbucket | object | - | | -| auth-keycloak.identityProviders.bitbucket.clientId | null | - | | -| auth-keycloak.identityProviders.bitbucket.clientSecret | null | - | | -| auth-keycloak.identityProviders.bitbucket.enabled | boolean | - | | -| auth-keycloak.identityProviders.github | object | - | | -| auth-keycloak.identityProviders.github.clientId | null | - | | -| auth-keycloak.identityProviders.github.clientSecret | null | - | | -| auth-keycloak.identityProviders.github.enabled | boolean | - | | -| auth-keycloak.identityProviders.google | object | - | | -| auth-keycloak.identityProviders.google.clientId | null | - | | -| auth-keycloak.identityProviders.google.clientSecret | null | - | | -| auth-keycloak.identityProviders.google.enabled | boolean | - | | -| auth-keycloak.image | object | - | | -| auth-keycloak.image.pullPolicy | string | - | | -| auth-keycloak.image.repository | string | - | | -| auth-keycloak.image.tag | string | - | | -| auth-keycloak.importRealm | boolean | - | | -| auth-keycloak.ingress | object | - | | -| auth-keycloak.ingress.enabled | boolean | - | | -| auth-keycloak.initialOrganizationId | string | - | Initial organization id | -| auth-keycloak.initialPassword | string | - | Initial user password | -| auth-keycloak.initialUsername | string | - | Initial user name | -| auth-keycloak.organizationName | string | - | Initial organization name | -| auth-keycloak.recaptcha | object | - | Recaptcha configuration for keycloak | -| auth-keycloak.recaptcha.maxFailures | string | 4 | Recaptcha max failures | -| auth-keycloak.recaptcha.requirement | string | DISABLED | Recaptcha requirement | -| auth-keycloak.recaptcha.secret | string | - | | -| auth-keycloak.recaptcha.siteKey | string | - | | -| auth-keycloak.userLookupDecisionStrategy | string | - | | -| auth-postgresql | object | - | | -| auth-postgresql.architecture | string | standalone | PostgreSQL Architecture | -| auth-postgresql.enabled | boolean | - | Enable PostgreSQL | + -#### Common Module Parameters +## Values Table -Users can set values for `%MODULE_NAME%.` in `values.yaml`. +To deploy the Appcircle server with customized parameters, refer to the basic `values.yaml` configuration table below. -```yaml -# Example usage: -publish: - extraEnvVars: - - name: "EXAMPLE" - value: "example" -``` +### Parameters -| Key | Type | Default Value | Description | -| ------------------------------------------------- | -------------------- | ------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| affinity | ['object', 'string'] | - | Affinity for deployment pods assignment | -| args | array | - | Override default container args (useful when using custom images) | -| automountServiceAccountToken | boolean | - | Mount Service Account token in pods | -| autoscaling | object | - | Autoscaling configuration | -| autoscaling.hpa | object | - | | -| autoscaling.hpa.enabled | boolean | - | | -| autoscaling.hpa.maxReplicas | string | - | | -| autoscaling.hpa.minReplicas | string | - | | -| autoscaling.hpa.targetCPU | string | - | | -| autoscaling.hpa.targetMemory | string | - | | -| autoscaling.vpa | object | - | | -| autoscaling.vpa.annotations | ['object', 'string'] | - | | -| autoscaling.vpa.controlledResources | array | - | | -| autoscaling.vpa.enabled | boolean | - | | -| autoscaling.vpa.maxAllowed | object | - | | -| autoscaling.vpa.minAllowed | object | - | | -| autoscaling.vpa.updatePolicy | object | - | | -| autoscaling.vpa.updatePolicy.updateMode | string | Auto | Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod | -| clusterDomain | string | cluster.local | clusterDomain Kubernetes cluster domain name | -| command | array | - | Override default container command (useful when using custom images) | -| commonAnnotations | ['object', 'string'] | - | Annotations to add to all deployed objects | -| commonLabels | object | - | Labels to add to all deployed objects | -| containerPorts | object | - | | -| containerPorts.http | integer | - | HTTP container port | -| containerPorts.https | integer | - | HTTPS container port | -| containerSecurityContext | object | - | Configure Container Security Context | -| containerSecurityContext.allowPrivilegeEscalation | boolean | False | Set allowPrivilegeEscalation in container' Security Context | -| containerSecurityContext.capabilities | object | - | | -| containerSecurityContext.capabilities.drop | array | - | List of capabilities to be dropped in container | -| containerSecurityContext.enabled | boolean | False | Enabled container' Security Context | -| containerSecurityContext.privileged | boolean | False | Set privileged in container' Security Context | -| containerSecurityContext.readOnlyRootFilesystem | boolean | True | Set readOnlyRootFilesystem in container' Security Context | -| containerSecurityContext.runAsGroup | integer | 1001 | Set runAsNonRoot in container' Security Context | -| containerSecurityContext.runAsNonRoot | boolean | True | Set runAsNonRoot in container' Security Context | -| containerSecurityContext.runAsUser | integer | 1001 | Set runAsUser in container' Security Context | -| containerSecurityContext.seLinuxOptions | ['object', 'null'] | - | [object,nullable] Set SELinux options in container | -| containerSecurityContext.seccompProfile | object | - | | -| containerSecurityContext.seccompProfile.type | string | - | Set seccomp profile in container | -| customLivenessProbe | ['object', 'string'] | - | Custom livenessProbe that overrides the default one | -| customReadinessProbe | ['object', 'string'] | - | Custom customReadinessProbe that overrides the default one | -| customStartupProbe | ['object', 'string'] | - | Custom customStartupProbe that overrides the default one | -| daemonsetAnnotations | ['object', 'string'] | - | Annotations for daemonset | -| deploymentAnnotations | ['object', 'string'] | - | Annotations for deployment | -| diagnosticMode | object | - | Diagnostic mode | -| diagnosticMode.args | array | ['infinity'] | Args to override all containers in the chart release | -| diagnosticMode.command | array | ['sleep'] | Command to override all containers in the chart release | -| diagnosticMode.enabled | boolean | False | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | -| extraContainerPorts | array | - | Optionally specify extra list of additional ports for pod containers | -| extraEnvVars | ['array', 'string'] | - | Array with extra environment variables to add to containers | -| secretVariables | ['array', 'string'] | - | Array with extra secret variables to add to container secret | -| extraEnvVarsCM | string | - | Name of existing ConfigMap containing extra env vars for containers | -| extraEnvVarsSecret | string | - | Name of existing Secret containing extra env vars for containers | -| extraVolumeMounts | array | - | Optionally specify extra list of additional volumes for the pods | -| extraVolumes | array | - | Optionally specify extra list of additional volumes for the pods | -| hostAliases | ['array', 'string'] | - | Pods host aliases | -| image | object | - | | -| image.debug | boolean | - | | -| image.digest | string | - | Container image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | -| image.pullPolicy | string | - | Container image pullPolicy | -| image.pullSecrets | array | - | Specify image pull secrets | -| image.registry | string | - | Container image registry | -| image.repository | string | - | Container image repository | -| image.tag | string | - | Container image tag (immutable tags are recommended) | -| importTrustedCerts | boolean | True | Import given trusted cetificates | -| ingress | object | - | | -| ingress.annotations | ['object', 'string'] | - | Additional annotations for the Ingress resource. | -| ingress.apiVersion | string | - | Force Ingress API version (automatically detected if not set) | -| ingress.enabled | boolean | - | Enable ingress record generation | -| ingress.extraHosts | array | - | An array with additional hostname(s) to be covered with the ingress record | -| ingress.extraPaths | array | - | An array with additional arbitrary paths that may need to be added to the ingress under the main host | -| ingress.extraRules | array | - | Additional rules to be covered with this ingress record | -| ingress.extraTls | array | - | TLS configuration for additional hostname(s) to be covered with this ingress record | -| ingress.hostname | string | - | Default host for the ingress record | -| ingress.ingressClassName | string | - | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | -| ingress.path | string | - | Default path for the ingress record | -| ingress.pathType | string | - | Ingress path type | -| ingress.secrets | array | [] | Custom TLS certificates as secrets | -| ingress.selfSigned | boolean | False | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | -| ingress.tls | boolean | False | Enable TLS configuration for the host defined at `ingress.hostname` parameter | -| initContainers | ['array', 'string'] | - | Add additional init containers to the pods | -| lifecycleHooks | object | - | Container to automate configuration before or after startup | -| lifecycleHooks.postStart | object | - | | -| lifecycleHooks.postStart.exec | object | - | | -| lifecycleHooks.postStart.exec.command | array | - | | -| lifecycleHooks.preStop | object | - | | -| lifecycleHooks.preStop.exec | object | - | | -| lifecycleHooks.preStop.exec.command | array | - | | -| nodeAffinityPreset | ['object', 'string'] | - | | -| nodeSelector | ['object', 'string'] | - | | -| pdb | ['object', 'string'] | - | | -| persistence | ['object', 'string'] | - | Enable persistence using Persistent Volume Claims | -| podAffinityPreset | string | | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | -| podAnnotations | ['object', 'string'] | - | Annotations for pods | -| podAntiAffinityPreset | string | soft | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | -| podLabels | ['object', 'string'] | - | Extra labels for pods | -| podManagementPolicy | string | - | | -| podSecurityContext | ['object', 'string'] | - | Configure Pods Security Context | -| priorityClassName | string | - | | -| replicaCount | integer | 1 | Number of replicas to deploy | -| resources | ['object', 'string'] | {} | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | -| resourcesPreset | string | none | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if 'resources' is set ('resources' is recommended for production). | -| schedulerName | string | | Name of the k8s scheduler (other than default) for pods | -| terminationGracePeriodSeconds | string | - | Seconds pods need to terminate gracefully | -| tolerations | array | [] | Tolerations for pods assignment | -| topologySpreadConstraints | array | [] | Topology Spread Constraints for %%MAIN_CONTAINER_NAME%% pod assignment spread across your cluster among failure-domains | -| updateStrategy | object | - | Deployment strategy type | -| updateStrategy.type | string | RollingUpdate | Can be set to RollingUpdate or Recreate | -| volumePermissions | ['object', 'string'] | - | 'volumePermissions' init container parameters | +| Parameter | Description | Default Value | +| ------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ----------------------------- | +| `global.appEnvironment` | Specifies the application environment (e.g., Development, Production). | 'Production' | +| `global.imageRegistry` | The Docker registry where container images are stored. | 'europe-west1-docker.pkg.dev' | +| `global.imageRepositoryPath` | The path within the Docker registry for the application's images. | 'appcircle/docker-registry' | +| `global.imageTag` | The specific tag of the Docker image to use. | 'v3.23.2' | +| `global.imagePullSecrets` | Secrets used to authenticate with private container registries. | [ 'containerregistry' ] | +| `global.ingressClassName` | Specifies the ingress class name used for all application ingresses. | 'appcircle' | +| `global.defaultStorageClass` | The default storage class used for persistent volumes in the application. | - | +| `global.urls.domainName` | The domain name used for the application (e.g., .example.com). | - | +| `global.urls.scheme` | The URL scheme used for the application (e.g., http or https). | 'http' | +| `global.urls.auth.subdomain` | Subdomain used for the authentication service. | 'auth' | +| `global.urls.privateApi.subdomain` | Subdomain used for the private API service. | 'api' | +| `global.urls.webApp.subdomain` | Subdomain used for the web application. | 'my' | +| `global.urls.webEvent.subdomain` | Subdomain used for the web event service. | 'hook' | +| `global.urls.distributionTesterWeb.subdomain` | Subdomain used for the distribution tester web. | 'dist' | +| `global.urls.store.subdomain` | Subdomain used for the store service. | 'store' | +| `global.urls.webEventRedis.subdomain` | Subdomain used for the web event Redis service. | 'kvs' | +| `global.urls.resource.subdomain` | Subdomain used for the resource service. | 'resource' | +| `global.mail.provider` | Mail provider to use (e.g., MailKitSMTP, SMTP ). | 'MailKitSMTP' | +| `global.mail.smtp` | SMTP configuration details. | - | +| `global.mail.smtp.host` | SMTP server hostname. | - | +| `global.mail.smtp.username` | SMTP username. | - | +| `global.mail.smtp.from` | The "From" address used for emails. | - | +| `global.mail.smtp.fromDisplayName` | The display name for the sender of emails. | - | +| `global.mail.smtp.port` | Port number for the SMTP server. | - | +| `global.mail.smtp.password` | Password for the SMTP account. | - | +| `global.mail.smtp.ssl` | Whether SSL is enabled for SMTP. | 'false' | +| `global.mail.smtp.auth` | Whether authentication is enabled for SMTP. | 'true' | +| `global.mail.smtp.starttls` | Whether STARTTLS is enabled for SMTP. | 'true' | +| `global.distribution.distribution-testerweb.url` | The external URL for the distribution tester web module. | - | +| `global.tlsWildcard.cert` | The wildcard TLS certificate. | - | +| `global.tlsWildcard.caCert` | The Certificate Authority (CA) for the wildcard certificate. | - | +| `global.tlsWildcard.key` | The private key for the wildcard certificate. | - | +| `global.trustedCerts` | List of trusted certificates. | [] | +| `global.minio.url` | External MinIO URL. | - | +| `global.minio.region` | The region for MinIO. | `local` | +| `global.minio.bucketPrefix` | Prefix for MinIO buckets. | `appcircle-local-resource-` | +| `global.containerRegistrySecret` | Secret used for accessing the container registry. | - | +| `global.redis.enabled` | Whether a common Redis instance is enabled for all modules. | `false` | +| `global.redis.everyModule` | Whether separate Redis instances are enabled for each module. | `true` | +| `global.vault.url` | External URL for Vault. | - | +| `auth.auth-keycloak.adminUsername` | Admin username for Keycloak. | 'admin' | +| `auth.auth-keycloak.initialUsername` | Initial username for the default user. | 'admin@myappcircle.io' | +| `auth.auth-keycloak.organizationName` | Initial organization name in Keycloak. | 'myappcircle' | +| `auth.auth-keycloak.allowDisposableEmails` | Determines whether disposable emails are allowed for registration. | false | +| `auth.auth-keycloak.bruteForce.bruteForceProtected` | Enables brute force protection for Keycloak. | 'true' | +| `auth.auth-keycloak.bruteForce.failureFactor` | Number of failed login attempts before action is taken. | '30' | +| `auth.auth-keycloak.bruteForce.maxDeltaTimeSeconds` | Maximum time in seconds to consider failed login attempts. | '43200' | +| `auth.auth-keycloak.bruteForce.maxFailureWaitSeconds` | Maximum wait time in seconds after consecutive failures. | '900' | +| `auth.auth-keycloak.bruteForce.minimumQuickLoginWaitSeconds` | Minimum wait time in seconds for quick login attempts. | '60' | +| `auth.auth-keycloak.bruteForce.permanentLockout` | Enables permanent account lockout after repeated failures. | 'false' | +| `auth.auth-keycloak.bruteForce.quickLoginCheckMilliSeconds` | Time in milliseconds to check quick login attempts. | '1000' | +| `auth.auth-keycloak.bruteForce.waitIncrementSeconds` | Time increment in seconds for wait periods after failures. | '60' | +| `auth.auth-keycloak.cli.enabled` | Enables the Keycloak CLI for custom commands. | false | +| `auth.auth-keycloak.database.database` | Name of the Keycloak database. | - | +| `auth.auth-keycloak.database.hostname` | Hostname of the Keycloak database. | - | +| `auth.auth-keycloak.database.password` | Password for the Keycloak database. | - | +| `auth.auth-keycloak.database.port` | Port number for the Keycloak database. | - | +| `auth.auth-keycloak.database.username` | Username for the Keycloak database. | - | +| `auth.auth-keycloak.database.vendor` | Database vendor for Keycloak (e.g., postgres, mysql). | 'postgres' | +| `auth.auth-keycloak.defaultUserGroupRoles` | Default roles assigned to new users in Keycloak. | - | +| `auth.auth-keycloak.dmzCustomDomain.domain` | Domain name for the DMZ custom configuration. | - | +| `auth.auth-keycloak.dmzCustomDomain.enabled` | Enables custom domain for DMZ. | false | +| `auth.auth-keycloak.enabledOrganization` | Enables the organization feature in Keycloak. | - | +| `auth.auth-keycloak.enabledRegistration` | Enables user registration in Keycloak. | - | +| `auth.auth-keycloak.extraEnv` | Additional environment variables for the Keycloak deployment. | [] | +| `auth.auth-keycloak.extraInitContainers` | Additional init containers for the Keycloak deployment. | [] | +| `auth.auth-keycloak.extraVolumeMounts` | Extra volume mounts for the Keycloak deployment. | [] | +| `auth.auth-keycloak.extraVolumes` | Extra volumes for the Keycloak deployment. | [] | +| `auth.auth-keycloak.identityProviders.bitbucket.clientId` | Client ID for Bitbucket integration. | - | +| `auth.auth-keycloak.identityProviders.bitbucket.clientSecret` | Client secret for Bitbucket integration. | - | +| `auth.auth-keycloak.identityProviders.bitbucket.enabled` | Enables Bitbucket as an identity provider. | false | +| `auth.auth-keycloak.identityProviders.github.clientId` | Client ID for GitHub integration. | - | +| `auth.auth-keycloak.identityProviders.github.clientSecret` | Client secret for GitHub integration. | - | +| `auth.auth-keycloak.identityProviders.github.enabled` | Enables GitHub as an identity provider. | false | +| `auth.auth-keycloak.identityProviders.google.clientId` | Client ID for Google integration. | - | +| `auth.auth-keycloak.identityProviders.google.clientSecret` | Client secret for Google integration. | - | +| `auth.auth-keycloak.identityProviders.google.enabled` | Enables Google as an identity provider. | false | +| `auth.auth-keycloak.image.pullPolicy` | Image pull policy for Keycloak. | - | +| `auth.auth-keycloak.image.repository` | Repository for the Keycloak image. | - | +| `auth.auth-keycloak.image.tag` | Tag of the Keycloak image. | - | +| `auth.auth-keycloak.importRealm` | Enables importing of realms during startup. | false | +| `auth.auth-keycloak.ingress` | Ingress configuration for Keycloak. | - | +| `auth.auth-keycloak.ingress.enabled` | Enables ingress for Keycloak. | false | +| `auth.auth-keycloak.initialOrganizationId` | Initial organization ID for Keycloak. | - | +| `auth.auth-keycloak.initialPassword` | Initial password for the default user. | - | +| `auth.auth-keycloak.initialUsername` | Initial username for the default user. | 'admin@myappcircle.io' | +| `auth.auth-keycloak.organizationName` | Initial organization name in Keycloak. | 'myappcircle' | +| `auth.auth-keycloak.recaptcha.maxFailures` | Maximum failed attempts before requiring a reCAPTCHA. | '4' | +| `auth.auth-keycloak.recaptcha.requirement` | reCAPTCHA requirement level (e.g., DISABLED, OPTIONAL, REQUIRED). | 'DISABLED' | +| `auth.auth-keycloak.recaptcha.secret` | Secret key for reCAPTCHA integration. | - | +| `auth.auth-keycloak.recaptcha.siteKey` | Site key for reCAPTCHA integration. | - | +| `auth.auth-keycloak.userLookupDecisionStrategy` | Strategy for user lookup decisions in Keycloak. | - | +| `auth.auth-postgresql.architecture` | Defines the architecture of PostgreSQL (e.g., standalone, replication). | standalone | +| `auth.auth-postgresql.enabled` | Enables PostgreSQL for Keycloak. | true | +| `auth.auth-postgresql.auth.username` | Username for the PostgreSQL database. | 'keycloak' | +| `auth.auth-postgresql.auth.database` | The name of the PostgreSQL database to create. | 'keycloak' | +| `kafka.heapOpts` | JVM heap options for Kafka. | '-Xmx1408m -Xms512m' | +| `kafka.controller.replicaCount` | Number of Kafka controller replicas. | 3 | +| `kafka.controller.resourcesPreset` | Resource preset for the Kafka controller. | 'medium' | +| `kafka.controller.persistence.enabled` | Enables persistence for Kafka controller. | true | +| `kafka.controller.persistence.size` | Size of persistence storage for Kafka controller. | '8Gi' | +| `kafka.listeners.client.protocol` | Protocol used for Kafka client listener. | 'PLAINTEXT' | +| `kafka.listeners.controller.protocol` | Protocol used for Kafka controller listener. | 'PLAINTEXT' | +| `kafka.listeners.interbroker.protocol` | Protocol used for Kafka inter-broker communication. | 'PLAINTEXT' | +| `kafka.metrics.kafka.enabled` | Enables Kafka metrics. | false | +| `kafka.metrics.jmx.enabled` | Enables JMX metrics for Kafka. | false | +| `kafka.zookeeper.auth.enabled` | Enables authentication for ZooKeeper. | false | +| `kafka.zookeeper.metrics.enabled` | Enables metrics for ZooKeeper. | false | +| `kafka.client.protocol` | Protocol used by Kafka clients. | 'PLAINTEXT' | +| `kafka.extraConfig` | Additional configuration file for Kafka. | - | +| `webeventredis.enabled` | Enables WebEventRedis. | true | +| `webeventredis.tls.enabled` | Enables TLS for WebEventRedis. | false | +| `webeventredis.tls.existingSecret` | References an existing TLS secret for WebEventRedis. | 'appcircle-tls-wildcard' | +| `webeventredis.tls.certCAFilename` | Filename for the CA certificate in TLS. | 'ca.crt' | +| `webeventredis.tls.certFilename` | Filename for the server certificate in TLS. | 'tls.crt' | +| `webeventredis.tls.certKeyFilename` | Filename for the private key in TLS. | 'tls.key' | +| `webeventredis.ingress.enabled` | Enables ingress for WebEventRedis. | false | +| `webeventredis.ingress.tls` | Enables TLS for WebEventRedis ingress. | false | +| `webeventredis.ingress.ingressClassName` | Specifies the ingress class name for WebEventRedis. | `appcircle` | +| `webeventredis.ingress.annotations` | Annotations for WebEventRedis ingress. | - | +| `minio.enabled` | Enables MinIO. | true | +| `minio.mode` | MinIO mode (standalone, distributed, etc.). | 'standalone' | +| `minio.persistence.enabled` | Enables persistence for MinIO. | true | +| `minio.persistence.size` | Size of persistence storage for MinIO. | '8Gi' | +| `mongodb.enabled` | Enables MongoDB. | true | +| `mongodb.persistence.enabled` | Enables persistence for MongoDB. | true | +| `mongodb.persistence.size` | Size of persistence storage for MongoDB. | '5Gi' | +| `ingress-nginx.enabled` | Specifies whether ingress-nginx is enabled. | true | +| `ingress-nginx.controller.ingressClassResource.name` | Name of the IngressClass resource. | appcircle | +| `ingress-nginx.controller.ingressClassResource.enabled` | Specifies whether the IngressClass resource is enabled. | true | +| `ingress-nginx.controller.config.proxy-body-size` | Maximum allowed size of the client request body. | "4096m" | +| `ingress-nginx.controller.config.proxy-connect-timeout` | Timeout for establishing a connection to the backend server. | "600" | +| `ingress-nginx.controller.config.proxy-read-timeout` | Timeout for reading a response from the backend server. | "600" | +| `ingress-nginx.controller.config.client-header-timeout` | Timeout for reading the client request headers. | "180" | +| `ingress-nginx.controller.config.client-body-timeout` | Timeout for reading the client request body. | "180" | +| `ingress-nginx.controller.config.send-timeout` | Timeout for sending data to the client. | "180" | +| `ingress-nginx.controller.config.keepalive-timeout` | Timeout for idle keep-alive connections. | "75" | +| `ingress-nginx.controller.config.client-body-timeout` | Timeout for reading the client request body. | "180" | +| `ingress-nginx.controller.config.send-timeout` | Timeout for sending data to the client. | "180" | +| `ingress-nginx.controller.config.keepalive-timeout` | Timeout for idle keep-alive connections. | "75" | +| `ingress-nginx.controller.config.proxy-buffer-size` | Size of the buffer used for reading the first part of the response received from the proxied server. | "128k" | +| `ingress-nginx.controller.config.proxy-buffers-number` | Number of buffers used for reading a response from the proxied server. | "4" | +| `ingress-nginx.controller.config.proxy-busy-buffers-size` | Size of the buffer used for reading the entire response from the proxied server. | "128k" | +| `ingress-nginx.defaultBackend.enabled` | Specifies whether the default backend is enabled. | false | +| `vault.injector.enabled` | Enables the Vault sidecar injector. | false | +| `vault.server.dataStorage.size` | Size of the data storage for Vault. | '1Gi' | +| `vault.server.authDelegator.enabled` | Enables the auth delegator for Vault. | false | +| `vault.server.image.repository` | Repository of the Vault server image. | - | +| `vault.server.image.tag` | Tag of the Vault server image. | - | +| `vault.server.standalone.enabled` | Enables standalone mode for Vault. | true | +| `vault.server.standalone.config` | Configuration file for standalone Vault. | - | +| `vault.ui.enabled` | Enables the Vault UI. | true | diff --git a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/ca-certificates.md b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/ca-certificates.md index f2bf3ed84..7240506c7 100644 --- a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/ca-certificates.md +++ b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/ca-certificates.md @@ -6,6 +6,7 @@ sidebar_position: 50 --- import NeedHelp from '@site/docs/\_need-help.mdx'; +import ApplyHelmConfigurationChanges from '@site/docs/self-hosted-appcircle/install-server/helm-chart/configuration/\_apply-helm-configuration-changes.mdx'; ## Adding Trusted CA Certificates to the Appcircle Services @@ -45,4 +46,6 @@ global: -----END CERTIFICATE----- ``` + + \ No newline at end of file diff --git a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/enterprise-store-configuration.md b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/enterprise-store-configuration.md index 9ff768136..3a0588f3a 100644 --- a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/enterprise-store-configuration.md +++ b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/enterprise-store-configuration.md @@ -7,6 +7,7 @@ sidebar_position: 70 import Screenshot from '@site/src/components/Screenshot'; import NeedHelp from '@site/docs/\_need-help.mdx'; +import ApplyHelmConfigurationChanges from '@site/docs/self-hosted-appcircle/install-server/helm-chart/configuration/\_apply-helm-configuration-changes.mdx'; ## Overview @@ -34,4 +35,6 @@ store: value: "App Store" ``` + + \ No newline at end of file diff --git a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/git-providers-configuration.md b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/git-providers-configuration.md index 67b9c616e..952e3ee62 100644 --- a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/git-providers-configuration.md +++ b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/git-providers-configuration.md @@ -7,6 +7,7 @@ sidebar_position: 70 import Screenshot from '@site/src/components/Screenshot'; import NeedHelp from '@site/docs/\_need-help.mdx'; +import ApplyHelmConfigurationChanges from '@site/docs/self-hosted-appcircle/install-server/helm-chart/configuration/\_apply-helm-configuration-changes.mdx'; ## Overview @@ -41,6 +42,8 @@ web: You can delete the providers you do not need by removing them from `selfHostedGitProviders` list above. + + For more details about "Bitbucket" usage, see related docs in the [Connecting to Bitbucket](/build/manage-the-connections/adding-a-build-profile/connecting-to-bitbucket) page. For more details about "Azure" usage, see related docs in the [Connecting to Azure DevOps](/build/manage-the-connections/adding-a-build-profile/connecting-to-azure) page. diff --git a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/ingress-configuration.md b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/ingress-configuration.md new file mode 100644 index 000000000..ca94acb54 --- /dev/null +++ b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/ingress-configuration.md @@ -0,0 +1,81 @@ +--- +title: Ingress Configuration +description: Learn how to configure Ingress +tags: [self-hosted, helm, configuration, kubernetes] +sidebar_position: 60 +--- + +import NeedHelp from '@site/docs/\_need-help.mdx'; +import ApplyHelmConfigurationChanges from '@site/docs/self-hosted-appcircle/install-server/helm-chart/configuration/\_apply-helm-configuration-changes.mdx'; + +## Overview + +The Appcircle Helm chart includes an Ingress controller, specifically ingress-nginx, which is enabled by default. For production environments, it is recommended to use your own Ingress controller for better control and customization. + +## Appcircle Default Ingress-NGINX Configuration + +The default `ingress-nginx` configuration in the `values.yaml` file includes several parameters that apply globally to the Ingress controller. These configurations can be adjusted as needed to fit your deployment requirements. If you are using your own Ingress controller, you can configure these values globally or on a per-Ingress basis for Appcircle ingresses. + +Default Configurations in `values.yaml` of the Appcircle server Helm chart: + +```yaml +ingress-nginx: + controller: + config: + proxy-body-size: '4096m' + client-body-buffer-size: '128k' + proxy-connect-timeout: '600' + proxy-send-timeout: '600' + proxy-read-timeout: '600' + proxy-buffer-size: '128k' + proxy-buffers-number: '4' + proxy-busy-buffers-size: '128k' +``` + +You can change the default values of the Ingress controller that is installed with the Appcircle Helm chart as your needs dictate. + + + +## Configuring Ingress Annotations + +Adding per-Ingress annotations is recommended for external Ingress controllers. By setting annotations per Ingress, you can fine-tune the behavior of specific Appcircle services without impacting the entire Ingress controller. + +Example Ingress configurations for `values.yaml` of the Appcircle server Helm chart: + +```yaml +# For APK, IPA, build artifact uploads from browsers and Appcircle runners +apigateway: + ingress: + annotations: + # For Ingres-Nginx Controller + nginx.ingress.kubernetes.io/proxy-body-size: "4096m" + nginx.ingress.kubernetes.io/client-body-buffer-size: "128k" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + nginx.ingress.kubernetes.io/proxy-buffer-size: "128k" + nginx.ingress.kubernetes.io/proxy-buffers-number: "4" + nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "128k" + +# For build cache uploads from Appcircle runners +resource: + ingress: + annotations: + # For Ingres-Nginx Controller + nginx.ingress.kubernetes.io/proxy-body-size: "4096m" + nginx.ingress.kubernetes.io/client-body-buffer-size: "128k" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + nginx.ingress.kubernetes.io/proxy-buffer-size: "128k" + nginx.ingress.kubernetes.io/proxy-buffers-number: "4" + nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "128k" +``` + +:::tip +If you are using an ingress controller other than `ingress-nginx`, please refer to the documentation for your specific ingress controller to find the relevant configurations. Each ingress controller may have different annotations and settings to achieve similar functionality. +::: + + + + \ No newline at end of file diff --git a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/ldap-configuration.md b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/ldap-configuration.md index 38e1fb3bd..36ad9e9b0 100644 --- a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/ldap-configuration.md +++ b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/ldap-configuration.md @@ -6,6 +6,7 @@ sidebar_position: 80 --- import NeedHelp from '@site/docs/\_need-help.mdx'; +import ApplyHelmConfigurationChanges from '@site/docs/self-hosted-appcircle/install-server/helm-chart/configuration/\_apply-helm-configuration-changes.mdx'; ## Overview @@ -71,6 +72,8 @@ auth: maxLockDuration: "600" ``` + + ## User Lookup Decision Settings The LDAP (Lightweight Directory Access Protocol) user lookup decision strategy is a crucial aspect of user authentication in applications that utilize LDAP for user management. @@ -93,6 +96,8 @@ auth: If you don't define it or it has an unknown value, it is assumed to be `decisive` by default. + + #### Affirmative When `userLookupDecisionStrategy` is set to "affirmative", the LDAP authentication process will check all LDAP settings, even if the user is found on a particular LDAP configuration. This means that if a user has multiple accounts on different LDAP configurations with different passwords, they will be able to login successfully. The authentication system will search across all LDAP configurations to find a matching username or email and validate the user's password, allowing the user to access the system. diff --git a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/license-configuration.md b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/license-configuration.md index 8b830b9bf..c79f9cbcc 100644 --- a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/license-configuration.md +++ b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/license-configuration.md @@ -28,6 +28,10 @@ kubectl create secret generic appcircle-server-auth-license \ --save-config --dry-run=client -o yaml | kubectl apply -f - ``` +:::info +Creating a Secret for license should be done once. Other license updates do not require repeating this step. +::: + ### Updating the License If your organization’s Appcircle server license has been updated and you need to apply the new license, you can upgrade the Appcircle server deployment using Helm: diff --git a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/request-size-configuration.md b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/request-size-configuration.md deleted file mode 100644 index 0592c0b53..000000000 --- a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/request-size-configuration.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -title: Request Size Configuration -description: Learn how to configure max body sizes -tags: [self-hosted, helm, configuration, kubernetes] -sidebar_position: 60 ---- - -import NeedHelp from '@site/docs/\_need-help.mdx'; - -## Overview - -In Appcircle, there are scenarios where the client upload size might exceed the default limit of `4096MB` for the Nginx Ingress controller for a single request body size. To accommodate larger file uploads or if you wish to adjust this setting according to your needs, you can configure the maximum allowed body size in your `values.yaml` file. - -```yaml -# For APK, IPA, build artifact uploads from browsers and Appcircle runners -apigateway: - ingress: - annotations: - # For Nginx Ingress Controller - nginx.ingress.kubernetes.io/proxy-body-size: 1024m - # For HAProxy Kubernetes Ingress Controller - haproxy.ingress.kubernetes.io/body-size: 1024m - -# For build cache uploads from Appcircle runners -resource: - ingress: - annotations: - # For Nginx Ingress Controller - nginx.ingress.kubernetes.io/proxy-body-size: 1024m - # For HAProxy Kubernetes Ingress Controller - haproxy.ingress.kubernetes.io/body-size: 1024m -``` - - \ No newline at end of file diff --git a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/sensitive-configuration.md b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/sensitive-configuration.md index 92dccac5b..e0cea7839 100644 --- a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/sensitive-configuration.md +++ b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/sensitive-configuration.md @@ -6,6 +6,7 @@ sidebar_position: 40 --- import NeedHelp from '@site/docs/\_need-help.mdx'; +import ApplyHelmConfigurationChanges from '@site/docs/self-hosted-appcircle/install-server/helm-chart/configuration/\_apply-helm-configuration-changes.mdx'; ## Secrets for Sensitive Values @@ -84,4 +85,8 @@ kubectl create secret generic appcircle-tls-wildcard \ - Remove the `.global.tlsWildcard` key from the `values.yaml` file if it exists. +#### Apply Configuration Changes + + + \ No newline at end of file diff --git a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/ssl-configuration.md b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/ssl-configuration.md index 9382daf54..bfe1b6118 100644 --- a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/ssl-configuration.md +++ b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/ssl-configuration.md @@ -18,14 +18,16 @@ By default, the Helm chart is configured for HTTP without an SSL certificate. If Appcircle must be installed with HTTPS from the initial installation. If you initially installed Appcircle with HTTP, you will need to [uninstall](/self-hosted-appcircle/install-server/helm-chart/uninstallation) it and then reinstall it with HTTPS. ::: -## SSL Certificate Configuration - You have two options for configuring SSL certificates: 1. **Trial Purposes**: Define the SSL certificate directly in the `values.yaml` by following [this section](#define-the-ssl-certificate-in-valuesyaml). -2. **Production**: Create a Kubernetes secret for better security and manageability by following [this section](#create-the-tls-secret). +2. **Production**: Create a Kubernetes secret for better security and manageability by following [this section](#define-the-ssl-certificate-in-secrets). + +## Define the SSL Certificate in `values.yaml` -### Define the SSL Certificate in `values.yaml` +### Initial SSL Configuration + +#### Update the `values.yaml` To configure the SSL certificate, update your `values.yaml` file with the following settings: @@ -65,9 +67,19 @@ global: ... emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= -----END CERTIFICATE----- + +# Web event Redis configuration +webeventredis: + # Enable TLS for Redis connections + tls: + enabled: true + # Ingress configuration for Redis + ingress: + enabled: true + tls: true ``` -#### Update the Certificate in `values.yaml` +### Updating the Certificate To update the SSL certificate used on Appcircle server, perform the following steps to update the Helm chart and restart the required services: @@ -92,7 +104,30 @@ kubectl rollout restart statefulset/appcircle-server-webeventredis-master -n app kubectl rollout restart statefulset/appcircle-server-webeventredis-replicas -n appcircle ``` -### Create the TLS Secret +## Define the SSL Certificate in Secrets + +### Initial SSL Configuration + +#### Updating the `values.yaml` + +To configure the SSL certificate, update your `values.yaml` file with the following settings: + +```yaml +global: + urls: + scheme: https +# Web event Redis configuration +webeventredis: + # Enable TLS for Redis connections + tls: + enabled: true + # Ingress configuration for Redis + ingress: + enabled: true + tls: true +``` + +#### Create the Secret Create a secret with the name `appcircle-tls-wildcard` containing the `tls.crt`, `tls.key` and `ca.crt` keys. @@ -115,9 +150,9 @@ kubectl create secret generic appcircle-tls-wildcard \ -n appcircle ``` -#### Update the Certificate in Secret +### Updating the Certificate -To update an existing SSL certificate, use the following commands +To update an existing SSL certificate, use the following commands. 1. Update the secret with the new certificate. diff --git a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/storage-configuration.md b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/storage-configuration.md index 175d89cb6..2a7bd4df7 100644 --- a/docs/self-hosted-appcircle/install-server/helm-chart/configuration/storage-configuration.md +++ b/docs/self-hosted-appcircle/install-server/helm-chart/configuration/storage-configuration.md @@ -49,7 +49,7 @@ auth: storageClass: nfs-client mongodb: persistence: - size: 3Gi + size: 30Gi storageClass: nfs-client kafka: controller: diff --git a/docs/self-hosted-appcircle/install-server/helm-chart/installation/kubernetes.md b/docs/self-hosted-appcircle/install-server/helm-chart/installation/kubernetes.md index a372c7d6e..9cee3b2bb 100644 --- a/docs/self-hosted-appcircle/install-server/helm-chart/installation/kubernetes.md +++ b/docs/self-hosted-appcircle/install-server/helm-chart/installation/kubernetes.md @@ -128,7 +128,9 @@ The **`kubectl`** CLI is **required**. The Kubernetes cluster should have **an Ingress controller** installed and configured since Appcircle exposes its services through **Ingress objects**. -For **trial** purposes, you can **use** the default **Ingress-Nginx** controller deployed **within the Helm chart** scope. +For **trial** purposes, you can **use** the default **Ingress-Nginx** controller deployed **within the Helm chart** scope and skip this section. + +You can check the default Ingress-Nginx controller values and configure as your needs by checking the [Ingress Configuration](/self-hosted-appcircle/install-server/helm-chart/configuration/ingress-configuration.md#appcircle-default-ingress-nginx-configuration) documentation. For **production** environments, it's recommended to use **your own Ingress controller**. @@ -152,6 +154,12 @@ Enable **`ssl-passthrough`** feature on your ingress-controller Enabling the SSL Enabling the SSL passthrough option **does not** automatically allow all SSL traffic **from all Ingress objects** to pass through to the original service. Instead, it enables Ingress resources to leverage the SSL passthrough feature, allowing encrypted traffic to reach the backend service without being decrypted by the Ingress controller. ::: +#### Ingress Configurations + +You can **skip** this section **if you use the default** Ingress-Nginx controller deployed **within the Helm chart scope**. + +Configure the Appcircle ingresses for production usage. For more details, please check the [Ingress Configuration](/self-hosted-appcircle/install-server/helm-chart/configuration/ingress-configuration.md#configuring-ingress-annotations) documentation. + ### 2. Production Readiness If you are deploying the Appcircle server for a production environment, it is recommended that stateful applications, such as databases or object storage, be deployed outside the scope of the Appcircle server Helm chart. @@ -487,7 +495,51 @@ Support: For any issues or questions, please contact the system administrator or check the application documentation. ``` -### 3. Apply the Appcircle License +### 3. Connecting Runners + +When you complete installation successfully by following above steps, you're ready for your first build. :tada: + +But in order to run build pipelines, you need to install and connect self-hosted runners. We have dedicated section for installation and configuration of self-hosted runners. + +Follow and apply related guidelines in [here](/self-hosted-appcircle/self-hosted-runner/installation). + +Self-hosted runner section in docs, has all details about runners and their configuration. + +:::::caution + +By default, self-hosted runner package has pre-configured `ASPNETCORE_REDIS_STREAM_ENDPOINT` and `ASPNETCORE_BASE_API_URL` for Appcircle-hosted cloud. + +- `webeventredis.appcircle.io:6379,ssl=true` +- `https://api.appcircle.io/build/v1` + +:point_up: You need to change these values with your self-hosted Appcircle server's Redis and API URL. + +Assuming our sample scenario explained above, these values should be: + +- `kvs.appcircle.spacetech.com:6379,ssl=false` +- `http://api.appcircle.spacetech.com/build/v1` + +for our example configuration. + +:::info +If your Appcircle server is running with `HTTPS`, then Redis and API URL should be like this: + +- `kvs.appcircle.spacetech.com:443,ssl=true` +- `https://api.appcircle.spacetech.com/build/v1` + +::: + +:reminder_ribbon: After [download](/self-hosted-appcircle/self-hosted-runner/installation#1-download), open `appsettings.json` with a text editor and change the `ASPNETCORE_REDIS_STREAM_ENDPOINT` and the `ASPNETCORE_BASE_API_URL` values according to your configuration. + +Please note that, you should do this before [register](/self-hosted-appcircle/self-hosted-runner/installation#2-register). + +::::: + +Considering system performance, it will be good to install self-hosted runners to other machines. Self-hosted Appcircle server should run on a dedicated machine itself. + +You can install any number of runners regarding to your needs and connect them to self-hosted Appcircle server. + +### 4. Apply the Appcircle License When you deploy the Appcircle server using Helm, a default license is provided. You can explore the Appcircle with the default license. diff --git a/docs/self-hosted-appcircle/install-server/helm-chart/upgrades.md b/docs/self-hosted-appcircle/install-server/helm-chart/upgrades.md index 4a84e77a2..462471baa 100644 --- a/docs/self-hosted-appcircle/install-server/helm-chart/upgrades.md +++ b/docs/self-hosted-appcircle/install-server/helm-chart/upgrades.md @@ -7,7 +7,25 @@ sidebar_position: 30 import NeedHelp from '@site/docs/\_need-help.mdx'; -To **upgrade** the Appcircle server to the **latest** version and apply any configuration changes, use the following `helm upgrade` command. +To **upgrade** the Appcircle server to the **latest** version and apply any configuration changes, you can follow the sections below. + +## Updating to the Latest Version + +To update the Appcircle server to the latest version, follow these steps: + +1. Check the installed Helm chart and Appcircle server version. + +```bash +helm list -n appcircle +``` + +2. Update the Appcircle Helm chart repository. + +```bash +helm repo update +``` + +3. Update the Appcircle server ```bash helm upgrade appcircle-server appcircle/appcircle \ @@ -16,16 +34,98 @@ helm upgrade appcircle-server appcircle/appcircle \ -f values.yaml ``` -:::tip -You can specify a **particular version** of the Appcircle Helm chart by adding the `--version` flag. For example, to upgrade **Helm chart version** to **`0.2.0`**, use the following command: +By following these steps, you can ensure that your Appcircle server is updated to the latest version with all the latest features. + +## Version History + +Below is the version history of the self-hosted Appcircle server and the Helm chart. This table helps you track the latest updates and releases since your current version. + + + +[3.23.1]: https://docs.appcircle.io/release-notes#3231---2024-11-13-enable-captcha-for-enterprise-portal-sso-improvements-bug-fixes-and-more + +
+ Click to view version history. + + Since the cloud and self-hosted versions are released asynchronously, the release dates listed in the table may differ from those on the **[Release Notes](https://docs.appcircle.io/release-notes)** page. + + | Appcircle Server Version | Helm Chart Version | Release Date | + | ------------------------ | ------------------ | ------------ | + | 3.23.2 | 0.1.1 | 23/12/2024 | + | 3.23.2 | 0.1.0 | 20/12/2024 | + +
+ + + +## Updating to a Specific Version + +You can specify a **specific version** of the Appcircle Helm chart by adding the `--version` flag to the Helm upgrade command. + +For instance, to upgrade the **Appcircle Helm chart** to a **specific version** and view the Appcircle server Helm chart versions that are available: + +1. Check the list of available versions. + +```bash +helm search repo appcircle +``` + +The output should look like the following: + +```bash +NAME CHART VERSION APP VERSION DESCRIPTION +appcircle/appcircle 0.1.0 3.23.2 A Helm chart for Kubernetes +appcircle/appcircle 0.2.0 3.25.0 A Helm chart for Kubernetes +``` + +2. Update the Appcircle Helm chart to a specific version. ```bash helm upgrade appcircle-server appcircle/appcircle \ + --version 0.2.0 \ --timeout 1200s \ -n appcircle \ - -f values.yaml \ - --version 0.2.0 + -f values.yaml ``` -::: + +By following these steps, you can upgrade your Appcircle server to a specific version of the Helm chart. + +### Why is my Helm chart not updating to the latest version? + +If your Helm chart is not updating to the latest version, it could be due to several reasons such as an outdated repository, local cache issues, or network problems. Follow the steps below to troubleshoot and resolve the issue: + +1. **Update the Helm Repository:** Make sure your Helm repository is up to date by running the following command: + + ```sh + helm repo update + ``` + +2. **Clear the Local Cache:** Sometimes, clearing the local cache can help in fetching the latest charts. + +- For Linux, delete `$HOME/.cache/helm` directory. + ```sh + rm -rf "$HOME/.cache/helm" + ``` +- For MacOS, delete `$HOME/Library/Caches/helm` directory. + ```sh + rm -rf "$HOME/Library/Caches/helm" + ``` +- For Windows, delete `%TEMP%\helm` folder. + +3. **Re-add the Repository:** If the update doesn't resolve the issue, try removing and re-adding the repository: + + ```sh + helm repo remove appcircle + helm repo add appcircle https://helm-package.appcircle.io + helm repo update + ``` + +4. **Verify the Index:** After updating, you can check the repository index to ensure that the latest version is available. + + ```sh + curl -fsSL https://helm-package.appcircle.io/index.yaml | grep -A 5 'appcircle' + ``` + +5. **Check for Errors:** Ensure there are no issues with your internet connection or any firewall rules that might be blocking the update. diff --git a/docs/self-hosted-appcircle/self-hosted-runner/_configure-for-self-hosted.mdx b/docs/self-hosted-appcircle/self-hosted-runner/_configure-for-self-hosted.mdx index cc15fdbe4..b4c58994a 100644 --- a/docs/self-hosted-appcircle/self-hosted-runner/_configure-for-self-hosted.mdx +++ b/docs/self-hosted-appcircle/self-hosted-runner/_configure-for-self-hosted.mdx @@ -4,6 +4,9 @@ By default, the self-hosted runner package is bundled with configuration for the :reminder_ribbon: If you're planning to use runner with the [self-hosted server](/self-hosted-appcircle/install-server/linux-package/installation/docker), you must change `ASPNETCORE_BASE_API_URL` and `ASPNETCORE_REDIS_STREAM_ENDPOINT` values in `appsettings.json` configuration file before going on. -Please refer to the details [here](/self-hosted-appcircle/install-server/linux-package/installation/docker#connecting-runners) for sample configuration changes. +For Docker installations, please refer to the details [here](/self-hosted-appcircle/install-server/linux-package/installation/docker#connecting-runners) for sample configuration changes. +For Podman installations, please refer to the details [here](/self-hosted-appcircle/install-server/linux-package/installation/podman#connecting-runners) for sample configuration changes. + +For Kubernetes installations, please refer to the details [here](/self-hosted-appcircle/install-server/helm-chart/installation/kubernetes#3-connecting-runners) for sample configuration changes. ::: \ No newline at end of file