Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 2 Next »

The values.yaml file is the core configuration file for your ScopeAR deployment.  It contains various settings you can customize to fit your environment, such as cluster information, replica counts, logging levels, and resource limits.

Below is a step-by-step guide to each key in the file, explaining its functionality.

Cluster and Environment Settings

These settings control the overall deployment environment for your Kubernetes cluster. If you would like a sample values.yaml to start with, you can find one at scopearctl/docs/sample/scopear_k8s_eks_sample.yaml.

metadata:
  name: <clustername>
  namespace: scopear
spec:
  replicas: 1
  logLevel: info
  subdomainSuffix
  hostnames:
    <your primary domain>
    <any secondary domains (optional)>

  • metadata.name: Name of the Kubernetes cluster. For example, eks-dev-0.

  • metadata.namespace: The namespace for the ScopeAR deployment defaults to 'scopear'

  • spec.env: Specify 'intranet' to include client apps in CMS. If apps aren’t needed, use ‘production’

  • spec.replicas: Global replica count for all services (default: 1). This can be overridden if specified for the individual service.

  • spec.logLevel: Global log level for services (default: info)

  • subdomainSuffix: Suffix appended to subdomains (e.g., cms-suffix.example.com)

  • hostnames: Combined with subdomainSuffix for the entire domain (e.g., cms-suffix.<primary domain>.com)

Image Registry Configuration

These settings control where Docker images are pulled from.

imageRegistry: <registryaddress>
  stripPublicRegistry: <true/false>

  • imageRegistry: Specify the internal image registry, if applicable. Defaults to http://docker.io

  • stripPublicRegistry: If true, strips 'http://docker.io/ ' from image names. Defaults to false.

Cluster Provider Configuration

Define the cluster provider and other platform-specific settings.

cluster:
    provider: <provider>
    type: <type>

  • cluster.provider: Cluster provider. It can be one of aws, google, azure, or other.

  • cluster.type: Cluster type. It can be one of eks, kops,gke, aks, or openshift.

CMS Service Configuration

Settings specific to the CMS service.

cms:
    eksRoleArn: <eks role arn>
    api:
      replicas: 1
      resources: 
        limits:
          cpu: "4"
          memory: 4Gi
        requests:
          cpu: "1"
          memory: 4Gi
    sidekiq:
      replicas: 1
      resources:
        limits:
          cpu: 100m
          memory: 1Gi
        requests:
          cpu: 100m
          memory: 1Gi
    config:
      mysql: 
        host: <mysql host>
        database: <db name>
        username: <username>
        use_iam_auth: false
        aws_rds_region: <region>
      redis: # Redis configuration
        host: <redis host>
        port: 6379
      smtp: # SMTP configuration for email
        enabled: true
        server_host: <smtp host>
        server_port: 537
        sender_address: <e.g. noreply@example.com>
        username: <username>
        smtp_authentication: plain
        smtp_openssl_verify_mode: none
        smtp_enable_starttls_auto: true
        email_format: all
      storage: # Storage configuration
        file_storage: <minio/s3>
        storage_ssl_verify: <true/false>
        default_bucket: <s3 storage bucket with role permissions>
        default_region: <region>

  • cms.eksRoleArn: AWS Role ARN with S3 GetObject, PutObject, and ListBucket permissions for the CMS S3 bucket, as defined in storage.default_bucket. 

Note: If using IAM Auth for RDS or DocumentDB/MongoDB Atlas, IAM policies for connecting to these services will also need to be added. See sections 1.2.1, 1.2.2, and 1.2.3 for more information.

  • cms.config.mysql.host: MySQL hostname. If using in-cluster MySQL, this can be ignored

  • cms.config.mysql.use_iam_auth: Boolean for using IAM auth for connection to AWS RDS. Defaults to false

  • cms.config.aws_rds_region: AWS region where RDS instance is located. It can be ignored if using in-cluster MySQL

  • cms.config.redis.hostname: Redis hostname. If using in-cluster Redis, this can be ignored

  • cms.config.smtp.smtp_authentication: Specify the authentication type here (plain/login/cram_md5) - default: plain

  • cms.config.smtp.smtp_openssl_verify_mode: If using TLS, set how OpenSSL checks the certificate (none/peer/client_once/fail_if_no_peer_cert). Defaults to 'none'

  • cms.config.smtp.smtp_enable_starttls_auto: Defaults to ‘true’ for SMTP using TLS

  • cms.config.storage.file_storage: Can be one of ‘s3/minio’. It is recommended that ‘minio’ be used for local storage. This allows Worklink Create and CMS to use the same storage backend.

  • cms.config.storage.storage_ssl_verify: If using AWS services or creating trusted SSL certificates for Minio, set to true. If using self-signed certificates for Minio, set to false.

  • cms.config.storage.default_bucket: Name of S3/Minio bucket to use for content storage.

  • cms.config.storage.default_region: If using S3, the default region where S3 bucket is located.

C2 Service Configuration

This section configures the C2 service, including API, client, project, packager, and model converter settings.

c2:
    enabled: true
    eksRoleArn: <aws role arn with permissions to s3 storage> # Role ARN for S3 access
    api: # API service configuration
      replicas: 1
      resources:
        limits:
          cpu: 500m
          memory: 3000Mi
        requests:
          cpu: 200m
          memory: 3000Mi
    client: # Client service configuration
      replicas: 1
      resources:
        limits:
          cpu: 100m
          memory: 100Mi
        requests:
          cpu: 100m
          memory: 100Mi
    model_converter: # Model converter configuration
      replicas: 1
      resources:
        limits:
          cpu: 2000m
          memory: 4000Mi
        requests:
          cpu: 200m
          memory: 4000Mi
    project_packager: # Project packager configuration
      replicas: 1
      resources:
        limits:
          cpu: 2
          memory: 5000Mi
        requests:
          cpu: 0.5
          memory: 2000Mi
    config:
      cad_pipeline:
        processing_mode: none
      mongodb: # MongoDB configuration
        host: <mongodb host>
        port: <port>
        database: "scopear?ssl=true&retryWrites=false&tlsInsecure=true" # ssl=false for in-cluster mongodb
        username: <mongodb username>
      storage:
        storage_provider: <minio/s3>
        bucket_name: <s3 storage bucket>
        aws_bucket_region: <region> 

  • c2.eksRoleArn: AWS Role ARN with S3 GetObject, PutObject, and ListBucket permissions for the C2 S3 bucket, as defined in config.storage.bucket_name. 

Note: If using IAM Auth for DocumentDB/MongoDB Atlas, IAM policies for connecting to these services will also need to be added. See later sections for more information.

  • c2.api, client, model_converter, project_packager: Set appropriate resource request/limits

  • c2.config.cad_pipeline.processing_mode: Defaults to ‘none’. Processing mode for model conversion. This can be one of ‘pixyz_local, pixyz_azure, none.’ If Pixyz licenses have been purchased, please contact support@scopear.com for further instructions.

  • c2.config.mongodb.database: Database and connection string to connect to MongoDB. If using DocumentDB, please use ‘ssl=true’ in your connection string (i.e. scopear?ssl=true&retryWrites=false&tlsInsecure=true). If using in-cluster mongodb, set ‘ssl=false’ in connection string (i.e. scopear?ssl=false&retryWrites=false&tlsInsecure=true)

  • c2.config.storage.storage_provider: Can be one of ‘s3’ or ‘minio’

  • c2.config.storage.bucket_name: Bucket name for minio/s3

Supporting Services

This section configures the supporting services for CMS/C2, which includes Zeus, Diagnostic Tools, and IoT.

Zeus (Presence Server)

zeus:
  enabled: true
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-name: scopear-zeus-k8s-prod
    service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "eks:cluster-name=k8s-example"
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold: '2'
    service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval: '10'
    service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: '2'
    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
    service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true
    service.beta.kubernetes.io/aws-load-balancer-type: external
    external-dns.alpha.kubernetes.io/hostname: zeus.example.com 
  config:
    redis:
      host: <redis host>
      port: 6379 # Defaults to 6379
      database: 10 # Defaults to 10
      use_auth: false

  • zeus.annotations: Zeus allows you to add annotations if you are deploying to a cloud provider and would like to use annotations to provision the NLB. The annotations provided above are only an example. Please use annotations that fit your cloud provider. If you are provisioning a load balancer outside annotations, please ignore this section

  • zeus.config.redis.database: The Zeus Redis database number. Defaults to ‘10’

  • zeus.config.redis.use_auth: Whether to specify an AWS token for authentication. Default to ‘false’

Diagnostic Tools

This section configures the diagnostic tools server. The only options are to enable it and specify replicas. We recommend leaving this to 1 replica since it is an internal testing tool only.

dt:
    enabled: true
    replicas: 1

IoT Server

This section configures the IoT server. This is an optional package and requires more in-depth scoping before enabling. Please contact support@scopear.com if you are interested or have any questions.

iot:
  enabled: false
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-name: scopear-mqtt-k8s-prod
    service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "eks:cluster-name=k8s-example"
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold: '2'
    service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval: '10'
    service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: '2'
    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
    service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true
    service.beta.kubernetes.io/aws-load-balancer-type: external
    external-dns.alpha.kubernetes.io/hostname: mqtt.example.com 
  port: 9000 # defaults to 9000
  ssl_enabled: true

  • iot.annotations: IoT allows you to add annotations if you are deploying to a cloud provider and would like to use annotations to provision the NLB. The annotations provided above are only an example. Please use annotations that fit your cloud provider. If you are provisioning a load balancer outside annotations, please ignore this section.

  • No labels