JetBrains Space Help

Values File

The values.yaml file lets you install Space On-Premises to a Kubernetes cluster. For details, refer to Kubernetes Installation. To get values.yaml, run

helm show values space --repo https://charts.on-premises.service.jetbrains.space/stable > values.yaml

Global Parameters

Name

Description

Value

global.imageRegistry

URL of the registry with images of Space components

""

global.imagePullSecrets

Registry credentials. Specify not the credentials but the corresponding secrets

[]

global.logFormat

Space application log format: plaintext or json

""

global.logLevel

Log verbosity: INFO, ERROR, DEBUG, TRACE

INFO

global.tests.enabled

Enables/disables Helm test hooks

false

Common Parameters

Name

Description

Value

kubeVersion

Kubernetes version

""

nameOverride

Prefix that partially overrides the lib.name in the templates

""

fullnameOverride

Name that overrides the lib.name in the templates

""

commonLabels

Key/value map of labels that is applied to all resources in the templates

{}

commonAnnotations

Key/value map of annotations that is applied to all resources in the templates

{}

namespaceOverride

Name that overrides the lib.namespace in the templates

""

Space application

Name

Description

Value

space.image.registry

URL of the container registry

public.registry.jetbrains.space

space.image.repository

URL of the container repository

p/space-on-premises/docker/space

space.image.tag

Image version

2024.2.2

space.image.pullPolicy

Pull policy of the container image

Always

space.image.pullSecrets

Registry credentials. Specify not the credentials but the corresponding secrets

[]

space.config

Overrides the default application configuration

""

space.replicaCount

Initial number of pods for the application

2

space.podLabels

Custom pod labels

{}

space.podAnnotations

Custom pod annotations

{}

space.extraEnvs

Additional environment variables

[]

space.extraJavaOpts

Additional settings included in the JAVA_OPTS environment variable

""

space.resources.requests.cpu

Max CPU available for a pod (resource request)

2000m

space.resources.requests.memory

Max memory available for a pod (resource request)

2048Mi

space.resources.limits.cpu

Min CPU available for a pod (resource limit)

2000m

space.resources.limits.memory

Min memory available for a pod (resource limit)

2048Mi

space.service.ports.restAPI

Space API port number

9084

space.service.ports.webUI

Space web UI port number

8084

space.service.annotations

Additional annotations

{}

space.podSecurityContext.enabled

Enables/disables security context

true

space.podSecurityContext.fsGroup

Group ID that has access to the filesystem at run-time

10001

space.containerSecurityContext.enabled

Enables/disables security context

true

space.containerSecurityContext.runAsUser

ID of the user who runs the process

10001

space.containerSecurityContext.runAsNonRoot

Specifies if the process can run under the root user

true

space.containerSecurityContext.allowPrivilegeEscalation

Specifies if the process can get more permissions at run-time

false

space.containerSecurityContext.readOnlyRootFilesystem

Specifies if the root filesystem of the process is read-only

true

space.containerSecurityContext.capabilities.drop

List of Kernel capabilities that the process is not allowed to use

["NET_RAW","ALL"]

space.livenessProbe.enabled

Enables/disables livenessProbe

true

space.livenessProbe.initialDelaySeconds

Initial delay in seconds before taking the first livenessProbe

60

space.livenessProbe.periodSeconds

Period of taking livenessProbe in seconds

30

space.livenessProbe.timeoutSeconds

Timeout of livenessProbe in seconds

30

space.livenessProbe.failureThreshold

Number of retries if livenessProbe fails

5

space.livenessProbe.successThreshold

Min consecutive successes for livenessProbe to be considered successful

1

space.readinessProbe.enabled

Enables/disables readinessProbe

true

space.readinessProbe.initialDelaySeconds

Initial delay in seconds before taking the first readinessProbe

60

space.readinessProbe.periodSeconds

Period of taking readinessProbe in seconds

10

space.readinessProbe.timeoutSeconds

Timeout of readinessProbe in seconds

30

space.readinessProbe.failureThreshold

Number of retries if readinessProbe fails

5

space.readinessProbe.successThreshold

Min consecutive successes for readinessProbe to be considered successful

1

space.startupProbe.enabled

Enables/disables readinessProbe

true

space.startupProbe.initialDelaySeconds

Initial delay in seconds before taking the first startupProbe

60

space.startupProbe.periodSeconds

Period of taking startupProbe in seconds

15

space.startupProbe.timeoutSeconds

Timeout of startupProbe in seconds

30

space.startupProbe.failureThreshold

Number of retries if startupProbe fails

20

space.startupProbe.successThreshold

Min consecutive successes for startupProbe to be considered successful

1

space.serviceAccount.create

Specifies whether to create a service account

false

space.serviceAccount.name

Service account name

""

space.serviceAccount.automountServiceAccountToken

Specifies if the account can mount the access token from the Kubernetes API

true

space.serviceAccount.annotations

Key/value map of annotations

{}

space.autoscaling.enabled

Enables/disables autoscaling

false

space.autoscaling.minReplicas

Minimum number of pods

1

space.autoscaling.maxReplicas

Maximum number of pods

11

space.autoscaling.targetCPU

CPU utilization threshold

""

space.autoscaling.targetMemory

Memory utilization threshold

""

space.masterSecret

Main encryption key

""

space.webHookSecret

Webhook encryption key

""

space.recaptcha.enabled

Enables/disables reCAPTCHA

false

space.recaptcha.type

reCAPTCHA version

v2

space.recaptcha.siteKey

siteKey used for identifying the application

""

space.recaptcha.secretKey

secretKey used for authentication with reCAPTCHA

""

space.recaptcha.externalSecretName

Name of the external secret with reCAPTCHA settings

""

space.localAdministrator.firstName

First name

""

space.localAdministrator.lastName

Last name

""

space.localAdministrator.username

Username

""

space.localAdministrator.password

Password

""

space.localAdministrator.email

Email

""

space.externalSecretName

Name of the main secret

""

space.mail.enabled

Enables/disables outgoing mail from Space

false

space.mail.username

Username of the SMTP server account that will be used to send email

""

space.mail.password

Password of the SMTP server account that will be used to send email

""

space.mail.hostname

SMTP server hostname

""

space.mail.port

(Required) SMTP server port. Typically, 25 or 2525

""

space.mail.protocol

Mail server protocol. Typically, SSL, TLS or SMTP

""

space.mail.settings.fromAddress

(Required) Email address. Space will use it to send email

""

space.mail.settings.aggregationDelaysInSec

The interval at which outgoing notifications are aggregated to

""

space.mail.settings.rateLimitPerSecond

Outgoing mail limit in emails per second. Default is 3.

""

space.mail.settings.messageQueuePrefix

Waiting queue name. Essentially it's the name of a folder in the

""

space.mail.externalSecretName

It is possible to supply mail settings in the form of en external k8s secret

""

space.oauth.accessTokenRsaPublic

X.509-encoded public key for issuing access tokens by the OAuth 2.0 authentication server

""

space.oauth.accessTokenRsaPrivate

PKCS#8-encoded 4096-bit private key for issuing access tokens by the OAuth 2.0 authentication server.

""

space.oauth.messageEncodingKey

128-bit key. To generate, run $(openssl rand -base64 16)

""

space.oauth.encodingKey2fa

128-bit key. To generate, run $(openssl rand -base64 16)

""

space.oauth.encodingKey

128-bit key. To generate, run $(openssl rand -base64 16)

""

space.oauth.messageSigningRsaPublic

X.509-encoded public key for signing/verifying outgoing messages to external applications

""

space.oauth.messageSigningRsaPrivate

PKCS#8-encoded 4096-bit private key for signing/verifying outgoing messages to external applications

""

space.oauth.externalSecretName

Name of the external secret with authentication server settings

""

space.license

License string

""

space.database.hostname

Database hostname

""

space.database.port

Database port

""

space.database.name

Database name

""

space.database.username

Database username

""

space.database.password

Database password

""

space.database.externalSecretName

Name of the external secret with database settings

""

space.database.settings.idlePoolSize

Size of the idle pool

""

space.eventbus.hostname

Redis hostname

""

space.eventbus.port

Redis port

""

space.eventbus.username

(Optional) Redis username

""

space.eventbus.password

(Optional) Redis password

""

space.eventbus.externalSecretName

Name of the external secret with Redis settings

""

space.objectStorage.region

Region where the bucket is located

""

space.objectStorage.bucketName

Bucket name

""

space.objectStorage.bucketCreated

"true" if the bucket exists or "false" otherwise

true

space.objectStorage.url

Storage URL

""

space.objectStorage.accessKey

Storage access key

""

space.objectStorage.secretKey

Storage secret key

""

space.objectStorage.externalSecretName

Name of the external secret with storage settings

""

space.elastic.search.hostname

Elasticsearch hostname

""

space.elastic.search.port

Elasticsearch port

""

space.elastic.search.scheme

Elasticsearch URL scheme (http by default). Possible values: http, https

""

space.elastic.search.prefix

Elasticsearch prefix

""

space.elastic.search.auth.token

Bearer authentication token

""

space.elastic.search.auth.apiKey

API key for ApiKey authentication

""

space.elastic.search.auth.username

Username for Basic authentication

""

space.elastic.search.auth.password

Password for Basic authentication

""

space.elastic.search.externalSecretName

Name of the external secret with Elasticsearch settings

""

space.elastic.audit.hostname

Elasticsearch audit hostname

""

space.elastic.audit.port

Elasticsearch audit port

""

space.elastic.audit.scheme

Elasticsearch audit URL scheme (http by default). Possible values: http, https

""

space.elastic.audit.auth.token

Bearer authentication token

""

space.elastic.audit.auth.apiKey

API key for ApiKey authentication

""

space.elastic.audit.auth.username

Username for Basic authentication

""

space.elastic.audit.auth.password

Password for Basic authentication

""

space.elastic.audit.externalSecretName

Name of the external secret with Elasticsearch audit settings

""

space.elastic.metrics.hostname

Elasticsearch metrics hostname

""

space.elastic.metrics.port

Elasticsearch metrics port

""

space.elastic.metrics.scheme

Elasticsearch metrics URL scheme (http by default). Possible values: http, https

""

space.elastic.metrics.auth.token

Bearer authentication token

""

space.elastic.metrics.auth.apiKey

API key for ApiKey authentication

""

space.elastic.metrics.auth.username

Username for Basic authentication

""

space.elastic.metrics.auth.password

Password for Basic authentication

""

space.elastic.metrics.externalSecretName

Name of the external secret with Elasticsearch metrics settings

""

space.vcs.url

Git hosting URL

""

space.vcs.token

Git authentication token. Space and VCS must refer to the same value: vcs.secrets.spaceAccessKey.

""

space.vcs.externalSecretName

Name of the external secret with VCS settings

""

space.externalUrl

Space URL

""

space.altUrls

List of additional Space URLs

""

space.packages.externalUrl

Packages URL

""

space.automation.logs.storage.region

Region where the log storage bucket is located

""

space.automation.logs.storage.bucketName

Log storage bucket name

""

space.automation.logs.storage.bucketCreated

"true" if the bucket exists or "false" otherwise

true

space.automation.logs.storage.url

Log storage URL

""

space.automation.logs.storage.accessKey

Log storage access key

""

space.automation.logs.storage.secretKey

Log storage secret key

""

space.automation.logs.storage.externalSecretName

Name of the external secret with log storage settings

""

space.automation.worker.image.registry

Container image registry

public.registry.jetbrains.space

space.automation.worker.image.repository

Repository with the Automation worker image

p/space/containers/space-automation-worker

space.automation.worker.image.tag

Version of the Automation worker image

2024.2.2.87

space.automation.worker.storage.region

Region where the worker storage bucket is located

""

space.automation.worker.storage.bucketName

Worker storage bucket name

""

space.automation.worker.storage.bucketCreated

"true" if the bucket exists or "false" otherwise

true

space.automation.worker.storage.url

Worker storage URL

""

space.automation.worker.storage.accessKey

Worker storage access key

""

space.automation.worker.storage.secretKey

Worker storage secret key

""

space.automation.worker.storage.externalSecretName

Тame of the external secret with worker storage settings

""

space.automation.builder.image.registry

Container image registry

public.registry.jetbrains.space

space.automation.builder.image.repository

Repository with the Automation builder image

p/space/containers/space-automation-docker-builder

space.automation.builder.image.tag

Version of the Automation builder image

2024.2.2.87

space.automation.dslCompiler.image.registry

Container image registry

public.registry.jetbrains.space

space.automation.dslCompiler.image.repository

Repository with the Automation DSL compiler image

p/space/containers/space-automation-dsl-compile

space.automation.dslCompiler.image.tag

Version of the Automation DSL compiler image

2024.2.2.87

space.automation.dslCompiler.storage.region

Region where the DSL compiler storage bucket is located

""

space.automation.dslCompiler.storage.bucketName

DSL compiler storage bucket name

""

space.automation.dslCompiler.storage.bucketCreated

"true" if the bucket exists or "false" otherwise

true

space.automation.dslCompiler.storage.url

DSL compiler storage URL

""

space.automation.dslCompiler.storage.accessKey

DSL compiler storage access key

""

space.automation.dslCompiler.storage.secretKey

DSL compiler storage secret key

""

space.automation.dslCompiler.storage.externalSecretName

Name of the external secret with the DSL compiler storage settings

""

space.ingress.enabled

Enables/disables Ingress for routing inbound traffic

true

space.ingress.pathType

Ingress path type

ImplementationSpecific

space.ingress.hostname

Ingress hostname

space.jetbrains.local

space.ingress.annotations

Key/value map with annotations

{}

space.ingress.tls

Enables/disables TLS for the hostname

false

space.ingress.selfSigned

Specifies whether to create a self-signed certificate for $parent.hostname

false

space.ingress.path

Ingress path array

/

space.ingress.extraPaths

Ingress extra paths

[]

space.ingress.extraTLS

Additional TLS configuration

[]

space.ingress.secret

Name of the external secret for $parent.hostname

""

space.ingress.ingressClassName

IngressClass name

""

space.ingress.extraRules

Additional Ingress rules

[]

space.defaultInitContainers.images.redis.registry

Container image registry

docker.io

space.defaultInitContainers.images.redis.repository

Repository with the Redis image

bitnami/redis

space.defaultInitContainers.images.redis.tag

Version of the Redis image

6.2.7

space.defaultInitContainers.images.redis.pullPolicy

Redis image pull policy

Always

space.defaultInitContainers.images.postgresql.registry

Container image registry

docker.io

space.defaultInitContainers.images.postgresql.repository

Repository with the PostgreSQL image

bitnami/postgresql

space.defaultInitContainers.images.postgresql.tag

Version of the PostgreSQL image

11.12.0

space.defaultInitContainers.images.postgresql.pullPolicy

PostgreSQL image pull policy

Always

space.defaultInitContainers.images.busybox.registry

Container image registry

docker.io

space.defaultInitContainers.images.busybox.repository

Repository with the BusyBox image

busybox

space.defaultInitContainers.images.busybox.tag

Version of the BusyBox image

1.28.0

space.defaultInitContainers.images.busybox.pullPolicy

BusyBox image pull policy

Always

space.defaultInitContainers.resources.requests.cpu

Max CPU available for a pod (resource request)

500m

space.defaultInitContainers.resources.requests.memory

Max memory available for a pod (resource request)

512Mi

space.defaultInitContainers.resources.limits.cpu

Min CPU available for a pod (resource limit)

500m

space.defaultInitContainers.resources.limits.memory

Min memory available for a pod (resource limit)

512Mi

space.defaultInitContainers.containerSecurityContext.enabled

Enables/disables Security Context

true

space.defaultInitContainers.containerSecurityContext.runAsUser

ID of the user who runs the process

10001

space.defaultInitContainers.containerSecurityContext.runAsNonRoot

Specifies if the process can run under the root user

true

space.defaultInitContainers.containerSecurityContext.allowPrivilegeEscalation

Specifies if the process can get more permissions at run-time

false

space.defaultInitContainers.containerSecurityContext.readOnlyRootFilesystem

Specifies if the root filesystem of the process is read-only

true

space.defaultInitContainers.containerSecurityContext.capabilities.drop

List of Kernel capabilities that the process is not allowed to use

["NET_RAW","ALL"]

VCS

Name

Description

Value

vcs.image.registry

Container image registry

public.registry.jetbrains.space

vcs.image.repository

Repository with the VCS image

p/space-on-premises/docker/vcs-hosting

vcs.image.tag

Version of the VCS image

2024.2.2

vcs.image.pullPolicy

VCS image pull policy

Always

vcs.image.pullSecrets

Name of the external secret with registry credentials

[]

vcs.config

Overrides the default VCS application configuration

""

vcs.replicaCount

Initial number of pods for the application

2

vcs.podLabels

Custom pod labels

{}

vcs.podAnnotations

Custom pod annotations

{}

vcs.extraEnvs

Additional environment variables

[]

vcs.extraJavaOpts

Additional settings included in the JAVA_OPTS environment variable

""

vcs.resources.requests.cpu

Max CPU available for a pod (resource request)

1000m

vcs.resources.requests.memory

Max memory available for a pod (resource request)

1024Mi

vcs.resources.limits.cpu

Min CPU available for a pod (resource limit)

1000m

vcs.resources.limits.memory

Min memory available for a pod (resource limit)

1024Mi

vcs.service.ports.restAPI

VCS API port number

19084

vcs.service.ports.ssh

SSH port number

12222

vcs.service.annotations

Additional annotations

{}

vcs.externalService.enabled

Enable external service exposure

true

vcs.externalService.type

External service type

""

vcs.externalService.port

External service port

""

vcs.externalService.annotations

Additional annotations

{}

vcs.podSecurityContext.enabled

Enables/disables security context

true

vcs.podSecurityContext.fsGroup

Group ID that has access to the filesystem at run-time

10001

vcs.containerSecurityContext.enabled

Enables/disables security context

true

vcs.containerSecurityContext.runAsUser

ID of the user who runs the process

10001

vcs.containerSecurityContext.runAsNonRoot

Specifies if the process can run under the root user

true

vcs.containerSecurityContext.allowPrivilegeEscalation

Specifies if the process can get more permissions at run-time

false

vcs.containerSecurityContext.readOnlyRootFilesystem

Specifies if the root filesystem of the process is read-only

true

vcs.containerSecurityContext.capabilities.drop

List of Kernel capabilities that the process is not allowed to use

["NET_RAW","ALL"]

vcs.livenessProbe.enabled

Enables/disables livenessProbe

true

vcs.livenessProbe.initialDelaySeconds

Initial delay in seconds before taking the first livenessProbe

60

vcs.livenessProbe.periodSeconds

Period of taking livenessProbe in seconds

30

vcs.livenessProbe.timeoutSeconds

Timeout of livenessProbe in seconds

30

vcs.livenessProbe.failureThreshold

Number of retries if livenessProbe fails

5

vcs.livenessProbe.successThreshold

Min consecutive successes for livenessProbe to be considered successful

1

vcs.readinessProbe.enabled

Enables/disables readinessProbe

true

vcs.readinessProbe.initialDelaySeconds

Initial delay in seconds before taking the first readinessProbe

60

vcs.readinessProbe.periodSeconds

Period of taking readinessProbe in seconds

10

vcs.readinessProbe.timeoutSeconds

Timeout of readinessProbe in seconds

30

vcs.readinessProbe.failureThreshold

Number of retries if readinessProbe fails

5

vcs.readinessProbe.successThreshold

Min consecutive successes for readinessProbe to be considered successful

1

vcs.serviceAccount.create

Specifies whether to create a service account

false

vcs.serviceAccount.name

Service account name

""

vcs.serviceAccount.automountServiceAccountToken

Specifies if the account can mount the access token from the Kubernetes API

true

vcs.serviceAccount.annotations

Key/value map of annotations

{}

vcs.autoscaling.enabled

Enables/disables autoscaling

false

vcs.autoscaling.minReplicas

Minimum number of pods

1

vcs.autoscaling.maxReplicas

Maximum number of pods

11

vcs.autoscaling.targetCPU

CPU utilization threshold

""

vcs.autoscaling.targetMemory

Memory utilization threshold

""

vcs.mirrorAny

For security reasons, VCS doesn't allow mirroring hostnames located on the same network as the VCS service (as per RFC 1918). To enable the mirroring anyway, set the value to 'true'

false

vcs.storage.eventbus.architecture

Event bus architecture

""

vcs.storage.eventbus.hostname

Event bus hostname

""

vcs.storage.eventbus.port

Event bus port

""

vcs.storage.eventbus.username

(Optional) Username for accessing the event bus service

""

vcs.storage.eventbus.password

(Optional) Password for accessing the event bus service

""

vcs.storage.eventbus.externalSecretName

Name of the external secret with event bus settings

""

vcs.storage.objectStorage.region

Region where the VCS storage bucket is located

""

vcs.storage.objectStorage.bucketName

VCS storage bucket name

""

vcs.storage.objectStorage.url

VCS storage URL

""

vcs.storage.objectStorage.accessKey

VCS storage access key

""

vcs.storage.objectStorage.secretKey

VCS storage secret key

""

vcs.storage.objectStorage.externalSecretName

Name of the external secret with the VCS storage settings

""

vcs.storage.database.name

Database name

""

vcs.storage.database.hostname

Database hostname

""

vcs.storage.database.port

Database port

""

vcs.storage.database.username

Database username

""

vcs.storage.database.password

Database password

""

vcs.storage.database.externalSecretName

Name of the external secret with the database settings

""

vcs.secrets.sshServerKey

2048-bit RSA private key the VCS server will use to respond on the SSH port

""

vcs.secrets.spaceAccessKey

Here you must specify the same value as in space.vcs.token

""

vcs.secrets.externalSecretName

Name of the external secret with the secrets settings

""

vcs.externalUrl

Public URL of the VCS server

""

vcs.spaceExternalUrl

External URL for the Space application

""

vcs.ingress.enabled

Enables/disables Ingress for routing VCS traffic

true

vcs.ingress.pathType

Ingress path type

ImplementationSpecific

vcs.ingress.hostname

Ingress hostname

git.jetbrains.local

vcs.ingress.annotations

Key/value map with annotations

{}

vcs.ingress.tls

Enables/disables TLS for the hostname

false

vcs.ingress.selfSigned

Specifies whether to create a self-signed certificate for $parent.hostname

false

vcs.ingress.path

Ingress path array

/

vcs.ingress.extraPaths

Ingress extra paths

[]

vcs.ingress.extraTLS

Additional TLS configuration

[]

vcs.ingress.secret

Name of the external secret for $parent.hostname

""

vcs.ingress.ingressClassName

IngressClass name

""

vcs.ingress.extraRules

Additional Ingress rules

[]

vcs.defaultInitContainers.images.redis.registry

Container image registry

docker.io

vcs.defaultInitContainers.images.redis.repository

Repository with the Redis image

bitnami/redis

vcs.defaultInitContainers.images.redis.tag

Version of the Redis image

6.2.7

vcs.defaultInitContainers.images.redis.pullPolicy

Redis image pull policy

Always

vcs.defaultInitContainers.images.postgresql.registry

Container image registry

docker.io

vcs.defaultInitContainers.images.postgresql.repository

Repository with the PostgreSQL image

bitnami/postgresql

vcs.defaultInitContainers.images.postgresql.tag

Version of the PostgreSQL image

11.12.0

vcs.defaultInitContainers.images.postgresql.pullPolicy

PostgreSQL image pull policy

Always

vcs.defaultInitContainers.images.busybox.registry

Container image registry

docker.io

vcs.defaultInitContainers.images.busybox.repository

Repository with the BusyBox image

busybox

vcs.defaultInitContainers.images.busybox.tag

Version of the BusyBox image

1.28.0

vcs.defaultInitContainers.images.busybox.pullPolicy

BusyBox image pull policy

Always

vcs.defaultInitContainers.resources.requests.cpu

Max CPU available for a pod (resource request)

500m

vcs.defaultInitContainers.resources.requests.memory

Max memory available for a pod (resource request)

512Mi

vcs.defaultInitContainers.resources.limits.cpu

Min CPU available for a pod (resource limit)

500m

vcs.defaultInitContainers.resources.limits.memory

Min memory available for a pod (resource limit)

512Mi

vcs.defaultInitContainers.containerSecurityContext.enabled

Enables/disables Security Context

true

vcs.defaultInitContainers.containerSecurityContext.runAsUser

ID of the user who runs the process

10001

vcs.defaultInitContainers.containerSecurityContext.runAsNonRoot

Specifies if the process can run under the root user

true

vcs.defaultInitContainers.containerSecurityContext.allowPrivilegeEscalation

Specifies if the process can get more permissions at run-time

false

vcs.defaultInitContainers.containerSecurityContext.readOnlyRootFilesystem

Specifies if the root filesystem of the process is read-only

true

vcs.defaultInitContainers.containerSecurityContext.capabilities.drop

List of Kernel capabilities that the process is not allowed to use

["NET_RAW","ALL"]

Packages

Name

Description

Value

packages.image.registry

Container image registry

public.registry.jetbrains.space

packages.image.repository

Repository with the Packages image

p/space-on-premises/docker/packages

packages.image.tag

Version of the Packages image

2024.2.2

packages.image.pullPolicy

Packages image pull policy

Always

packages.image.pullSecrets

Name of the external secret with registry credentials

[]

packages.config

Overrides the default Packages application configuration

""

packages.replicaCount

Initial number of pods for the application

2

packages.podLabels

Custom pod labels

{}

packages.podAnnotations

Custom pod annotations

{}

packages.extraEnvs

Additional environment variables

[]

packages.extraJavaOpts

Additional settings included in the JAVA_OPTS environment variable

""

packages.resources.requests.cpu

Max CPU available for a pod (resource request)

1000m

packages.resources.requests.memory

Max memory available for a pod (resource request)

1024Mi

packages.resources.limits.cpu

Min CPU available for a pod (resource limit)

1000m

packages.resources.limits.memory

Min memory available for a pod (resource limit)

1024Mi

packages.service.ports.restAPIexternal

Port number of the Packages external API

8390

packages.service.ports.restAPIinternal

Port number of the Packages internal API

9390

packages.service.annotations

Additional annotations

{}

packages.podSecurityContext.enabled

Enables/disables security context

true

packages.podSecurityContext.fsGroup

Group ID that has access to the filesystem at run-time

10001

packages.containerSecurityContext.enabled

Enables/disables security context

true

packages.containerSecurityContext.runAsUser

ID of the user who runs the process

10001

packages.containerSecurityContext.runAsNonRoot

Specifies if the process can run under the root user

true

packages.containerSecurityContext.allowPrivilegeEscalation

Specifies if the process can get more permissions at run-time

false

packages.containerSecurityContext.readOnlyRootFilesystem

Specifies if the root filesystem of the process is read-only

true

packages.containerSecurityContext.capabilities.drop

List of Kernel capabilities that the process is not allowed to use

["NET_RAW","ALL"]

packages.livenessProbe.enabled

Enables/disables livenessProbe

true

packages.livenessProbe.initialDelaySeconds

Initial delay in seconds before taking the first livenessProbe

60

packages.livenessProbe.periodSeconds

Period of taking livenessProbe in seconds

30

packages.livenessProbe.timeoutSeconds

Timeout of livenessProbe in seconds

30

packages.livenessProbe.failureThreshold

Number of retries if livenessProbe fails

5

packages.livenessProbe.successThreshold

Min consecutive successes for livenessProbe to be considered successful

1

packages.readinessProbe.enabled

Enables/disables readinessProbe

true

packages.readinessProbe.initialDelaySeconds

Initial delay in seconds before taking the first readinessProbe

60

packages.readinessProbe.periodSeconds

Period of taking readinessProbe in seconds

10

packages.readinessProbe.timeoutSeconds

Timeout of readinessProbe in seconds

30

packages.readinessProbe.failureThreshold

Number of retries if readinessProbe fails

5

packages.readinessProbe.successThreshold

Min consecutive successes for readinessProbe to be considered successful

1

packages.startupProbe.enabled

Enables/disables readinessProbe

true

packages.startupProbe.initialDelaySeconds

Initial delay in seconds before taking the first startupProbe

60

packages.startupProbe.periodSeconds

Period of taking startupProbe in seconds

15

packages.startupProbe.timeoutSeconds

Timeout of startupProbe in seconds

30

packages.startupProbe.failureThreshold

Number of retries if startupProbe fails

20

packages.startupProbe.successThreshold

Min consecutive successes for startupProbe to be considered successful

1

packages.serviceAccount.create

Specifies whether to create a service account

false

packages.serviceAccount.name

Service account name

""

packages.serviceAccount.automountServiceAccountToken

Specifies if the account can mount the access token from the Kubernetes API

true

packages.serviceAccount.annotations

Key/value map of annotations

{}

packages.autoscaling.enabled

Enables/disables autoscaling

false

packages.autoscaling.minReplicas

Minimum number of pods

1

packages.autoscaling.maxReplicas

Maximum number of pods

11

packages.autoscaling.targetCPU

CPU utilization threshold

""

packages.autoscaling.targetMemory

Memory utilization threshold

""

packages.database.hostname

Database hostname

""

packages.database.port

Database port

""

packages.database.name

Database name

""

packages.database.username

Database username

""

packages.database.password

Database password

""

packages.database.externalSecretName

Name of the external secret with the database settings

""

packages.database.settings.idlePoolSize

Size of the idle pool

""

packages.eventbus.hostname

Redis hostname

""

packages.eventbus.port

Redis port

""

packages.eventbus.username

(Optional) Redis username

""

packages.eventbus.password

(Optional) Redis password

""

packages.eventbus.externalSecretName

Name of the external secret with Redis settings

""

packages.objectStorage.region

Region where the bucket is located

""

packages.objectStorage.bucketName

Bucket name

""

packages.objectStorage.bucketCreated

"true" if the bucket exists or "false" otherwise

true

packages.objectStorage.url

Storage URL, accessible both by the k8s pods and external clients.

""

packages.objectStorage.accessKey

Storage access key

""

packages.objectStorage.secretKey

Storage secret key

""

packages.objectStorage.externalSecretName

Name of the external secret with storage settings

""

packages.elastic.search.hostname

Elasticsearch hostname

""

packages.elastic.search.port

Elasticsearch port

""

packages.elastic.search.scheme

Elasticsearch URL scheme (http by default). Possible values: http, https

""

packages.elastic.search.prefix

Elasticsearch prefix

""

packages.elastic.search.auth.token

Bearer authentication token

""

packages.elastic.search.auth.apiKey

API key for ApiKey authentication

""

packages.elastic.search.auth.username

Username for Basic authentication

""

packages.elastic.search.auth.password

Password for Basic authentication

""

packages.elastic.search.externalSecretName

Name of the external secret with Elasticsearch settings

""

packages.externalUrl

Public URL

""

packages.internalUrl

Internal URL

""

packages.oauth.clientId

Client Id used for interaction between Space and Packages API

""

packages.oauth.clientSecret

Client secret used for interaction between Space and Packages API

""

packages.oauth.externalSecretName

Name of the external secret with Packages settings

""

packages.space.externalUrl

Public URL

""

packages.space.internalUrl

Internal URL

""

packages.ingress.enabled

Enables/disables Ingress for routing inbound traffic

true

packages.ingress.pathType

Ingress path type

ImplementationSpecific

packages.ingress.hostname

Ingress hostname

packages.jetbrains.local

packages.ingress.annotations

Key/value map with annotations

{}

packages.ingress.tls

Enables/disables TLS for the hostname

false

packages.ingress.selfSigned

Specifies whether to create a self-signed certificate for $parent.hostname

false

packages.ingress.path

Ingress path array

/

packages.ingress.extraPaths

Ingress extra paths

[]

packages.ingress.extraTLS

Additional TLS configuration

[]

packages.ingress.secret

Name of the external secret for $parent.hostname

""

packages.ingress.ingressClassName

IngressClass name

""

packages.ingress.extraRules

Additional Ingress rules

[]

packages.defaultInitContainers.images.redis.registry

Container image registry

docker.io

packages.defaultInitContainers.images.redis.repository

Repository with the Redis image

bitnami/redis

packages.defaultInitContainers.images.redis.tag

Version of the Redis image

6.2.7

packages.defaultInitContainers.images.redis.pullPolicy

Redis image pull policy

Always

packages.defaultInitContainers.images.postgresql.registry

Container image registry

docker.io

packages.defaultInitContainers.images.postgresql.repository

Repository with the PostgreSQL image

bitnami/postgresql

packages.defaultInitContainers.images.postgresql.tag

Version of the PostgreSQL image

11.12.0

packages.defaultInitContainers.images.postgresql.pullPolicy

PostgreSQL image pull policy

Always

packages.defaultInitContainers.images.busybox.registry

Container image registry

docker.io

packages.defaultInitContainers.images.busybox.repository

Repository with the BusyBox image

busybox

packages.defaultInitContainers.images.busybox.tag

Version of the BusyBox image

1.28.0

packages.defaultInitContainers.images.busybox.pullPolicy

BusyBox image pull policy

Always

packages.defaultInitContainers.resources.requests.cpu

Max CPU available for a pod (resource request)

500m

packages.defaultInitContainers.resources.requests.memory

Max memory available for a pod (resource request)

512Mi

packages.defaultInitContainers.resources.limits.cpu

Min CPU available for a pod (resource limit)

500m

packages.defaultInitContainers.resources.limits.memory

Min memory available for a pod (resource limit)

512Mi

packages.defaultInitContainers.containerSecurityContext.enabled

Enables/disables Security Context

true

packages.defaultInitContainers.containerSecurityContext.runAsUser

ID of the user who runs the process

10001

packages.defaultInitContainers.containerSecurityContext.runAsNonRoot

Specifies if the process can run under the root user

true

packages.defaultInitContainers.containerSecurityContext.allowPrivilegeEscalation

Specifies if the process can get more permissions at run-time

false

packages.defaultInitContainers.containerSecurityContext.readOnlyRootFilesystem

Specifies if the root filesystem of the process is read-only

true

packages.defaultInitContainers.containerSecurityContext.capabilities.drop

List of Kernel capabilities that the process is not allowed to use

["NET_RAW","ALL"]

Lang-service

Name

Description

Value

langservice.image.registry

Container image registry

public.registry.jetbrains.space

langservice.image.repository

Repository with the Langservice image

p/space-on-premises/docker/langservice

langservice.image.tag

Version of the Langservice image

2024.2.2

langservice.image.pullPolicy

Langservice image pull policy

Always

langservice.image.pullSecrets

Name of the external secret with registry credentials

[]

langservice.config

Overrides the default Langservice application configuration

""

langservice.replicaCount

Initial number of pods for the application

2

langservice.podLabels

Custom pod labels

{}

langservice.podAnnotations

Custom pod annotations

{}

langservice.extraEnvs

Additional environment variables

[]

langservice.extraJavaOpts

Additional settings included in the JAVA_OPTS environment variable

""

langservice.resources.requests.cpu

Max CPU available for a pod (resource request)

500m

langservice.resources.requests.memory

Max memory available for a pod (resource request)

512Mi

langservice.resources.limits.cpu

Min CPU available for a pod (resource limit)

500m

langservice.resources.limits.memory

Min memory available for a pod (resource limit)

512Mi

langservice.service.ports.restAPI

Langservice port number

8095

langservice.service.annotations

Additional annotations

{}

langservice.podSecurityContext.enabled

Enables/disables security context

true

langservice.podSecurityContext.fsGroup

Group ID that has access to the filesystem at run-time

10001

langservice.containerSecurityContext.enabled

Enables/disables security context

true

langservice.containerSecurityContext.runAsUser

ID of the user who runs the process

10001

langservice.containerSecurityContext.runAsNonRoot

Specifies if the process can run under the root user

true

langservice.containerSecurityContext.allowPrivilegeEscalation

Specifies if the process can get more permissions at run-time

false

langservice.containerSecurityContext.readOnlyRootFilesystem

Specifies if the root filesystem of the process is read-only

true

langservice.containerSecurityContext.capabilities.drop

List of Kernel capabilities that the process is not allowed to use

["NET_RAW","ALL"]

langservice.serviceAccount.create

Specifies whether to create a service account

false

langservice.serviceAccount.name

Service account name

""

langservice.serviceAccount.automountServiceAccountToken

Specifies if the account can mount the access token from the Kubernetes API

true

langservice.serviceAccount.annotations

Key/value map of annotations

{}

langservice.autoscaling.enabled

Enables/disables autoscaling

false

langservice.autoscaling.minReplicas

Minimum number of pods

1

langservice.autoscaling.maxReplicas

Maximum number of pods

11

langservice.autoscaling.targetCPU

CPU utilization threshold

""

langservice.autoscaling.targetMemory

Memory utilization threshold

""

langservice.livenessProbe.enabled

Enables/disables livenessProbe

true

langservice.livenessProbe.initialDelaySeconds

Initial delay in seconds before taking the first livenessProbe

60

langservice.livenessProbe.periodSeconds

Period of taking livenessProbe in seconds

30

langservice.livenessProbe.timeoutSeconds

Timeout of livenessProbe in seconds

30

langservice.livenessProbe.failureThreshold

Number of retries if livenessProbe fails

5

langservice.livenessProbe.successThreshold

Min consecutive successes for livenessProbe to be considered successful

1

langservice.readinessProbe.enabled

Enables/disables readinessProbe

true

langservice.readinessProbe.initialDelaySeconds

Initial delay in seconds before taking the first readinessProbe

60

langservice.readinessProbe.periodSeconds

Period of taking readinessProbe in seconds

10

langservice.readinessProbe.timeoutSeconds

Timeout of readinessProbe in seconds

30

langservice.readinessProbe.failureThreshold

Number of retries if readinessProbe fails

5

langservice.readinessProbe.successThreshold

Min consecutive successes for readinessProbe to be considered successful

1

Compute-service

Name

Description

Value

computeservice.enabled

Enables/disables Space automation and remote development

false

computeservice.createNamespace

Enables/disables creating namespace

true

computeservice.image.registry

URL of the container registry

public.registry.jetbrains.space

computeservice.image.repository

URL of the container repository

p/space-on-premises/docker/compute-service

computeservice.image.tag

Image version

2024.2.2

computeservice.image.pullPolicy

Pull policy of the container image

Always

computeservice.image.pullSecrets

Registry credentials. Specify not the credentials but the corresponding secrets

[]

computeservice.autoscaling.enabled

Enables/disables autoscaling

false

computeservice.autoscaling.minReplicas

Minimum number of pods

1

computeservice.autoscaling.maxReplicas

Maximum number of pods

7

computeservice.autoscaling.targetCPU

CPU utilization threshold

""

computeservice.autoscaling.targetMemory

Memory utilization threshold

""

computeservice.database.hostname

Database hostname

""

computeservice.database.port

Database port

""

computeservice.database.name

Database name

""

computeservice.database.username

Database username

""

computeservice.database.password

Database password

""

computeservice.database.externalSecretName

Name of the external secret with the database settings

""

computeservice.database.settings.idlePoolSize

Size of the idle pool

""

computeservice.worker.namespaceSuffix

jobs namespace suffix

automation-jobs

computeservice.worker.imagePullSecrets

Registry credentials. Specify not the credentials but the corresponding secrets, see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry, example: "docker_credentinals_1,docker_credentinals_2"

""

computeservice.worker.initialVersion

worker version

2024.2.2.87

computeservice.worker.image.registry

ComputeService worker image registry

public.registry.jetbrains.space

computeservice.worker.image.repository

Repository with the ComputeService worker image

p/space/containers/space-automation-worker-k8s

computeservice.worker.image.tag

Version of the ComputeService worker image

2024.2.2.87

computeservice.worker.defaultVolumeGb

Size of volume which will be mapped to task root dir: will allow to isolate IOPS amd do not use node space

0

computeservice.worker.subPaths

Volume mapping inside container

/var/lib/docker:worker-docker

computeservice.worker.extraHosts

for test purposes when DNS is not available, example: "10.0.0.1:vcs.service.local,10.0.0.1:packages.service.local"

""

computeservice.worker.sysbox.enabled

set true for using https://github.com/nestybox/sysbox and disable privileged mode

false

computeservice.worker.sysbox.runtimeClassName

"sysbox-runc" by default

sysbox-runc

computeservice.worker.sysbox.podAnnotations

"io.kubernetes.cri-o.userns-mode;auto:size=65536"

io.kubernetes.cri-o.userns-mode=auto:size=65536

computeservice.worker.storageClassName

(k8s specific) The name of a k8s storage class to use to create new volumes for dynamically created workers

ebs-sc

computeservice.replicas

Number of ComputeService pods.

1

computeservice.resources.limits.cpu

CPU resource limit for a ComputeService pod

1000m

computeservice.resources.limits.memory

Memory resource limit for a ComputeService pod

1024Mi

computeservice.resources.requests.cpu

CPU resource request for a ComputeService pod

1000m

computeservice.resources.requests.memory

CPU resource request for a ComputeService pod

1024Mi

computeservice.oauth.clientId

Name of the oAuth client that the Space and ComputeService applications will use to communicate with each other.

space-to-computeservice-client

computeservice.oauth.clientSecret

Symmetric 256-bit string the Space and ComputeService applications will use to communicate with each other.

""

computeservice.additionalJavaOpts

Java Options values you want to pass to the ComputeService application.

""

computeservice.service.ports.port

External port of the ComputeService service. The Space service must be able to connect to it inside the namespace.

8098

computeservice.service.ports.internalPort

Internal port of the ComputeService service. The Space service must be able to connect to it inside the namespace.

9098

computeservice.service.annotations

{}

computeservice.affinity.enabled

enable jobs affinity

false

computeservice.affinity.globalAffinityKey

used for sending jobs to nodes with such label key

key1

computeservice.affinity.globalAffinityValue

used for sending jobs to nodes with such label value

value2

Last modified: 05 August 2024