Helm values
Latest version: 1.16.0
Helm repo
When you create a project with DX Cloud, a values.yml
file is generated for you from the PaaS Helm Chart.
The values.yml
file contains important project information for configuring items such as:
Yes, you can change the values for certain properties in the values.yml
file.
However, it’s important that you don’t change some values as this could have serious consequences for your project.
This page guides you through the properties that you can change while helping you avoid changing the wrong properties.
Ingresses
An Ingress resource defines rules for how external HTTP/HTTPS traffic should be routed to services within a cluster.
The ingress:
section in the values.yml
file contains configurable properties around enabling the ingress, annotations, hosts, and transport layer security.
The properties shown in the example below are configurable.
You should not change any property other than those highlighted here. |
ingress:
enabled: true (1)
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/proxy-body-size: 512m
cert-manager.io/cluster-issuer: "letsencrypt-prod"
hosts:
- host: {{ .Env.DEPLOYMENT }}.author.paastraining.magnolia-platform.io
paths:
- path: /
instance: author
- host: {{ .Env.DEPLOYMENT }}.public.paastraining.magnolia-platform.io
paths:
- path: /
instance: public
tls:
- hosts:
- {{ .Env.DEPLOYMENT }}.author.paastraining.magnolia-platform.io
- {{ .Env.DEPLOYMENT }}.public.paastraining.magnolia-platform.io
# - {{ .Env.DEPLOYMENT }}.frontend-author.paastraining.magnolia-platform.io
# - {{ .Env.DEPLOYMENT }}.frontend-public.paastraining.magnolia-platform.io
secretName: {{ .Env.DEPLOYMENT }}-paastraining-magnolia-platform-io
…
1 | enabled must be true for the ingress configuration to work.
true is the default value when creating a DX Cloud project. |
Ingress properties
Property | Description | ||
---|---|---|---|
|
Enable or disable the ingress file. |
||
While a basic Ingress allows you to define hostnames, paths, and rules, annotations extend its functionality with more advanced configurations. Usually, annotations are used to enhance security, manage traffic, and handle custom behaviors. This is the section where you add any necessary annotations for your project. See Annotations for more details on different annotation options.
|
|||
|
Specify hosts. |
||
|
Specify hosts using transport layer security. Specify a secret name here if you already have a certificate stored and know its name.
If this is not specified, Example
|
Annotations
This section provides you with some annotation examples that you can use in your DX Cloud project.
If you need to whitelist a range of IPs, this can be set using an ingress annotation. The annotation specifies a list of allowed IP ranges in CIDR format, separated by commas.
If you have a CDN, the CDN IPs must be entered in the whitelist range. If you have an internal service, the service’s IPs must be entered in the whitelist range.
nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.1.1/32, 10.0.0.0/16"
You might want to control the buffer size that NGINX uses to store the request body before passing it on to the backend service. This is useful when dealing with larger payloads, such as file uploads.
nginx.ingress.kubernetes.io/client-body-buffer-size: "16k" (1)
1 | NGINX uses a buffer size of 16k or 8k depending on the platform (16k for 64-bit systems, 8k for 32-bit systems).
You can also define the size using k for kilobytes, m for megabytes, or bytes with no suffix required. |
Images
The image:
section of your values.yml file decides which image to use, how to pull the image, and whether authentication is needed, as it would be in the case for private registries.
The properties shown in the example below are configurable.
You should not change any property other than those highlighted here. |
image:
pullSecrets: (1)
- name: gitlab
pullPolicy: Always (2)
1 | Provides credentials for pulling images from private registries.
In this case, gitlab is used to pull from the private GitLab container registry. |
2 | Defines when to pull the image.
Options are Always , IfNotPresent , Never . |
Magnolia Author
The magnoliaAuthor
section of your values.yml
file handles important configuration for the Magnolia Author instance.
The author instance is where authors, also sometimes referred to as editors, are able to create and edit pages, and publish content.
The properties shown in the example below are configurable.
You should not change any property other than those highlighted here. |
magnoliaAuthor:
enabled: true
restartPolicy: Always
redeploy: true
bootstrap:
password: superuser!
activation:
useExistingSecret: False
contextPath: /
base_url: https://{{ .Env.DEPLOYMENT }}.author.paastraining.magnolia-platform.io/
sameSiteCookies: strict
env:
- name: instance
value: "author"
- name: deployment
value: {{ .Env.DEPLOYMENT }}
- name: magnolia.superuser.enabled
value: "true"
- name: magnolia.superuser.password
value: "superuser!"
- name: magnolia.bootstrap.license.owner
value: "[replace with email]"
- name: magnolia.bootstrap.license.key
value: "[replace with key]"
setenv:
memory:
minPercentage: 25
maxPercentage: 60
rescueModeDX: False
catalinaExtraEnv:
magnolia.yaml.envsubst: "true"
resources:
requests:
memory: 4Gi
limits:
memory: 4Gi
livenessProbe:
enabled: true
path: "/.rest/status"
startupProbe:
enabled: True
failureThreshold: 90
periodSeconds: 10
db:
tag: 15-alpine (1)
persistence:
size: "10Gi"
contentsync:
enabled: true
restore:
enabled: False
backup:
enabled: True
env:
- name: MGNLBACKUP_USE_PG_WAL
value: "true"
- name: MGNLBACKUP_SYNC_DIR
value: "/archive"
- name: MGNLBACKUP_NO_STDOUT
value: "true"
- name: MGNLBACKUP_LOGLEVEL
value: "debug"
- name: MGNLBACKUP_BUCKET
value: "paastraining-backup-bucket"
- name: MGNLBACKUP_PREFIX
value: "{{ .Env.DEPLOYMENT }}/author"
- name: MGNLBACKUP_CRON
value: "0 3 * * *"
- name: MGNLBACKUP_KEEPDAYS
value: "30"
- name: MGNLBACKUP_TAGS_RELEASE
value: {{ .Env.DEPLOYMENT }}
#
# Choose backup location based on cloud provider of the cluster
#
# Backup to S3
- name: MGNLBACKUP_S3_ENDPOINT
value: "s3.eu-central-1.amazonaws.com"
- name: MGNLBACKUP_S3_REGION
value: "eu-central-1"
- name: MGNLBACKUP_S3_ACCESSKEY
valueFrom:
secretKeyRef:
name: s3-backup-key
key: accesskey
- name: MGNLBACKUP_S3_SECRETKEY
valueFrom:
secretKeyRef:
name: s3-backup-key
key: secretkey
1 | The PostgreSQL version. This is for informational purposes only. You should not change this property. |
Magnolia Author properties
Property | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|
Boolean that enables the author instance.
If set to |
|||||||||
Should always be set to |
|||||||||
Boolean for redeploying the author instance if there is a change to the parent Helm chart.
|
|||||||||
The context path for the instance.
Example: |
|||||||||
The Magnolia base URL. Example: |
|||||||||
Boolean to determine if rescue mode is enabled or not. Default: For more details on this topic, see Rescue App. |
|||||||||
The environment variables that are added to You can add your own environment variables here. See DX Core: Environment variables for more details.
1.
CATALINA_OPTS is an environment variable that allows you to specify options and arguments passed to the JVM (Java Virtual Machine) when starting Tomcat.
|
|||||||||
Under
|
|||||||||
In the
|
|||||||||
Readiness mechanism for applications that take a significant amount of time to start.
|
|||||||||
Use this section to overwrite Tomcat logging lines.
You can define the
|
|||||||||
The
|
Magnolia Public
The magnoliaPublic
section of your values.yml
file handles important configuration for the Magnolia Public instance.
The public instance is the publicly viewable instance for your site.
The properties shown in the example below are configurable.
You should not change any property other than those highlighted here. |
magnoliaPublic:
enabled: true
restartPolicy: Always
redeploy: true
bootstrap:
password: superuser!
activation:
useExistingSecret: False
contextPath: /
base_url: https://{{ .Env.DEPLOYMENT }}.public.paastraining.magnolia-platform.io/
sameSiteCookies: strict
env:
- name: instance
value: "public"
- name: deployment
value: {{ .Env.DEPLOYMENT }}
- name: magnolia.superuser.enabled
value: "true"
- name: magnolia.superuser.password
value: "superuser!"
- name: magnolia.bootstrap.license.owner
value: "[replace with email]"
- name: magnolia.bootstrap.license.key
value: "[replace with key]"
setenv:
memory:
minPercentage: 25
maxPercentage: 60
rescueModeDX: False
catalinaExtraEnv:
magnolia.yaml.envsubst: "true"
resources:
requests:
memory: 4Gi
limits:
memory: 4Gi
livenessProbe:
enabled: true
path: "/.rest/status"
startupProbe:
enabled: True
failureThreshold: 90
periodSeconds: 10
db:
tag: 15-alpine (1)
persistence:
size: "10Gi"
contentsync:
enabled: true
restore:
enabled: False
backup:
enabled: True
env:
- name: MGNLBACKUP_USE_PG_WAL
value: "true"
- name: MGNLBACKUP_SYNC_DIR
value: "/archive"
- name: MGNLBACKUP_NO_STDOUT
value: "true"
- name: MGNLBACKUP_LOGLEVEL
value: "debug"
- name: MGNLBACKUP_BUCKET
value: "paastraining-backup-bucket"
- name: MGNLBACKUP_PREFIX
value: "{{ .Env.DEPLOYMENT }}/public"
- name: MGNLBACKUP_CRON
value: "0 3 * * *"
- name: MGNLBACKUP_KEEPDAYS
value: "30"
- name: MGNLBACKUP_TAGS_RELEASE
value: {{ .Env.DEPLOYMENT }}
#
# Choose backup location based on cloud provider of the cluster
#
# Backup to S3
- name: MGNLBACKUP_S3_ENDPOINT
value: "s3.eu-central-1.amazonaws.com"
- name: MGNLBACKUP_S3_REGION
value: "eu-central-1"
- name: MGNLBACKUP_S3_ACCESSKEY
valueFrom:
secretKeyRef:
name: s3-backup-key
key: accesskey
- name: MGNLBACKUP_S3_SECRETKEY
valueFrom:
secretKeyRef:
name: s3-backup-key
key: secretkey
1 | The PostgreSQL version. This is for informational purposes only. You should not change this property. |
Magnolia public properties
Property | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|
Boolean that enables the public instance.
If set to |
|||||||||
Should always be set to |
|||||||||
Boolean for redeploying the public instance if there is a change to the parent Helm chart.
|
|||||||||
The context path for the instance.
Example: |
|||||||||
The Magnolia base URL. Example: |
|||||||||
Boolean to determine if rescue mode is enabled or not. Default: For more details on this topic, see Rescue App. |
|||||||||
The environment variables that are added to You can add your own environment variables here. See DX Core: Environment variables for more details.
2.
CATALINA_OPTS is an environment variable that allows you to specify options and arguments passed to the JVM (Java Virtual Machine) when starting Tomcat.
|
|||||||||
Under
|
|||||||||
In the
|
|||||||||
Readiness mechanism for applications that take a significant amount of time to start.
|
|||||||||
Use this section to overwrite Tomcat logging lines.
You can define the
|
|||||||||
The
|
Jars
If you need external JARs or libraries that should be packaged or made available to your DX Cloud project during runtime, you should add them to the jars:
section of the values.yml
file.
The following example shows how the PostgreSQL JDBC driver is loaded.
jars: (1)
- name: postgres-jdbc
repository: registry.gitlab.com/mironet/magnolia-jar/postgres-42.2.8
tag: v0.0.1
env:
- name: INIT_DEST (2)
value: /app/magnolia/WEB-INF/lib
initScript: /init.sh (3)
1 | Add additional JARS in the jars: section.
Do not change any default JARS. |
2 | As of now the only tasks expected from init containers is to copy files to a target directory specified by the env var INIT_DEST . |
3 | This chart expects the init containers to contain an /init.sh script which is called as the only command. |
Timezone
You can set the timezone for your Magnolia instances within the values.yml
file.
You should not change any property other than those highlighted here. |
timezone: Europe/Zurich (1)
1 | Set the timezone for your Magnolia instances. |
Tolerations
In Kubernetes, taints and tolerations work together to control which pods can run on which nodes. This mechanism helps ensure that certain nodes are reserved for particular workloads or types of workloads (e.g., critical system services, high-memory workloads, or databases).
To ensure the whole deployment is using dedicated nodes, you must
# Add Toleration
tolerations: (1)
- key: dedicated (1)
operator: Equal
value: prod
effect: PreferNoSchedule
# Hard Node Affinity
nodeAffinity: (2)
preferredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: dedicated
operator: In
values:
- prod
1 | Allows a dedicated pod to be scheduled on a dedicated node with a matching taint. It specifies that the pod "tolerates" the node’s taint, enabling it to run even if the node is marked for a particular use case. |
2 | Defines the conditions under which a pod can be scheduled on a node. It is used to control which nodes are eligible for scheduling based on labels. |