charts/kreuzberg/values.yaml

# -- Number of replicas.
# WARNING: When cache.enabled=true and cache.accessModes=[ReadWriteOnce], only one
# replica can mount the PVC at a time. Keep replicaCount: 1 with RWO storage, or
# switch to ReadWriteMany storage before increasing replicas. With RWO + multiple
# replicas the deployment strategy must be Recreate (not RollingUpdate).
replicaCount: 1

# -- Deployment strategy. When cache is enabled with ReadWriteOnce storage,
# set to Recreate to avoid Multi-Attach errors during rolling updates.
strategy:
  type: Recreate

image:
  # -- Container image registry
  registry: ghcr.io
  # -- Container image repository
  repository: kreuzberg-dev/kreuzberg
  # -- Image tag. Defaults to Chart.AppVersion when empty.
  # Use "latest" for the full image (Tesseract + PaddleOCR + layout models)
  # or "core" for the minimal image (no pre-downloaded models).
  tag: ""
  # -- Image pull policy
  pullPolicy: IfNotPresent

# -- Image pull secrets for private registries
imagePullSecrets: []

# -- Override the chart name
nameOverride: ""
# -- Override the full release name
fullnameOverride: ""

serviceAccount:
  # -- Create a ServiceAccount
  create: true
  # -- Annotations for the ServiceAccount
  annotations: {}
  # -- Override the ServiceAccount name (defaults to release fullname)
  name: ""

# -- Pod-level annotations
podAnnotations: {}

# -- Pod-level security context
podSecurityContext:
  runAsNonRoot: true
  runAsUser: 1000
  runAsGroup: 1000
  fsGroup: 1000
  seccompProfile:
    type: RuntimeDefault

# -- Container-level security context
securityContext:
  allowPrivilegeEscalation: false
  readOnlyRootFilesystem: true
  capabilities:
    drop: ["ALL"]

service:
  # -- Service type
  type: ClusterIP
  # -- Service port
  port: 80

ingress:
  # -- Enable Ingress
  enabled: false
  # -- Ingress class name (e.g. "nginx")
  className: ""
  # -- Ingress annotations
  annotations: {}
  # -- Ingress hosts
  hosts:
    - host: kreuzberg.local
      paths:
        - path: /
          pathType: Prefix
  # -- Ingress TLS configuration
  tls: []
  #  - secretName: kreuzberg-tls
  #    hosts:
  #      - kreuzberg.local

# -- Container resource requests and limits
resources:
  requests:
    memory: "512Mi"
    cpu: "500m"
  limits:
    memory: "2Gi"
    cpu: "2000m"

autoscaling:
  # -- Enable HorizontalPodAutoscaler
  enabled: false
  # -- Minimum replicas. Note: if podDisruptionBudget.minAvailable equals this
  # value, scale-down will be blocked. Set minReplicas lower than minAvailable
  # or raise minAvailable accordingly.
  minReplicas: 1
  # -- Maximum replicas
  maxReplicas: 10
  # -- Target CPU utilization (percent)
  targetCPUUtilizationPercentage: 80
  # -- Target memory utilization (percent). Leave unset to disable.
  # targetMemoryUtilizationPercentage: 80

# -- Node selector for pod scheduling
nodeSelector: {}

# -- Tolerations for pod scheduling
tolerations: []

# -- Affinity rules for pod scheduling
affinity: {}

# -- Extra environment variables
extraEnv: []
#  - name: KREUZBERG_CORS_ORIGINS
#    value: "https://app.example.com"
#  - name: KREUZBERG_MAX_UPLOAD_SIZE_MB
#    value: "500"

# -- Kreuzberg-specific configuration
kreuzberg:
  # -- Log level: trace, debug, info, warn, error
  logLevel: "info"
  # -- Tesseract data prefix path (must match the container image)
  tessdataPrefix: "/usr/share/tesseract-ocr/5/tessdata"
  # -- Default OCR language
  ocrLanguage: "eng"

cache:
  # -- Enable persistent cache for embedding models and downloaded assets.
  # Models range from 90 MB to 1.2 GB and are re-downloaded on every pod
  # restart without a PVC.
  enabled: true
  # -- Storage size for the cache PVC
  size: 2Gi
  # -- StorageClass for the cache PVC (empty string uses cluster default)
  storageClass: ""
  # -- Access modes for the cache PVC
  accessModes:
    - ReadWriteOnce
  # -- Run an init container to chown the cache directory to UID 1000.
  # Most block-backed storage classes (EBS, GKE PD, Azure Disk) handle
  # ownership automatically via the pod's fsGroup, so you can set this
  # to false there. Set to true for NFS or other storage that does not
  # honour fsGroup on mount.
  initChown: true

# -- Disable Kubernetes service-discovery environment variable injection.
# Kubernetes injects {SVCNAME}_PORT=tcp://<clusterIP>:<port> for every
# Service in the namespace. When the release is named "kreuzberg" this
# injects KREUZBERG_PORT which the binary parses as a u16 and panics.
# CoreDNS makes these variables unnecessary in all modern clusters.
enableServiceLinks: false

podDisruptionBudget:
  # -- Enable PodDisruptionBudget
  enabled: false
  # -- Minimum available pods during disruption
  minAvailable: 1
Nomad changes 2026-06-01 23:40:55 +02:00			`# -- Number of replicas.`
			`# WARNING: When cache.enabled=true and cache.accessModes=[ReadWriteOnce], only one`
			`# replica can mount the PVC at a time. Keep replicaCount: 1 with RWO storage, or`
			`# switch to ReadWriteMany storage before increasing replicas. With RWO + multiple`
			`# replicas the deployment strategy must be Recreate (not RollingUpdate).`
			`replicaCount: 1`

			`# -- Deployment strategy. When cache is enabled with ReadWriteOnce storage,`
			`# set to Recreate to avoid Multi-Attach errors during rolling updates.`
			`strategy:`
			`type: Recreate`

			`image:`
			`# -- Container image registry`
			`registry: ghcr.io`
			`# -- Container image repository`
			`repository: kreuzberg-dev/kreuzberg`
			`# -- Image tag. Defaults to Chart.AppVersion when empty.`
			`# Use "latest" for the full image (Tesseract + PaddleOCR + layout models)`
			`# or "core" for the minimal image (no pre-downloaded models).`
			`tag: ""`
			`# -- Image pull policy`
			`pullPolicy: IfNotPresent`

			`# -- Image pull secrets for private registries`
			`imagePullSecrets: []`

			`# -- Override the chart name`
			`nameOverride: ""`
			`# -- Override the full release name`
			`fullnameOverride: ""`

			`serviceAccount:`
			`# -- Create a ServiceAccount`
			`create: true`
			`# -- Annotations for the ServiceAccount`
			`annotations: {}`
			`# -- Override the ServiceAccount name (defaults to release fullname)`
			`name: ""`

			`# -- Pod-level annotations`
			`podAnnotations: {}`

			`# -- Pod-level security context`
			`podSecurityContext:`
			`runAsNonRoot: true`
			`runAsUser: 1000`
			`runAsGroup: 1000`
			`fsGroup: 1000`
			`seccompProfile:`
			`type: RuntimeDefault`

			`# -- Container-level security context`
			`securityContext:`
			`allowPrivilegeEscalation: false`
			`readOnlyRootFilesystem: true`
			`capabilities:`
			`drop: ["ALL"]`

			`service:`
			`# -- Service type`
			`type: ClusterIP`
			`# -- Service port`
			`port: 80`

			`ingress:`
			`# -- Enable Ingress`
			`enabled: false`
			`# -- Ingress class name (e.g. "nginx")`
			`className: ""`
			`# -- Ingress annotations`
			`annotations: {}`
			`# -- Ingress hosts`
			`hosts:`
			`- host: kreuzberg.local`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`# -- Ingress TLS configuration`
			`tls: []`
			`# - secretName: kreuzberg-tls`
			`# hosts:`
			`# - kreuzberg.local`

			`# -- Container resource requests and limits`
			`resources:`
			`requests:`
			`memory: "512Mi"`
			`cpu: "500m"`
			`limits:`
			`memory: "2Gi"`
			`cpu: "2000m"`

			`autoscaling:`
			`# -- Enable HorizontalPodAutoscaler`
			`enabled: false`
			`# -- Minimum replicas. Note: if podDisruptionBudget.minAvailable equals this`
			`# value, scale-down will be blocked. Set minReplicas lower than minAvailable`
			`# or raise minAvailable accordingly.`
			`minReplicas: 1`
			`# -- Maximum replicas`
			`maxReplicas: 10`
			`# -- Target CPU utilization (percent)`
			`targetCPUUtilizationPercentage: 80`
			`# -- Target memory utilization (percent). Leave unset to disable.`
			`# targetMemoryUtilizationPercentage: 80`

			`# -- Node selector for pod scheduling`
			`nodeSelector: {}`

			`# -- Tolerations for pod scheduling`
			`tolerations: []`

			`# -- Affinity rules for pod scheduling`
			`affinity: {}`

			`# -- Extra environment variables`
			`extraEnv: []`
			`# - name: KREUZBERG_CORS_ORIGINS`
			`# value: "https://app.example.com"`
			`# - name: KREUZBERG_MAX_UPLOAD_SIZE_MB`
			`# value: "500"`

			`# -- Kreuzberg-specific configuration`
			`kreuzberg:`
			`# -- Log level: trace, debug, info, warn, error`
			`logLevel: "info"`
			`# -- Tesseract data prefix path (must match the container image)`
			`tessdataPrefix: "/usr/share/tesseract-ocr/5/tessdata"`
			`# -- Default OCR language`
			`ocrLanguage: "eng"`

			`cache:`
			`# -- Enable persistent cache for embedding models and downloaded assets.`
			`# Models range from 90 MB to 1.2 GB and are re-downloaded on every pod`
			`# restart without a PVC.`
			`enabled: true`
			`# -- Storage size for the cache PVC`
			`size: 2Gi`
			`# -- StorageClass for the cache PVC (empty string uses cluster default)`
			`storageClass: ""`
			`# -- Access modes for the cache PVC`
			`accessModes:`
			`- ReadWriteOnce`
			`# -- Run an init container to chown the cache directory to UID 1000.`
			`# Most block-backed storage classes (EBS, GKE PD, Azure Disk) handle`
			`# ownership automatically via the pod's fsGroup, so you can set this`
			`# to false there. Set to true for NFS or other storage that does not`
			`# honour fsGroup on mount.`
			`initChown: true`

			`# -- Disable Kubernetes service-discovery environment variable injection.`
			`# Kubernetes injects {SVCNAME}_PORT=tcp://<clusterIP>:<port> for every`
			`# Service in the namespace. When the release is named "kreuzberg" this`
			`# injects KREUZBERG_PORT which the binary parses as a u16 and panics.`
			`# CoreDNS makes these variables unnecessary in all modern clusters.`
			`enableServiceLinks: false`

			`podDisruptionBudget:`
			`# -- Enable PodDisruptionBudget`
			`enabled: false`
			`# -- Minimum available pods during disruption`
			`minAvailable: 1`