164 lines
4.6 KiB
YAML
164 lines
4.6 KiB
YAML
# -- Number of replicas.
|
|
# WARNING: When cache.enabled=true and cache.accessModes=[ReadWriteOnce], only one
|
|
# replica can mount the PVC at a time. Keep replicaCount: 1 with RWO storage, or
|
|
# switch to ReadWriteMany storage before increasing replicas. With RWO + multiple
|
|
# replicas the deployment strategy must be Recreate (not RollingUpdate).
|
|
replicaCount: 1
|
|
|
|
# -- Deployment strategy. When cache is enabled with ReadWriteOnce storage,
|
|
# set to Recreate to avoid Multi-Attach errors during rolling updates.
|
|
strategy:
|
|
type: Recreate
|
|
|
|
image:
|
|
# -- Container image registry
|
|
registry: ghcr.io
|
|
# -- Container image repository
|
|
repository: kreuzberg-dev/kreuzberg
|
|
# -- Image tag. Defaults to Chart.AppVersion when empty.
|
|
# Use "latest" for the full image (Tesseract + PaddleOCR + layout models)
|
|
# or "core" for the minimal image (no pre-downloaded models).
|
|
tag: ""
|
|
# -- Image pull policy
|
|
pullPolicy: IfNotPresent
|
|
|
|
# -- Image pull secrets for private registries
|
|
imagePullSecrets: []
|
|
|
|
# -- Override the chart name
|
|
nameOverride: ""
|
|
# -- Override the full release name
|
|
fullnameOverride: ""
|
|
|
|
serviceAccount:
|
|
# -- Create a ServiceAccount
|
|
create: true
|
|
# -- Annotations for the ServiceAccount
|
|
annotations: {}
|
|
# -- Override the ServiceAccount name (defaults to release fullname)
|
|
name: ""
|
|
|
|
# -- Pod-level annotations
|
|
podAnnotations: {}
|
|
|
|
# -- Pod-level security context
|
|
podSecurityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
|
|
# -- Container-level security context
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
capabilities:
|
|
drop: ["ALL"]
|
|
|
|
service:
|
|
# -- Service type
|
|
type: ClusterIP
|
|
# -- Service port
|
|
port: 80
|
|
|
|
ingress:
|
|
# -- Enable Ingress
|
|
enabled: false
|
|
# -- Ingress class name (e.g. "nginx")
|
|
className: ""
|
|
# -- Ingress annotations
|
|
annotations: {}
|
|
# -- Ingress hosts
|
|
hosts:
|
|
- host: kreuzberg.local
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
# -- Ingress TLS configuration
|
|
tls: []
|
|
# - secretName: kreuzberg-tls
|
|
# hosts:
|
|
# - kreuzberg.local
|
|
|
|
# -- Container resource requests and limits
|
|
resources:
|
|
requests:
|
|
memory: "512Mi"
|
|
cpu: "500m"
|
|
limits:
|
|
memory: "2Gi"
|
|
cpu: "2000m"
|
|
|
|
autoscaling:
|
|
# -- Enable HorizontalPodAutoscaler
|
|
enabled: false
|
|
# -- Minimum replicas. Note: if podDisruptionBudget.minAvailable equals this
|
|
# value, scale-down will be blocked. Set minReplicas lower than minAvailable
|
|
# or raise minAvailable accordingly.
|
|
minReplicas: 1
|
|
# -- Maximum replicas
|
|
maxReplicas: 10
|
|
# -- Target CPU utilization (percent)
|
|
targetCPUUtilizationPercentage: 80
|
|
# -- Target memory utilization (percent). Leave unset to disable.
|
|
# targetMemoryUtilizationPercentage: 80
|
|
|
|
# -- Node selector for pod scheduling
|
|
nodeSelector: {}
|
|
|
|
# -- Tolerations for pod scheduling
|
|
tolerations: []
|
|
|
|
# -- Affinity rules for pod scheduling
|
|
affinity: {}
|
|
|
|
# -- Extra environment variables
|
|
extraEnv: []
|
|
# - name: KREUZBERG_CORS_ORIGINS
|
|
# value: "https://app.example.com"
|
|
# - name: KREUZBERG_MAX_UPLOAD_SIZE_MB
|
|
# value: "500"
|
|
|
|
# -- Kreuzberg-specific configuration
|
|
kreuzberg:
|
|
# -- Log level: trace, debug, info, warn, error
|
|
logLevel: "info"
|
|
# -- Tesseract data prefix path (must match the container image)
|
|
tessdataPrefix: "/usr/share/tesseract-ocr/5/tessdata"
|
|
# -- Default OCR language
|
|
ocrLanguage: "eng"
|
|
|
|
cache:
|
|
# -- Enable persistent cache for embedding models and downloaded assets.
|
|
# Models range from 90 MB to 1.2 GB and are re-downloaded on every pod
|
|
# restart without a PVC.
|
|
enabled: true
|
|
# -- Storage size for the cache PVC
|
|
size: 2Gi
|
|
# -- StorageClass for the cache PVC (empty string uses cluster default)
|
|
storageClass: ""
|
|
# -- Access modes for the cache PVC
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
# -- Run an init container to chown the cache directory to UID 1000.
|
|
# Most block-backed storage classes (EBS, GKE PD, Azure Disk) handle
|
|
# ownership automatically via the pod's fsGroup, so you can set this
|
|
# to false there. Set to true for NFS or other storage that does not
|
|
# honour fsGroup on mount.
|
|
initChown: true
|
|
|
|
# -- Disable Kubernetes service-discovery environment variable injection.
|
|
# Kubernetes injects {SVCNAME}_PORT=tcp://<clusterIP>:<port> for every
|
|
# Service in the namespace. When the release is named "kreuzberg" this
|
|
# injects KREUZBERG_PORT which the binary parses as a u16 and panics.
|
|
# CoreDNS makes these variables unnecessary in all modern clusters.
|
|
enableServiceLinks: false
|
|
|
|
podDisruptionBudget:
|
|
# -- Enable PodDisruptionBudget
|
|
enabled: false
|
|
# -- Minimum available pods during disruption
|
|
minAvailable: 1
|