jprdonnelly/wellsky-poc
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2023-12-10. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
master
wellsky-poc/wedw.yaml
Justin Donnelly 568465a31d * Comparing rendered templates 
* Format editing on templated-djx-test.yaml
2020-11-10 10:51:32 -05:00

14123 lines
433 KiB
YAML
Raw Permalink Blame History

---
# Source: qliksense/charts/collections/templates/token-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-collections-tokenconfig
labels:
app: qliksense-collections
chart: "collections-2.8.55"
release: "qliksense"
heritage: "Tiller"
type: Opaque
data:
token-privateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRCS1BWMHlGQ3JlamE3OVcxa3JRc2xTMFZPV1VVLzRhSDhMbmVDRHpGL29TeXBGZlR0Z0xKNVEKNXNZWVZ4N3Nqd0tnQndZRks0RUVBQ0toWkFOaUFBU0NIYXNRelUxV2pyWFhLcEpqWWNtUnBuTnlYS3RTNWdXRwp4RlFGTUpkSVNVcUtQandUMVhvQXZHN0x4cWtxTDRqNnhUbGowSEdnaWhWMER2VXNkdXkzVFRpMUQrMkZnWmZKCmkxaVlackZLdlZkN1g0bW5qdjg0c1BacDg2SEFnY2s9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
token-kid: MmdNeFFfWG40NUs0UF9VWks4UWNRVDcybDFSOS16d1FHbk5UaUR2eDhWSQ==
---
# Source: qliksense/charts/data-connections/templates/encryption-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-encryptionconfig
type: Opaque
data:
redisEncryptionKey: UmFXR3EqWDM3bUVxTmRqMg==
---
# Source: qliksense/charts/data-connections/templates/keys-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-keysconfig
type: Opaque
data:
jwtPrivateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkREamFrU0o0Umh1dkpRYkFqRkRnTjhBVlhWamQxRWR3S2oxY3puekFzVEtNK1pJZzVhUFMyclYKZVdzRHJuaW44NWlnQndZRks0RUVBQ0toWkFOaUFBUjhJS2xQL0t0TmYrdXJYdmtrbTlHVi9FWjNGS0xPQ0QxUQpyc0paeVpFN21NR2U2MHM1OHhXYnJ6S050YWt5bm16VVVyaGdESldIbVk0V240V0Rld29LRzhDaURmY1UyMGpRCkJwVXR0YWhKa1pGMzcwU0xuVE1oTmFlZk5NNFMvNEE9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
jwksKeyID: SW1qdzY3a2RTY0xOZlBQcmFnR3dsVFNaZjRFX1h2b05DUjNJSzZCRVRHaw==
---
# Source: qliksense/charts/dcaas/templates/redis-secret.yaml
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: qliksense-dcaas-redis-secret
data:
redis-password: ""
redis-addr: cWxpa3NlbnNlLWRjYWFzLXJlZGlzLW1hc3Rlcjo2Mzc5
# usePassword=false
---
# Source: qliksense/charts/elastic-infra/templates/tls-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-elastic-infra-tls-secret
labels:
app: elastic-infra
chart: elastic-infra-3.0.5
release: qliksense
heritage: Tiller
type: kubernetes.io/tls
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURWRENDQWp5Z0F3SUJBZ0lKQUowdHFNVDVEV3BzTUEwR0NTcUdTSWIzRFFFQkN3VUFNRDh4R0RBV0JnTlYKQkFNTUQyVnNZWE4wYVdNdVpYaGhiWEJzWlRFak1DRUdBMVVFQ2d3YVpXeGhjM1JwWXkxbGJHRnpkR2xqTFd4dgpZMkZzTFdObGNuUXdIaGNOTVRnd05qRXhNVFV4TVRBeldoY05Namd3TkRFNU1UVXhNVEF6V2pBL01SZ3dGZ1lEClZRUUREQTlsYkdGemRHbGpMbVY0WVcxd2JHVXhJekFoQmdOVkJBb01HbVZzWVhOMGFXTXRaV3hoYzNScFl5MXMKYjJOaGJDMWpaWEowTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFwUUxJZ1Z4QwpkRjI3UFhzL3M4VFh2VGRVeTVwZFFneG9jWi9MenUxblJXbW1GRUc1Mlo5MmRjS1dJMDljdVg5ZUlZZzE0c21ZCkczSmtjb28vNUt0WUtpNmh5dVBtNlZrdGRyU1dCam1VdGxkbHg3UVRLNkxFVlhFeUU3VDZ6QW1GV3lMZTVJMEIKbDdRQlk2dnVoK3g1dlpkSWd3SzVldzBFZmNJUU1Ra2tiMzVkb00xYm41TEJEVklxUzNmNXUxNTArMTM1RitsWQpOc2lFcWhZaVExZm1PMmkzSzBLOW5TMEl3Nm5vNWp2MkZaNnR5bU9zY2wvaWYzdWQzUzUxOTZNTjJtaFpCRFVaCmlwbThlRVkxNVJOa3VQSXBETzhMYkEwZlFOcUcyYXFGa3JybFcrbEdTaDRYZjZLNmdtZkFRdW15K2xrR3RqVlUKZU5OdGF6NnlMMWNkU3dJREFRQUJvMU13VVRBTEJnTlZIUThFQkFNQ0JMQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQgpCUVVIQXdFd0xRWURWUjBSQkNZd0pJSVBaV3hoYzNScFl5NWxlR0Z0Y0d4bGdoRXFMbVZzWVhOMGFXTXVaWGhoCmJYQnNaVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBVDFnMFhqelNDRDBBTkF5cDFOWURLU3ZZVUdHcGpSaFkKdUJRYnRwcDUrUDNzd2xvdTNvMDVwdDNydlZ3QmxwK2tjalFwTEJpN3AyRFNuNTdFWHM5eHFEQTBHRjlMSHdpUwpzcGZVYlhRazJIa1E3SGpHb01FSEJLVWpOVUJoZjJkWVRuK1BtbHhobllpZitoU2dkeDdIZ1JuMTh0K0hqTC9JClVlUUkxMHYvdExiT1diZkdBZmlGYjQyUHEvVjg1aGJlNW9mU1VObHVsNFZNOGVXNk1SNlB2b1dYYWJYcVB2ajMKSXpVOVk2UVFoN2dqYmNQN2RmWUZCd3FFRnUxOHlpMUdFbzcxK0NtUjFFL2VpK2kzZDdZTHlMTWhUOHZnMVNDUgozeTB1TVZZOHkxVHpIdS9OTEl0NVozYm1rNFJjcUo1MDVsYmtrTHdzSVFYUzJpMUxud25weXc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQ2xBc2lCWEVKMFhiczkKZXorenhOZTlOMVRMbWwxQ0RHaHhuOHZPN1dkRmFhWVVRYm5abjNaMXdwWWpUMXk1ZjE0aGlEWGl5WmdiY21SeQppai9rcTFncUxxSEs0K2JwV1MxMnRKWUdPWlMyVjJYSHRCTXJvc1JWY1RJVHRQck1DWVZiSXQ3a2pRR1h0QUZqCnErNkg3SG05bDBpREFybDdEUVI5d2hBeENTUnZmbDJnelZ1ZmtzRU5VaXBMZC9tN1huVDdYZmtYNlZnMnlJU3EKRmlKRFYrWTdhTGNyUXIyZExRakRxZWptTy9ZVm5xM0tZNnh5WCtKL2U1M2RMblgzb3czYWFGa0VOUm1LbWJ4NApSalhsRTJTNDhpa003d3RzRFI5QTJvYlpxb1dTdXVWYjZVWktIaGQvb3JxQ1o4QkM2Ykw2V1FhMk5WUjQwMjFyClBySXZWeDFMQWdNQkFBRUNnZ0VBZUVPWUNSaEo0dS94cUxTc1VBUldUTFVJRzBDTldiY2JaRHpYMlNBVUZYWVQKc2szWSszQ0tjUGQ2WDQvVy8rZUJucVRjeVVhdWtzcUR4U3RYdC96ZHpCaWltUElUZU4wakVwSTVpWjNyOGgydQpzNmRlRlg2UzQ4Y1ZmV0Y1TEw1L3NGV3c2QmlSSVpUek1rYThHZHJUTzhnSDlGeEcvUlVXd2VWdjBaMWRMZGhiCkY3MXB4SjJiUUYvaWhQTmo5TW53NGt2NkkrcW81NjBDZTd0dW5GODRnOS91MFMzTGlwVFRXc0tsTWNjS0liR1UKWUovNHRkRU5Cd3ErKzU2cXh1bGJEcXA4QnJQNHJVbnFFNUg4MEZwNTFQYkI0V2E4aysybStBVHVmQ3RpZ0FCSAo3Z0ljTnNMRGRuRnhXRjNENlg5OUlqdndFRGZIUGFxSzBDaFFKQTIvcVFLQmdRRFErM3VJTXgrUHRkMkhPTVJmCmY4VFVEN1BudkhXaUo1YTE2YzBwcTNrYzdFei9mZHlwbU1mbXRzMERnUXJsNTBTM0YrYjNOSUFtUVhQZHd3d3AKaFhBUktrZ0F5QXUrRDdlVFVEajBoa0ZzZ1hUeWxyL0FnMGlDOU9tMUhFVFVEbGpzUS94TWFYcSt0R2tBVEhpMwowVy9mOHYzSWRBNW9Fblg1VUdac1htNkU5d0tCZ1FES0lybSt5Z1B3ZndwcWkraW02djkvNzcwRVZDU0NJNjNtCi9teWtmZXVNVVFwcHY2RDBZS25ha21RcXBPRFI5cFRNK01yS01DTi9TdkZVeDdDR0FwbjNUKzRKTjhMb05kVTQKaG0yYmtmY05MbGtPMGtmRHVKOHA2M1ZNeEs1OUthbVNhY2hBU0JLVlpoZEMxK0lpNkUwQ2NrVFAwWFpuU0NJRApaOGFEellzWlRRS0JnRmZLUFdQQzdqQkYyeER5RlBSMVRTODBoWVFGRkhtUkhldS9rdk05V0h5QSsvdWNXUFZaCi9DZjhoUFZDNFZ3aElpbTBQYzk5VzVRMmpNRU5MZS9IWVlPa2VtanhvSlV3THhNUWNVeXZsWTVLZCtGczJKSzcKMDl0SG5XSDZ4U003LzdrSStsVHpQcUFjVTd2UFpDcjhMWDRycXRicGdoL1FHWVVwZEUxMEFnT1RBb0dBSW5ragpwb2M3ZnNPYjJpbjhScU5qYWNWUVBqRy9mRFpyalM2dEJxeTNCRm81NVdrYUlUTnZKR2k5RG96S0R1VDM0YkU0Cm5KenpJTjErSlJCZGFhMTk1ckRLRHVaa3BrZXdFcERTbHFxaE1LMUw0UHc1NHdaVWxzaWlXN0piYzlzc0lWMUwKR3JOdi8rekdZTThDc1NOZkp1Q29IYTFDZlVEUEZEZVpvcGJtZHkwQ2dZQlpZTk01NFlPck12VjBJU3FibmEvQwpPQWMrci8yWU5BQmQvNFRHcFgzVHNpTHlTaG5YS04zbVcveEQxb2RUTkZNRVcwSFAza2c3NDhmMVNLSjNVWkJzCjBHcG80aHo4dlZYYUJDNmxDVkd3dnNwWWJkUDJBOEdQbkFOREpud2pyUEp1Q2xTZC9Hcm9tSVBuSVBtQTErVWkKWVRERFhZVWU2TVhncUUxc2lZU2x0Zz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
---
# Source: qliksense/charts/engine/templates/secret-jwt.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-engine-service-jwt-secret
type: Opaque
data:
jwtPrivateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRDSUg1WEU1L1R3VGh6bkkxenIvcGM4RGdzVUpLa0xrN0x3bHd4YzhPaXhzZnllMUZNdDNRR2oKQmZjcEFlUVh0WldnQndZRks0RUVBQ0toWkFOaUFBU1ErSVJkSWs1RFVWSlc4THQrVWgzV2xsZ2pHakhYUmZJKwphTkJjbU00MW5Zd1JsSHZhZFVHeDVHWnFtRmY0ZzdNdjY3RlI2b3lJdFJEbVB0dDlRT0RtMkJQeUEzYWZ1UE5wCm9QRWM2RExnTzl0dHJZVEhXT2tlY0hZL1pPYnFIMm89Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
---
# Source: qliksense/charts/engine/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-engine-secrets
type: Opaque
data:
jwtPrivateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRDSUg1WEU1L1R3VGh6bkkxenIvcGM4RGdzVUpLa0xrN0x3bHd4YzhPaXhzZnllMUZNdDNRR2oKQmZjcEFlUVh0WldnQndZRks0RUVBQ0toWkFOaUFBU1ErSVJkSWs1RFVWSlc4THQrVWgzV2xsZ2pHakhYUmZJKwphTkJjbU00MW5Zd1JsSHZhZFVHeDVHWnFtRmY0ZzdNdjY3RlI2b3lJdFJEbVB0dDlRT0RtMkJQeUEzYWZ1UE5wCm9QRWM2RExnTzl0dHJZVEhXT2tlY0hZL1pPYnFIMm89Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
redisUserStatePassword: ""
redisUserStateSentinelPassword: ""
---
# Source: qliksense/charts/eventing/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-eventing-secret
type: Opaque
data:
jwtPrivateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRDbHJNY3ZOcTNpSDYrOS9KeDFkSTdmTE9valErM2JqTDJxelBXZWJZclNpRVVBYzVpYSt1WDkKSkIvREk4OHh6NTZnQndZRks0RUVBQ0toWkFOaUFBUndxaGxiZURSb3lyemxTUStCT2RNUW9xaUxEd0VQbTdtUQozNTBuQUszaUVpMFFhOUtjb09WT3IzdC82MTVlK1RBZDBYd0hGSkJOMUtOWDh1c015eWsvOEhreTNLK3o2Z0luCnFkbHYrajQvUVFveEpsUFY4WmQ5Q0h1Uk85UzdrY1U9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
---
# Source: qliksense/charts/generic-links/templates/token-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-generic-links-tokenconfig
labels:
app: qliksense-generic-links
chart: "generic-links-1.1.18"
release: "qliksense"
heritage: "Tiller"
type: Opaque
data:
token-privateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRENnNiOVl2UEppVFpkb2RjTzdLaU5IRCtBd0toNEN4ekg5NGdVUUUyekVLU3FxaGRWbXFiREQKcGFzeWxIZWFOMTJnQndZRks0RUVBQ0toWkFOaUFBUzcyRmtMS0pWTTkyRVFVWUZiREhqS2pNMUFaY01pMDlCdwpRQ0ROaG9BYlMyTzRlcDVUaHNFU0FUN253L0tvRE4xYk1IeVRRNldZUkIwcDZTRjk3bVdibzlHVUpac2o2VCtOCmtEV211elBrNkkxL3NEZzVrTXFWckxRc0FYalgxRUU9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
token-kid: ejRZYUFyUTNDekY5NzQ4YXJIYU5mSmtIalBUQjJuQ29CTGVOLVpiZGxlMA==
---
# Source: qliksense/charts/identity-providers/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-identity-providers
type: Opaque
data:
idpConfigs: W3siY2xhaW1zTWFwcGluZyI6eyJncm91cHMiOlsiZ3JvdXBtZW1iZXJzaGlwcyJdLCJuYW1lIjpbIm5hbWUiLCJwcmVmZXJyZWRfdXNlcm5hbWUiXSwic3ViIjpbInByZWZlcnJlZF91c2VybmFtZSJdfSwiY2xpZW50SWQiOiJicm93bnRvd24iLCJjbGllbnRTZWNyZXQiOiI0ZjQzMGQwOS04MGVjLTRiMWQtODAxZi1jNGQzZGY1ZWZlM2UiLCJkaXNjb3ZlcnlVcmwiOiJodHRwOi8va2V5Y2xvYWsuYnJvd250b3duLmxvY2FsL2F1dGgvcmVhbG1zL2Jyb3dudG93bi8ud2VsbC1rbm93bi9vcGVuaWQtY29uZmlndXJhdGlvbiIsImhvc3RuYW1lIjoicWxpa3NlbnNlLmJyb3dudG93bi5sb2NhbCIsInJlYWxtIjoia2V5Y2xvYWsifV0=
jwtPrivateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkREd0JwbG1oamMxLzU0Nk8vcWxRVGlTNHBQM0lRTVdKSXF1QzVueUR0anVsa0tRN3FLYzJuZ0cKa2lDYXZLQTNmTkdnQndZRks0RUVBQ0toWkFOaUFBUngwNkIxR3lRdmpKQnh4NldTZGs4Z0xPeU9tTjZRR0pSOApITUViaHhFZERleWx3T24relRuSUdTS0lmaDdYTFowRjZzMnZGR3JGZ1NpMGNvMTNNTjJMNnB5Y0RXTWxRdDA5ClAyZFlYbkROYXhqQjRCaEw2VnU2cGJPTUx1NXB2dnc9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
---
# Source: qliksense/charts/messaging/charts/nats/templates/nats-secret.yaml
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: qliksense-nats-secret
data:
client-user: bmF0c0NsaWVudA==
client-password: Y2xpZW50UGFzcw==
---
# Source: qliksense/charts/policy-decisions/templates/token-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-policy-decisions-tokenconfig
labels:
app: qliksense-policy-decisions
chart: "policy-decisions-2.0.0"
release: "qliksense"
heritage: "Tiller"
type: Opaque
data:
token-privateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRDdTdXMUhpWTZVZVZ6Z1hwY3RraVlCWkc3TTFZTmcra2xNaGVXandSaTdiTkRwNkZPZUJ6eWUKdmdkU1RkU1ByNUNnQndZRks0RUVBQ0toWkFOaUFBU0NGVDFXeTZMdzlVK2lDck53QlFYQk94eUZxcklkdDVCeApKSi9wOExROHZMakxGQ2FZQXlsaVlmeXkxMFZnRzBkLzJ6dTdMa3BpaWdKL3NWR0lSV3M0bWNZSk81SzlMVGdECm5ZS3RyRWRiVk5NYnpCWmVSTGlXbHZDOXBqM0NzRnM9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
token-kid: eFhxR2REUWhKV1BSbVd4UVAwVU9OSk1iWXQ4UTRmYUR6QkVOZzlxR1U1TQ==
---
# Source: qliksense/charts/precedents/templates/private-key-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-precedents-secret
type: Opaque
data:
privatekey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRBVmZLWkJNa3NLRW1sSDYzQkdqV0NGMktUOGM2c3ZqZWxPS0JLdGE4K2RIZlB5SEY4a1ZLbmIKWTdEeW9kdU5xYUtnQndZRks0RUVBQ0toWkFOaUFBUUpBVWVSVWdySFdtZExnR3dUa0NEQiszdFdKeGV0MFQwOQpKaDY4R2RHNjRYL2diZ0RYdERTVmx0VVo2Sjk4TDFqN1djNCtSQ3VObHkwOXNqcmNwN0wrcEZRNGxXRFdBNDloCmE5N0UwT01UOUxCYmRIdFlXVHhyN244NHpnNTd3T3M9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
---
# Source: qliksense/charts/qix-data-connection/templates/keys-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-qdc-keysconfig
type: Opaque
data:
jwtPrivateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkREamFrU0o0Umh1dkpRYkFqRkRnTjhBVlhWamQxRWR3S2oxY3puekFzVEtNK1pJZzVhUFMyclYKZVdzRHJuaW44NWlnQndZRks0RUVBQ0toWkFOaUFBUjhJS2xQL0t0TmYrdXJYdmtrbTlHVi9FWjNGS0xPQ0QxUQpyc0paeVpFN21NR2U2MHM1OHhXYnJ6S050YWt5bm16VVVyaGdESldIbVk0V240V0Rld29LRzhDaURmY1UyMGpRCkJwVXR0YWhKa1pGMzcwU0xuVE1oTmFlZk5NNFMvNEE9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
jwksKeyID: SW1qdzY3a2RTY0xOZlBQcmFnR3dsVFNaZjRFX1h2b05DUjNJSzZCRVRHaw==
---
# Source: qliksense/charts/qix-datafiles/templates/token-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-qix-datafiles-tokenconfig
labels:
app: qliksense-qix-datafiles
chart: "qix-datafiles-1.10.42"
release: "qliksense"
heritage: "Tiller"
type: Opaque
data:
token-privateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRBeU5BZHVYbVFZK2hrcmFGTDl6M01ZcVI4WUdqQlJiYnRsZGpNWEp3SlhnWlFDOTBjOHFHV3AKODZrakdZODVtZXVnQndZRks0RUVBQ0toWkFOaUFBUmJYWk5QQmpzTHkyNW1YWDA3U2l1ZFNyckk4anp1OGtEaQpaSVhWZ3FaWUwxZThYZmI1bEdoNnV5MWJXUG9DS3pBQ21HaDdMZjNMYXo3ODBPU3UxNituNWlqTDQ0d0x3NzcxCnY2c1VRbHNGMFVwUC9ISng2bHlKTTlRSWJrZGNPbXM9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
token-kid: enBpWi1rbFM2NWxmY3ExSzAtbzI5U2EwQUFaWVlyNE9OXzFWQ3RBYk1FQQ==
---
# Source: qliksense/charts/qix-sessions/templates/app-secrets.yaml
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: qliksense-qix-sessions-secrets
stringData:
service-key.yaml: |-
privateKey: "-----BEGIN EC PRIVATE KEY-----\nMIGkAgEBBDA5IU6dyQbCte4Y11PzgSlPecfOcfjmzJfd2AfqF+yCm2xaBH4xHWsj\n9ZXTNTSkLF2gBwYFK4EEACKhZANiAASgOvWydpxSdkIRnwwvhCFxOtr1g6P40uol\nMo4ehS5n2i8H+JKs0fJCPGx5O1oveU0HHaddG6XvneY9bLNBClcr6f8r10/uAzMt\nUxb25OawDx+0u1QUDa5unXfGSlvzxtQ=\n-----END EC PRIVATE KEY-----\n"
kid: "Wybd2-X3hcBpqDIjd3NwZahTsjpP1BqegTYVhx_KN1o"
authURL: "http://qliksense-edge-auth:8080/v1/internal-tokens"
algorithm: "ES384"
issuer: "qlik.api.internal/qix-sessions"
subject: "qix-sessions"
---
# Source: qliksense/charts/reload-tasks/templates/private-key-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-reload-tasks-privatekey
type: Opaque
data:
privatekey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRBbURpcjR6SzdpLzVEcWsrYUFJSEVZdStPRUI4dWRUSTJRR2VTd1VyNGZvSVk2dkVMT1JDZU8KNDN6TEd2ekxRZmFnQndZRks0RUVBQ0toWkFOaUFBUnA2R1l5ZWcramtvaGg0RkZURThNU2ZHRTB2MUVJd2FFQgp2SHlMTzFJMUlDbVBJOVJxbGNuQ1BWdDlDMXpUWkNUMDk5MVR0V0kva0I3UHF6Q1ZuS0E4Z2FHL1ZUUHdnTGJvCjhxRXMzUXZHbGk3SUhGM3J2azIxVmVtMkxCbFZtbjA9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
---
# Source: qliksense/charts/reloads/templates/private-key-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-reloads-privatekey
type: Opaque
data:
privatekey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRBY3VGcFRMRk82TWJ2aUdUSnVCam1GR1Vka3JOdkxTV3RTY3BvV1QwdnYvcG5tejUvQ2w3TGUKNEN3b3JDNWpTalNnQndZRks0RUVBQ0toWkFOaUFBUzF4NXdaaHVTMHJOalpRQUlVZkl6ZFh5SnEwK3pFeVR0TgpUNi9LK3lvRkNwYlhmSHhCZkV6bWhZZWhSUFo5OENlK3VzUnl3eHVHcFVhM01lQis3bFFBc3VTNnNtdUIyR2NSClVCdUozeWVLK0VMU1E0eU9Oc3djY0gwNnhxOUFtd0U9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
---
# Source: qliksense/charts/resource-library/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-resource-library-secret
type: Opaque
data:
jwtPrivateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkREU09JT3VHNno1RFdUSytDUVc2K05JYlBGTU8wd0N3Nk94Zi91M1lIdkFSekp6djlPLzMyTUkKRVJjMzQvQVlNL2lnQndZRks0RUVBQ0toWkFOaUFBUkdOVm1DaEJwUjhCWEVTSWp4VWExdXpQcW1IcmovOWQxMApDU1B5bHJxTTJZM0RrNk9mSDlOVUx1MGNneFQxaGdsR3ZuSm9KSVBCQ2k0WGlhVUFMeUdxSTZLdUZoWTEyaThtClVYTTZmWDBEMnhUV3VkWk9WVTR5VUhOVTJzdWFOMFU9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
---
# Source: qliksense/charts/sharing/templates/token-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-sharing-tokenconfig
type: Opaque
data:
privateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRBQkpwLytpd0R1KzhlV3JTRlVHS0JBUDhlS1VSSEVVZVZ1OGhXTnhCRzNadDliWWRQVG1vT0EKN3JXMGdMQ3paa2VnQndZRks0RUVBQ0toWkFOaUFBUXpJVytmcWx5d25hdDB4KzQxWndyZUZ0d3UvZ0dEMnJUTwozdGR6SnFsL3ZOUGh2UWIyNmJwdFg2WkV5bGMycU92WXhlTFJGcU94Qk5qWlBWV1k0OFg2NW1wQ3pxOHdKU2NKCmxFalROZ3A3d1A0TjVVeDJyK1V4MVNXQW1RSkNjMms9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
kid: bnQ3dnJJenB6bkxtMXdHUlM3VTdURl80cDRHRW01T0VGbW11VkpLeTdMYw==
---
# Source: qliksense/charts/spaces/templates/token-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-spaces-tokenconfig
labels:
app: qliksense-spaces
chart: "spaces-2.8.32"
release: "qliksense"
heritage: "Tiller"
type: Opaque
data:
token-privateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRCQW1kUG90VlU0cUxXMUNPTTNSVFpjMFVnNzlDUFNZZjRRMjZvbGF6aHduYUVaL2xLcnJCRVoKbWY2QWdadFNnYW1nQndZRks0RUVBQ0toWkFOaUFBUjZudWwyNWg2WnhGVldwWXA3NzVYdWI2UnB6QWdvTFh3RApiSzRGVnNGQVl0UW9KTUVBN2JkOUhwQVovOVRuTDdDWDJmMUNVWGwrQ3JKK1R3OXlTazhxci9OZThaTXcyRCs2CmczV3dINHBpQStPdlNOQ3dkMUU3OG1ERnNZUWo5dW89Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
token-kid: ajNNYkJ0T2lFaWIzdExjVmJ2c2N3ZWhWM0swV0FaVkZCcDN5c2ZzZGtzZw==
---
# Source: qliksense/charts/subscriptions/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-subscriptions-secret
type: Opaque
data:
jwtPrivateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRCcG9WblJieGNPSndWQWtSSzh5MDk5cFBFMHhpRzRjdXZ2d0svNDhIZWZSZXN0M05RUTg3SU8KTHFPTXhqS3JXTDZnQndZRks0RUVBQ0toWkFOaUFBVFcvSU9NUzRjY3o0RytqNmc3aGtwM3AxRkxrMXJNY3o2cAp5WC9aUFZRYTBDWHBzZ0ZRUDFyb3d3eDhqRWJYSTZIb3RNOFNXOGpjTWdYVWFhUHJHVmtRdDFwOXpPclo1bWdJCmJVMjYyV3c3RmZNYmlCRlZVMkhDaUVPdUVaczZQUUk9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
---
# Source: qliksense/charts/web-notifications/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-web-notifications-secret
type: Opaque
data:
jwtPrivateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRBd1RRa1FOelVrWmNhTEY0SVpWZzlwUFdVYU1STnVpeWNsVHkzU2RNdTFXSHVibWVqajdyZ1IKVHczaFZYa1ZZVjZnQndZRks0RUVBQ0toWkFOaUFBUXB0U01LUmwycUVyUWdSWDk4alRnQjVVYXpVQnI4NTc5agpwK2luZ1llQlprSkFoalNYZjdTVkJOaHp2K2RSTElkK2R6UHVROHBZdDJGSHZxNnVNZ1dQWnlhV2IzVHUzZkxCCjhqeHJDc3hXa0pmeWhYa3RJTjh2cjM4bWpIdEE5YWc9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
---
# Source: qliksense/charts/web-security/templates/token-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-web-security-tokenconfig
labels:
app: qliksense-web-security
chart: "web-security-1.4.18"
release: "qliksense"
heritage: "Tiller"
type: Opaque
data:
token-privateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRDOVE2akIyZ28vdlZUU05DMUZnbU5rMnVKUnNoQnpjQ2xFQVNOSHV2ajk0MXVRVEx0VFltV0cKdUt5aUZSZEVISzJnQndZRks0RUVBQ0toWkFOaUFBVHBTOHRBZDhaV0tqWmZrd1RBczA2M1VHZTJtK1BVQ1dNdQprdENmZkdsYWkwdEUrRDcwbEZJV2RyUThqbVN6YnQ3NXVBMVIvZmZuUmRoV1JXcTNzOUhNdzZZQ0krd3FlOTg4Ck10TUdKOHlEQlp3U1JMKzk3dGt3VmQ4QUVhNkMyalk9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
token-kid: eVNHLVZDNGhpWW05Sm0wMEpONFRFcm9xX0Nla2pyZXFab1JnU2lOalNxVQ==
---
# Source: qliksense/templates/mongo-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-mongoconfig
type: Opaque
data:
mongodb-uri: bW9uZ29kYjovL3FzZWZlOnFzZWZlQG1vbmdvZGItaGVhZGxlc3MubW9uZ29kYi5zdmMuY2x1c3Rlci5sb2NhbC9xc2VmZT9yZXBsaWNhU2V0PXJzMCZzc2w9ZmFsc2U=
---
# Source: qliksense/templates/qliksense-secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: qliksense-secrets
type: Opaque
data:
mongodbUri: bW9uZ29kYjovL3FzZWZlOnFzZWZlQG1vbmdvZGItaGVhZGxlc3MubW9uZ29kYi5zdmMuY2x1c3Rlci5sb2NhbC9xc2VmZT9yZXBsaWNhU2V0PXJzMCZzc2w9ZmFsc2U=
redisUri: cWxpa3NlbnNlLXJlZGlzLW1hc3Rlcjo2Mzc5
# usePassword=false
redisPassword: ""
---
# Source: qliksense/templates/redis-secret.yaml
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: qliksense-redis-secret
data:
redis-addr: cWxpa3NlbnNlLXJlZGlzLW1hc3Rlcjo2Mzc5
# usePassword=false
redis-password: ""
---
# Source: qliksense/charts/api-keys/templates/manifest.yaml
apiVersion: v1
data:
ingressAuthUrl: http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth
jwksEndpoint: http://qliksense-keys:8080/v1/keys/qlik.api.internal
keysUri: http://qliksense-keys:8080/v1
logLevel: verbose
natsStreamingClusterId: qliksense-nats-streaming-cluster
natsUri: nats://qliksense-nats-client:4222
redisUri: qliksense-redis-master:6379
tokenAuthUri: http://qliksense-edge-auth:8080/v1
usersUri: http://qliksense-users:8080/v1
kind: ConfigMap
metadata:
labels:
app: api-keys
chart: api-keys-3.0.2
heritage: Tiller
release: qliksense
name: qliksense-api-keys-configs
namespace: qliksense
---
apiVersion: v1
data:
mongodbUri: bW9uZ29kYjovL3FsaWtzZW5zZS1tb25nb2RiOjI3MDE3L3FsaWtzZW5zZT9zc2w9ZmFsc2U=
tokenAuthPrivateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRCQWdNNjN2dVMxVE1CZW00QUZuN3NDaTgreVJGVDFvZ3ZOWjloMjIrTVI2Nld0ZmJsWjFMZ24KV0dKWVp5djI0cGVnQndZRks0RUVBQ0toWkFOaUFBUWpxU1dZL2ZRZVhoQXNRbDBPOTdsNU9JNi9JZ1FKZEw1WgpCOFdWd3lyNllXb2p6WkxxazQ3bnZyamVUblNYbG90eXl5R2NxcmRHa29ZeG9PNEUwc21PSWJkYXBmSUFxRmcvCmcvZ2w4UWxIeklPb3E2NDBicjNGcURhZVhNcDByZ1k9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
tokenAuthPrivateKeyId: R1I0Qk95VWlXa0RwUjFTR3JxdU95bWl1S1NNZHJZRTR1dURCSWtZbmp5bw==
kind: Secret
metadata:
labels:
app: api-keys
chart: api-keys-3.0.2
heritage: Tiller
release: qliksense
name: qliksense-api-keys-secrets
namespace: qliksense
type: Opaque
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/auth-url: http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/(.*) /$1 break;
more_clear_input_headers "X-Forwarded-Host" "X-Forwarded-For" "X-Forwarded-Proto" "X-Original-URI" "X-Original-URL";
nginx.ingress.kubernetes.io/enable-cors: "true"
labels:
app: api-keys
chart: api-keys-3.0.2
heritage: Tiller
release: qliksense
name: qliksense-api-keys
namespace: qliksense
spec:
rules:
- http:
paths:
- backend:
serviceName: qliksense-api-keys
servicePort: 8080
path: /api/v1/api-keys
---
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: api-keys
chart: api-keys-3.0.2
heritage: Tiller
release: qliksense
name: qliksense-api-keys
namespace: qliksense
spec:
ports:
- name: api-keys
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: api-keys
release: qliksense
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: api-keys
chart: api-keys-3.0.2
heritage: Tiller
release: qliksense
name: qliksense-api-keys
namespace: qliksense
spec:
replicas: 1
selector:
matchLabels:
app: api-keys
release: qliksense
template:
metadata:
annotations:
checksum/configs: 4b5ef44035878dd79308542db32a9315d284bc839699970c1c160b7068cc5427
checksum/secrets: a64ccf52d679f092ee5f89cd317cb5b73180ea586956a2ec66c28963e96ebae5
labels:
app: api-keys
qliksense-nats-client: "true"
release: qliksense
spec:
containers:
- env:
- name: NATS_CLIENT_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MONGODB_URI_FILE
value: /run/secrets/qlik.com/qliksense/mongodbUri
- name: TOKEN_AUTH_PRIVATE_KEY_FILE
value: /run/secrets/qlik.com/qliksense-api-keys/tokenAuthPrivateKey
- name: TOKEN_AUTH_PRIVATE_KEY_ID_FILE
value: /run/secrets/qlik.com/qliksense-api-keys/tokenAuthPrivateKeyId
- name: INGRESS_AUTH_URL
valueFrom:
configMapKeyRef:
key: ingressAuthUrl
name: qliksense-api-keys-configs
- name: JWKS_ENDPOINT
valueFrom:
configMapKeyRef:
key: jwksEndpoint
name: qliksense-api-keys-configs
- name: KEYS_URI
valueFrom:
configMapKeyRef:
key: keysUri
name: qliksense-api-keys-configs
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
key: logLevel
name: qliksense-api-keys-configs
- name: NATS_STREAMING_CLUSTER_ID
valueFrom:
configMapKeyRef:
key: natsStreamingClusterId
name: qliksense-api-keys-configs
- name: NATS_URI
valueFrom:
configMapKeyRef:
key: natsUri
name: qliksense-api-keys-configs
- name: REDIS_URI
valueFrom:
configMapKeyRef:
key: redisUri
name: qliksense-api-keys-configs
- name: TOKEN_AUTH_URI
valueFrom:
configMapKeyRef:
key: tokenAuthUri
name: qliksense-api-keys-configs
- name: USERS_URI
valueFrom:
configMapKeyRef:
key: usersUri
name: qliksense-api-keys-configs
- name: ENVIRONMENT
value: qliksense
- name: NATS_ENABLED
value: "true"
- name: REGION
value: example
image: ghcr.io/qlik-download/api-keys:2.1.1
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /live
port: http
name: api-keys
ports:
- containerPort: 8080
name: http
protocol: TCP
readinessProbe:
httpGet:
path: /ready
port: http
resources:
volumeMounts:
- mountPath: /run/secrets/qlik.com/qliksense-api-keys
name: qliksense-api-keys-secrets
readOnly: true
- mountPath: /run/secrets/qlik.com/qliksense
name: qliksense-secrets
readOnly: true
dnsConfig:
options:
- name: timeout
value: "1"
imagePullSecrets:
- name: artifactory-docker-secret
volumes:
- name: qliksense-api-keys-secrets
secret:
secretName: qliksense-api-keys-secrets
- name: qliksense-secrets
secret:
secretName: qliksense-secrets
---
# Source: qliksense/charts/audit/templates/manifest.yaml
apiVersion: v1
data:
featureFlagsUri: http://qliksense-feature-flags:8080
ingressAuthUrl: http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth
keysUri: http://qliksense-keys:8080/v1/keys/qlik.api.internal
logLevel: info
natsStreamingClusterId: qliksense-nats-streaming-cluster
natsUri: nats://qliksense-nats-client:4222
pdsUri: http://qliksense-policy-decisions:5080
storageBucket: audit
storageEndpoint: qliksense-minio:9000
storageRegion: us-east-1
tokenAuthUri: http://qliksense-edge-auth:8080/v1/internal-tokens
kind: ConfigMap
metadata:
labels:
app: audit
chart: audit-3.3.5
heritage: Tiller
release: qliksense
name: qliksense-audit-configs
namespace: qliksense
---
apiVersion: v1
data:
mongodbUri: bW9uZ29kYjovL3FsaWtzZW5zZS1tb25nb2RiOjI3MDE3L3FsaWtzZW5zZT9zc2w9ZmFsc2U=
tokenAuthPrivateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRBSWpUZm5mRG9hOUNlRUlybFhKcFp3YytMZTFIYmg3THdvb1FoOVlicGRCdzVuSVFPUkdBSTAKRXNHRWlVUERpTXFnQndZRks0RUVBQ0toWkFOaUFBVHMzSkxKRUwxeTdwVVE2dTFlT2hKM001QlZSUFpSUTRkdQpvdVJzUk0vd2tBYitPbE1Bc3lGWkN1RWd0REYxNEcvMlJZNGdlcFVrQVJCRkNnRU8wRTNXYXJTRUhRTVMyNnBOCmZrUkhIRVVBYU92VDZ2UDQrQnFnUW1oKzBNYlN0S0k9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
tokenAuthPrivateKeyId: VjV1RUkyeDJzWWpJcTBFeno3Tmxxb0V4UzFZNGR2d2hkdDNpYWtmbHhHWQ==
kind: Secret
metadata:
labels:
app: audit
chart: audit-3.3.5
heritage: Tiller
release: qliksense
name: qliksense-audit-secrets
namespace: qliksense
type: Opaque
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/auth-url: http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/v1/(.*) /v1/$1 break;
nginx.ingress.kubernetes.io/enable-cors: "true"
labels:
app: audit
chart: audit-3.3.5
heritage: Tiller
release: qliksense
name: qliksense-audit
namespace: qliksense
spec:
rules:
- http:
paths:
- backend:
serviceName: qliksense-audit
servicePort: 6080
path: /api/v1/audits
---
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/port: "6080"
prometheus.io/scrape: "true"
labels:
app: audit
chart: audit-3.3.5
heritage: Tiller
release: qliksense
name: qliksense-audit
namespace: qliksense
spec:
ports:
- name: audit
port: 6080
protocol: TCP
targetPort: 6080
selector:
app: audit
release: qliksense
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: audit
chart: audit-3.3.5
heritage: Tiller
release: qliksense
name: qliksense-audit
namespace: qliksense
spec:
replicas: 1
selector:
matchLabels:
app: audit
release: qliksense
template:
metadata:
annotations:
checksum/configs: c40215166911475c6cd4e318a508b9fd656733d225217362f91d6175a549e9d3
checksum/secrets: ee942b126f6a0dc65be985b91c8ef18501f3955576d78181e2d6b616d5779919
labels:
app: audit
qliksense-nats-client: "true"
release: qliksense
spec:
containers:
- env:
- name: NATS_CLIENT_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MONGODB_URI_FILE
value: /run/secrets/qlik.com/qliksense/mongodbUri
- name: TOKEN_AUTH_PRIVATE_KEY_FILE
value: /run/secrets/qlik.com/qliksense-audit/tokenAuthPrivateKey
- name: TOKEN_AUTH_PRIVATE_KEY_ID_FILE
value: /run/secrets/qlik.com/qliksense-audit/tokenAuthPrivateKeyId
- name: FEATURE_FLAGS_URI
valueFrom:
configMapKeyRef:
key: featureFlagsUri
name: qliksense-audit-configs
- name: INGRESS_AUTH_URL
valueFrom:
configMapKeyRef:
key: ingressAuthUrl
name: qliksense-audit-configs
- name: KEYS_URI
valueFrom:
configMapKeyRef:
key: keysUri
name: qliksense-audit-configs
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
key: logLevel
name: qliksense-audit-configs
- name: NATS_STREAMING_CLUSTER_ID
valueFrom:
configMapKeyRef:
key: natsStreamingClusterId
name: qliksense-audit-configs
- name: NATS_URI
valueFrom:
configMapKeyRef:
key: natsUri
name: qliksense-audit-configs
- name: PDS_URI
valueFrom:
configMapKeyRef:
key: pdsUri
name: qliksense-audit-configs
- name: STORAGE_BUCKET
valueFrom:
configMapKeyRef:
key: storageBucket
name: qliksense-audit-configs
- name: STORAGE_ENDPOINT
valueFrom:
configMapKeyRef:
key: storageEndpoint
name: qliksense-audit-configs
- name: STORAGE_REGION
valueFrom:
configMapKeyRef:
key: storageRegion
name: qliksense-audit-configs
- name: TOKEN_AUTH_URI
valueFrom:
configMapKeyRef:
key: tokenAuthUri
name: qliksense-audit-configs
- name: NATS_CHANNELS
value: system-events.engine.app,system-events.user-session,system-events.spaces,system-events.licenses,system-events.generic-links,system-events.api-keys,system-events.web-security,system-events.user-identity,system-events.tenants
image: ghcr.io/qlik-download/audit:1.16.2
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /health
port: 6080
name: audit
ports:
- containerPort: 6080
readinessProbe:
httpGet:
path: /ready
port: 6080
resources:
limits:
requests:
volumeMounts:
- mountPath: /run/secrets/qlik.com/qliksense-audit
name: qliksense-audit-secrets
readOnly: true
- mountPath: /run/secrets/qlik.com/qliksense
name: qliksense-secrets
readOnly: true
imagePullSecrets:
- name: artifactory-docker-secret
volumes:
- name: qliksense-audit-secrets
secret:
secretName: qliksense-audit-secrets
- name: qliksense-secrets
secret:
secretName: qliksense-secrets
---
---
---
---
---
---
# Source: qliksense/charts/dcaas/charts/dcaas-redis/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: qliksense-dcaas-redis
labels:
app: dcaas-redis
chart: dcaas-redis-10.5.6
heritage: Tiller
release: qliksense
data:
redis.conf: |-
# User-supplied configuration:
# Enable AOF https://redis.io/topics/persistence#append-only-file
appendonly yes
# Disable RDB persistence, AOF persistence already enabled.
save ""
master.conf: |-
dir /data
rename-command FLUSHDB ""
rename-command FLUSHALL ""
replica.conf: |-
dir /data
slave-read-only yes
rename-command FLUSHDB ""
rename-command FLUSHALL ""
---
# Source: qliksense/charts/dcaas/charts/dcaas-redis/templates/health-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: qliksense-dcaas-redis-health
labels:
app: dcaas-redis
chart: dcaas-redis-10.5.6
heritage: Tiller
release: qliksense
data:
ping_readiness_local.sh: |-
response=$(
timeout -s 9 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
ping_liveness_local.sh: |-
response=$(
timeout -s 9 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
ping
)
if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
echo "$response"
exit 1
fi
ping_readiness_master.sh: |-
response=$(
timeout -s 9 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
ping_liveness_master.sh: |-
response=$(
timeout -s 9 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
ping
)
if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
echo "$response"
exit 1
fi
ping_readiness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_readiness_local.sh" $1 || exit_status=$?
"$script_dir/ping_readiness_master.sh" $1 || exit_status=$?
exit $exit_status
ping_liveness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_liveness_local.sh" $1 || exit_status=$?
"$script_dir/ping_liveness_master.sh" $1 || exit_status=$?
exit $exit_status
---
# Source: qliksense/charts/edge-auth/templates/manifest.yaml
apiVersion: v1
data:
apiKeysUri: http://qliksense-api-keys.qlik.svc.cluster.local:8080
featureFlagsUri: http://qliksense-feature-flags.qlik.svc.cluster.local:8080
groupsUri: http://qliksense-groups.qlik.svc.cluster.local:8080
identityProvidersExtUri: http://qliksense-identity-providers-ext.qlik.svc.cluster.local:8080
identityProvidersUri: http://qliksense-identity-providers.qlik.svc.cluster.local:8080
ingressAuthUrl: http://qliksense-edge-auth.qlik.svc.cluster.local:8080/v1/auth
keysUri: http://qliksense-keys.qlik.svc.cluster.local:8080
logLevel: verbose
natsStreamingClusterId: qliksense-nats-streaming-cluster
natsUri: nats://qliksense-nats-client:4222
redirects: https://elastic.example/login/callback
redisUri: redis://qliksense-redis-master:6379
tenantsUri: http://qliksense-tenants.qlik.svc.cluster.local:8080
usersUri: http://qliksense-users.qlik.svc.cluster.local:8080
kind: ConfigMap
metadata:
labels:
app: edge-auth
chart: edge-auth-6.2.3
heritage: Tiller
release: qliksense
name: qliksense-edge-auth-configs
namespace: qliksense
---
apiVersion: v1
data:
cookiesKeys: WyJVaUw2WWVQRWNVTWsyTXFpR2sxQnVHc3FNV2ZvSHorYjFTdVgxM2xLdXZVPSJd
loginStateKey: ckxrOWRNa3cxbm1jblJQbWErMENROHY2UEJaQVB4UWFlZW5vUVBKYzRQST0=
mongodbUri: bW9uZ29kYjovL3FsaWtzZW5zZS1tb25nb2RiOjI3MDE3L3FsaWtzZW5zZT9zc2w9ZmFsc2U=
tokenAuthPrivateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkREYVNlSzNXTE9wT0c5Tnh2b2NaNUVvdC9WbzduNlE1amtrZXNzdzNXd3h3M2I3eFNDNWRXTVYKWHV0YkVXQmhaOHlnQndZRks0RUVBQ0toWkFOaUFBUnFCL25nRVpYTkRYS2lncndtOWhWNEpjSFU2RnFicmhDOQpWN2ZlaXVxUHd1dkdVUzZ0bWZKOFYxUW9yVkQ3U0ZmK3hOV0NTR2w0Q0p6aHFjN2FsOTJnRk9DZDFFbUNiY1piCjluejBWU05LRWpubDl5Q2NUM1RoZHI3NXdSUFo2em89Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
kind: Secret
metadata:
labels:
app: edge-auth
chart: edge-auth-6.2.3
heritage: Tiller
release: qliksense
name: qliksense-edge-auth-secrets
namespace: qliksense
type: Opaque
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/configuration-snippet: |
set $host_and_uri $http_host$request_uri;
if ( $host_and_uri ~* "^.{2049,}$" ) { return 414; }
more_clear_input_headers "X-Forwarded-Host" "X-Forwarded-For" "X-Forwarded-Proto" "X-Original-URI" "X-Original-URL";
more_set_headers 'Access-Control-Allow-Origin: $http_origin';
nginx.ingress.kubernetes.io/enable-cors: "true"
labels:
app: edge-auth
chart: edge-auth-6.2.3
heritage: Tiller
release: qliksense
name: qliksense-edge-auth
namespace: qliksense
spec:
rules:
- http:
paths:
- backend:
serviceName: qliksense-edge-auth
servicePort: 8080
path: /login
- backend:
serviceName: qliksense-edge-auth
servicePort: 8080
path: /logout
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/auth-url: http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth
nginx.ingress.kubernetes.io/configuration-snippet: |
set $host_and_uri $http_host$request_uri;
if ( $host_and_uri ~* "^.{2049,}$" ) { return 414; }
rewrite (?i)/api/(.*) /$1 break;
more_clear_input_headers "X-Forwarded-Host" "X-Forwarded-For" "X-Forwarded-Proto" "X-Original-URI" "X-Original-URL";
nginx.ingress.kubernetes.io/enable-cors: "true"
labels:
app: edge-auth
chart: edge-auth-6.2.3
heritage: Tiller
release: qliksense
name: qliksense-edge-auth-api
namespace: qliksense
spec:
rules:
- http:
paths:
- backend:
serviceName: qliksense-edge-auth
servicePort: 8080
path: /api/v1/diagnose-claims
- backend:
serviceName: qliksense-edge-auth
servicePort: 8080
path: /api/v1/csrf-token
---
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
prometheus.io/scrape_high_cardinality: "true"
labels:
app: edge-auth
chart: edge-auth-6.2.3
heritage: Tiller
release: qliksense
name: qliksense-edge-auth
namespace: qliksense
spec:
ports:
- name: qliksense-edge-auth
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: edge-auth
release: qliksense
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: edge-auth
chart: edge-auth-6.2.3
heritage: Tiller
release: qliksense
name: qliksense-edge-auth
namespace: qliksense
spec:
replicas: 1
selector:
matchLabels:
app: edge-auth
release: qliksense
template:
metadata:
annotations:
checksum/configs: d3b38f549193b011377d7495d26ddac8fd240210c08f879b92fa0860b9d80534
checksum/secrets: 97a42ed5c0cb8da417e0ef194ab061e40e66f69a2f95be52b72987e541f2805c
labels:
app: edge-auth
qliksense-nats-client: "true"
release: qliksense
spec:
containers:
- env:
- name: NATS_CLIENT_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: COOKIES_KEYS_FILE
value: /run/secrets/qlik.com/qliksense-edge-auth/cookiesKeys
- name: LOGIN_STATE_KEY_FILE
value: /run/secrets/qlik.com/qliksense-edge-auth/loginStateKey
- name: MONGODB_URI_FILE
value: /run/secrets/qlik.com/qliksense/mongodbUri
- name: TOKEN_AUTH_PRIVATE_KEY_FILE
value: /run/secrets/qlik.com/qliksense-edge-auth/tokenAuthPrivateKey
- name: API_KEYS_URI
valueFrom:
configMapKeyRef:
key: apiKeysUri
name: qliksense-edge-auth-configs
- name: FEATURE_FLAGS_URI
valueFrom:
configMapKeyRef:
key: featureFlagsUri
name: qliksense-edge-auth-configs
- name: GROUPS_URI
valueFrom:
configMapKeyRef:
key: groupsUri
name: qliksense-edge-auth-configs
- name: IDENTITY_PROVIDERS_EXT_URI
valueFrom:
configMapKeyRef:
key: identityProvidersExtUri
name: qliksense-edge-auth-configs
- name: IDENTITY_PROVIDERS_URI
valueFrom:
configMapKeyRef:
key: identityProvidersUri
name: qliksense-edge-auth-configs
- name: INGRESS_AUTH_URL
valueFrom:
configMapKeyRef:
key: ingressAuthUrl
name: qliksense-edge-auth-configs
- name: KEYS_URI
valueFrom:
configMapKeyRef:
key: keysUri
name: qliksense-edge-auth-configs
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
key: logLevel
name: qliksense-edge-auth-configs
- name: NATS_STREAMING_CLUSTER_ID
valueFrom:
configMapKeyRef:
key: natsStreamingClusterId
name: qliksense-edge-auth-configs
- name: NATS_URI
valueFrom:
configMapKeyRef:
key: natsUri
name: qliksense-edge-auth-configs
- name: REDIS_URI
valueFrom:
configMapKeyRef:
key: redisUri
name: qliksense-edge-auth-configs
- name: TENANTS_URI
valueFrom:
configMapKeyRef:
key: tenantsUri
name: qliksense-edge-auth-configs
- name: USERS_URI
valueFrom:
configMapKeyRef:
key: usersUri
name: qliksense-edge-auth-configs
- name: CACHE_MAX_AGE
value: "7.2e+06"
- name: CACHE_MAX_SIZE
value: "250"
- name: CACHE_REDIS_ENABLED
value: "false"
- name: ENFORCE_TLS
value: "true"
- name: ENVIRONMENT
value: qliksense
- name: NATS_ENABLED
value: "true"
- name: REGION
value: example
- name: SECURE_COOKIES
value: "true"
- name: SESSION_MAX_LIFETIME
value: "86400"
- name: SESSION_TTL
value: "1800"
- name: STATE_LIFETIME
value: 7d
image: ghcr.io/qlik-download/edge-auth:4.0.8
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /live
port: http
name: edge-auth
ports:
- containerPort: 8080
name: http
protocol: TCP
readinessProbe:
httpGet:
path: /ready
port: http
resources: {}
volumeMounts:
- mountPath: /run/secrets/qlik.com/qliksense-edge-auth
name: qliksense-edge-auth-secrets
readOnly: true
- mountPath: /run/secrets/qlik.com/qliksense
name: qliksense-secrets
readOnly: true
dnsConfig:
options:
- name: timeout
value: "1"
hostAliases:
- hostnames:
- elastic.example
ip: 127.0.0.1
imagePullSecrets:
- name: artifactory-docker-secret
volumes:
- name: qliksense-edge-auth-secrets
secret:
secretName: qliksense-edge-auth-secrets
- name: qliksense-secrets
secret:
secretName: qliksense-secrets
---
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
labels:
app: edge-auth
chart: edge-auth-6.2.3
heritage: Tiller
release: qliksense
name: qliksense-edge-auth
namespace: qliksense
spec:
maxReplicas: 1
minReplicas: 1
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: qliksense-edge-auth
---
---
---
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/controller-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: nginx-ingress
chart: nginx-ingress-1.36.2
component: "controller"
heritage: Tiller
release: qliksense
name: qliksense-nginx-ingress-controller
data:
enable-opentracing: "true"
http-snippet: |
# set some custom opentracing tags
opentracing_tag http.user_agent $http_user_agent;
opentracing_tag http.proto $server_protocol;
opentracing_tag nginx.request_id $request_id;
jaeger-collector-host: $JAEGER_AGENT_HOST
jaeger-service-name: elastic-infra-nginx-ingress
proxy-add-original-uri-header: "true"
ssl-redirect: "true"
#proxy-real-ip-cidr: "172.22.0.0/16"
#use-proxy-protocol: "false"
#use-forwarded-headers: "true"
worker-shutdown-timeout: 300s
---
# Source: qliksense/charts/engine/charts/redis-user-state/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: qliksense-redis-user-state
labels:
app: redis-user-state
chart: redis-user-state-10.5.6
heritage: Tiller
release: qliksense
data:
redis.conf: |-
# User-supplied configuration:
appendonly no
save ""
master.conf: |-
dir /data
rename-command FLUSHDB ""
rename-command FLUSHALL ""
replica.conf: |-
dir /data
slave-read-only yes
rename-command FLUSHDB ""
rename-command FLUSHALL ""
sentinel.conf: |-
dir "/tmp"
bind 0.0.0.0
port 26379
sentinel monitor engine-redis-user-state qliksense-redis-user-state-master-0.qliksense-redis-user-state-headless.qliksense.svc.cluster.local 6379 2
sentinel down-after-milliseconds engine-redis-user-state 5000
sentinel failover-timeout engine-redis-user-state 10000
sentinel parallel-syncs engine-redis-user-state 1
---
# Source: qliksense/charts/engine/charts/redis-user-state/templates/health-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: qliksense-redis-user-state-health
labels:
app: redis-user-state
chart: redis-user-state-10.5.6
heritage: Tiller
release: qliksense
data:
ping_readiness_local.sh: |-
response=$(
timeout -s 9 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
ping_liveness_local.sh: |-
response=$(
timeout -s 9 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
ping
)
if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
echo "$response"
exit 1
fi
ping_sentinel.sh: |-
response=$(
timeout -s 9 $1 \
redis-cli \
-h localhost \
-p $REDIS_SENTINEL_PORT \
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
parse_sentinels.awk: |-
/ip/ {FOUND_IP=1}
/port/ {FOUND_PORT=1}
/runid/ {FOUND_RUNID=1}
!/ip|port|runid/ {
if (FOUND_IP==1) {
IP=$1; FOUND_IP=0;
}
else if (FOUND_PORT==1) {
PORT=$1;
FOUND_PORT=0;
} else if (FOUND_RUNID==1) {
printf "\nsentinel known-sentinel engine-redis-user-state %s %s %s", IP, PORT, $0; FOUND_RUNID=0;
}
}
ping_readiness_master.sh: |-
response=$(
timeout -s 9 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
ping_liveness_master.sh: |-
response=$(
timeout -s 9 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
ping
)
if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
echo "$response"
exit 1
fi
ping_readiness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_readiness_local.sh" $1 || exit_status=$?
"$script_dir/ping_readiness_master.sh" $1 || exit_status=$?
exit $exit_status
ping_liveness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_liveness_local.sh" $1 || exit_status=$?
"$script_dir/ping_liveness_master.sh" $1 || exit_status=$?
exit $exit_status
---
# Source: qliksense/charts/engine/templates/rules-cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: qliksense-engine-rules-cm
data:
rules.yaml: |
- allow: |
# If app or QV app has originAppId and user is publisher in a managed space user can republish
resource.IsAppOrQvApp() and resource.UserIsPublisherInManagedSpace() and resource.originAppId == app.id and resource._actions={"republish"}
# Professional user can create an app in a personal space or in a shared space where the user is an editor.
resource.IsApp() and user.IsProfessional() and resource.IsOwnedInPersonalOrSharedSpace() and resource._actions={"create"}
# A user can delete app or QlikView app if the user is the owner in a personal space or in a shared space where the user is producer. A tenant admin can always delete an app
resource.IsAppOrQvApp() and (resource.IsOwnedInPersonalSpace() or resource.UserIsEditorInSharedSpace() or resource.UserIsFacilitatorInManagedSpace()) and !resource.IsPublished() and resource._actions={"delete"}
# A professional user can copy an app or QV app if he is copying it to a personal space or a shared space where the user is producer. Read access on the src file is implicit
resource.IsAppOrQvApp() and user.IsProfessional() and resource.IsOwnedInPersonalOrSharedSpace() and !resource.IsPublished() and resource._actions={"duplicate"}
# A professional user can import an app if the user is importing to a personal space or to a shared space where the user is producer.
resource.IsApp() and user.IsProfessional() and resource.IsOwnedInPersonalOrSharedSpace() and resource._actions={"import"}
# The app can be opened in a personal space by the owner.
resource.IsApp() and resource.IsOwnedInPersonalSpace() and resource._actions={"read"}
# A tenant admin can open all apps.
resource.IsApp() and user.IsTenantAdmin() and resource._actions={"read"}
# A tenant admin can delete all apps and QlikView apps.
resource.IsAppOrQvApp() and user.IsTenantAdmin() and resource._actions={"delete"}
# A tenant admin can change the owner and export personal apps or QlikView apps.
resource.IsAppOrQvApp() and user.IsTenantAdmin() and resource.MissingOrEmptyProp(spaceId) and !resource.IsPublished() and resource._actions={"change_owner","export"}
# A tenant admin can change the owner on apps and QlikView apps in a shared space
resource.IsAppOrQvApp() and user.IsTenantAdmin() and resource.IsShared() and resource._actions={"change_owner"}
# A tenant admin can change space on a published app or QlikView app in a managed space
resource.IsAppOrQvApp() and user.IsTenantAdmin() and resource.IsPublished() and resource.IsManaged() and resource._actions={"change_space"}
# A tenant admin can change space on distributed and private apps and QlikView apps.
resource.IsAppOrQvApp() and user.IsTenantAdmin() and resource.MissingOrEmptyProp(spaceId) and resource._actions={"change_space"}
# A tenant admin can change space on apps and QlikView apps in non existing space.
resource.IsAppOrQvApp() and user.IsTenantAdmin() and resource.IsInNonExistingSpace() and resource._actions={"change_space"}
# A user can open apps that the user has access to in a shared space
resource.IsApp() and resource.UserIsSharedSpaceMember() and resource._actions={"read"}
# A user can open apps that the user has access to in a managed space
resource.IsApp() and (resource.UserIsViewerInManagedSpace() or resource.UserIsFacilitatorInManagedSpace()) and resource._actions={"read"}
# Professional user that owns the app can edit scripts and reload the app if it's a personal space.
resource.IsApp() and user.IsProfessional() and resource.IsOwnedInPersonalSpace() and !resource.IsPublished() and resource._actions={"reload"}
# Professional user can edit scripts and reload the app if the user is an editor in the shared space
resource.IsApp() and user.IsProfessional() and resource.UserIsEditorInSharedSpace() and !resource.IsPublished() and resource._actions={"reload"}
# Professional user can reload the app if the user is facilitator in a managed space
resource.IsApp() and user.IsProfessional() and resource.UserIsFacilitatorInManagedSpace() and !resource.IsPublished() and resource._actions={"reload"}
# Professional user can update app attributes on app or QV app if the user is facilitator in a managed space
resource.IsAppOrQvApp() and user.IsProfessional() and resource.UserIsFacilitatorInManagedSpace() and !resource.IsPublished() and resource._actions={"update"}
# A user can update app attributes on apps and QV apps in a shared space as producer.
resource.IsAppOrQvApp() and resource.UserIsEditorInSharedSpace() and !resource.IsPublished() and resource._actions={"update"}
# A user can update app attributes on personal apps and QV apps.
resource.IsAppOrQvApp() and resource.IsOwnedInPersonalSpace() and !resource.IsPublished() and resource._actions={"update"}
# A facilitator can change the owner of an app and a QlikView app in a shared space.
resource.IsAppOrQvApp() and resource.UserIsFacilitator() and resource._actions={"change_owner"}
# A user can change the space on personal apps and QlikView apps or as editor of shared apps.
resource.IsAppOrQvApp() and resource.IsOwnedInPersonalOrSharedSpace() and resource.MissingOrEmptyProp(originAppId) and !resource.IsPublished() and resource._actions={"change_space"}
# A user can change the space as facilitator in managed apps and QlikView apps.
resource.IsAppOrQvApp() and resource.UserIsFacilitatorInManagedSpace() and !resource.MissingOrEmptyProp(originAppId) and !resource.IsPublished() and resource._actions={"change_space"}
# A publisher can publish an app or a QlikView app to a managed space.
resource.IsAppOrQvApp() and resource.UserIsPublisherInManagedSpace() and resource._actions={"publish"}
# Impersonator from the ODAG service can change owner. This rule will be removed when odag does not need to impersonate
resource.IsApp() and user.act.sub == "odag" and resource._actions={"read","change_owner"}
# A user can export apps that the user owns or in a shared space as producer. Only user visable (objects and data) will be exported
resource.IsApp() and !resource.HasSectionAccess() and resource.HasPrivilege("read") and resource.IsOwnedInPersonalOrSharedSpace() and !resource.IsPublished() and resource._actions={"export"}
# Professional user can import an appobject if the user is importing to a personal space or to a shared space where the user is a producer.
resource.IsAppObject() and user.IsProfessional() and resource.app.IsOwnedInPersonalOrSharedSpace() and resource._actions={"import"}
# In apps that the user has read access to, the user can read all published objects and his personal objects and all master items.
resource.IsAppObject() and resource.app.HasPrivilege("read") and ((resource.IsOwnedByMe() or resource.IsPublished() or resource.IsMasterObject() or resource.IsPublicObject()) and !resource.IsScriptObject()) and resource._actions={"read"}
# A professional user can read the script in owned personal apps or as editor in a shared space, or as facilitator in managed space.
resource.IsAppObject() and user.IsProfessional() and (resource.app.IsOwnedInPersonalOrSharedSpace() or resource.app.UserIsFacilitatorInManagedSpace()) and resource.IsScriptObject() and resource._actions={"read"}
# A professional user can update the script in owned personal apps or owned apps in a shared space.
resource.IsAppObject() and user.IsProfessional() and (resource.app.IsOwnedInPersonalSpace() or (resource.app.UserIsEditorInSharedSpace() and resource.IsOwnedByMe())) and resource.IsScriptObject() and resource._actions={"update"}
# A professional user can create any object in an unpublished app that is in a personal space or in a shared space as producer
resource.IsAppObject() and user.IsProfessional() and resource.app.HasPrivilege("read") and !resource.app.IsPublished() and resource.app.IsOwnedInPersonalOrSharedSpace() and resource.IsOwnedByMe() and resource._actions={"create"}
# In apps that a user has read access to, a professional user can update, delete master objects and other public objects.
resource.IsAppObject() and user.IsProfessional() and resource.app.HasPrivilege("read") and (resource.IsMasterObject() or resource.IsPublicObject()) and resource.app.IsOwnedInPersonalOrSharedSpace() and resource._actions={"update","delete"}
# In apps that a user has update access to, the user can update app properties.
resource.IsAppObject() and resource.app.HasPrivilege("update") and resource._objecttype == "appprops" and resource._actions={"update"}
# A professional user can update and delete any unpublished object in an unpublished app that the user owns or in a shared space as producer.
resource.IsAppObject() and user.IsProfessional() and resource.app.HasPrivilege("read") and resource.app.IsOwnedInPersonalOrSharedSpace() and !resource.IsPublished() and resource.IsOwnedByMe() and resource._actions={"update","delete"}
# A professional user can publish objects in an unpublished app that the user owns or in a shared space as producer.
resource.IsAppObject() and user.IsProfessional() and resource.app.HasPrivilege("read") and !resource.app.IsPublished() and resource.app.IsOwnedInPersonalOrSharedSpace() and !resource.IsScriptObject() and resource._actions={"publish"}
# A user can create a story object (stories, bookmarks and snapshot) in a shared space where the user is a consumer.
resource.IsAppObject() and resource.app.HasPrivilege("read") and resource.app.UserIsSharedSpaceMember() and resource.IsStoryObject() and !resource.IsPublished() and resource._actions={"create"}
# A user can update and delete an owned personal story object (stories, bookmarks and snapshot) in a shared space where the user is a consumer.
resource.IsAppObject() and resource.app.HasPrivilege("read") and resource.app.UserIsSharedSpaceMember() and resource.IsStoryObject() and !resource.IsPublished() and resource.IsOwnedByMe() and resource._actions={"update","delete"}
# A user can duplicate objects if the user has duplicate access on the app
resource.IsAppObject() and resource.app.HasPrivilege("duplicate") and resource.app.IsOwnedInPersonalOrSharedSpace() and resource._actions={"duplicate"}
# Analyser users can create app objects of type stories, snapshot and bookmarks in managed apps
resource.IsAppObject() and resource.app.UserIsViewerInManagedSpace() and resource.app.HasPrivilege("read") and resource.IsStoryObject() and !resource.IsPublished() and resource._actions={"create"}
# Analyser users can update, duplicate and delete owned, unpublished app objects of type stories, snapshot and bookmarks in managed apps
resource.IsAppObject() and resource.app.UserIsViewerInManagedSpace() and resource.app.HasPrivilege("read") and resource.IsStoryObject() and !resource.IsPublished() and resource.IsOwnedByMe() and resource._actions={"update","duplicate","delete"}
# Professional users can create app objects of type sheets, stories, snapshot and bookmarks in managed apps
resource.IsAppObject() and user.IsProfessional() and resource.app.UserIsContributorInManagedSpace() and resource.app.HasPrivilege("read") and resource.IsContentObject() and resource._actions={"create"}
# Professional users can update and delete owned, unpublished app objects of type sheets, stories, snapshot and bookmarks in managed apps that allows self service
resource.IsAppObject() and user.IsProfessional() and resource.app.UserIsContributorInManagedSpace() and resource.app.HasPrivilege("read") and resource.IsContentObject() and !resource.IsPublished() and resource.IsOwnedByMe() and resource._actions={"update","delete"}
# Professional users can publish and unpublish app objects of type sheets, stories, snapshot and bookmarks in managed apps
resource.IsAppObject() and user.IsProfessional() and resource.app.UserIsContributorInManagedSpace() and resource.app.HasPrivilege("read") and resource.IsContentObject() and resource.IsOwnedByMe() and !resource.IsApproved() and resource._actions={"publish"}
# Analyzer users can publish and unpublish app objects of type stories, snapshot and bookmarks in managed apps
resource.IsAppObject() and user.IsAnalyzer() and resource.app.UserIsContributorInManagedSpace() and resource.app.HasPrivilege("read") and resource.IsStoryObject() and resource.IsOwnedByMe() and !resource.IsApproved() and resource._actions={"publish"}
# External services can read, import, create, update, and delete apps.
resource.IsAppOrAppObject() and user.IsExternal() and resource._actions={"read","import","create","update","delete"}
# A professional user shall be able to upload a QlikView app
resource.IsQvApp() and user.IsQvEnabled() and user.IsProfessional() and resource.IsOwnedInPersonalSpace() and resource._actions={"import"}
# External services shall have full access to QlikView apps
resource.IsQvApp() and user.IsExternal() and resource._actions={"read","import","create","update","delete"}
# The QlikView app can be opened in a personal space by the owner.
resource.IsQvApp() and user.IsQvEnabled() and resource.IsOwnedInPersonalSpace() and resource._actions={"read"}
# A tenant admin can open all QlikView apps
resource.IsQvApp() and user.IsQvEnabled() and user.IsTenantAdmin() and resource._actions={"read"}
# A user can open QlikView apps that the user has access to in a managed space
resource.IsQvApp() and user.IsQvEnabled() and (resource.UserIsViewerInManagedSpace() or resource.UserIsFacilitatorInManagedSpace()) and resource._actions={"read"}
# A user can read QlikView personal apps
resource.IsQvApp() and user.IsQvEnabled() and resource.IsOwnedInPersonalSpace() and resource._actions={"read"}
# A shared space member user can open QlikView apps in a shared space
resource.IsQvApp() and user.IsQvEnabled() and resource.UserIsSharedSpaceMember() and resource._actions={"read"}
# A shared space editor professional user can import QlikView apps to a shared space
resource.IsQvApp() and user.IsQvEnabled() and user.IsProfessional() and resource.UserIsEditorInSharedSpace() and resource._actions={"import"}
# If you have access to the QlikView app you can read all objects
resource.IsQvAppObject() and resource.app.HasPrivilege("read") and !resource.IsScriptObject() and resource._actions={"read"}
# On global API:s we allow read to everyone
resource._resourcetype="node" and resource._actions={"read"}
# On global API:s with reload access professional users should have access
resource._resourcetype="node" and user.IsProfessional() and resource._actions={"reload"}
deny: ""
func: |
# User is a professional user.
IsProfessional() (self._provision.accesstype == "professional")
# User is an analyzer user.
IsAnalyzer() (self._provision.accesstype == "analyzer")
# User is a service user (external).
IsExternal() (self.subType == "externalClient")
# User is a tenant administrator.
IsTenantAdmin() (self.roles =="TenantAdmin")
# Checks parent app privileges. Privileges on parent must currently be computed in a first pass.
app.HasPrivilege(x) (self.app._privileges == x)
# Checks if a privilege exists on a resource.
HasPrivilege(x) (self._actions.Matched () = x)
# Resource is published.
IsPublished() (self.published == "true")
# App has Section Access.
HasSectionAccess() (self.hassectionaccess == "true")
# Helper macro for detecting if a property is missing or empty string.
MissingOrEmptyProp(prop) (self.prop.empty() or self.prop == "")
# In managed space
IsManaged() (self.spaceId == space.id and space.type == "managed")
# In shared space
IsShared() (self.spaceId == space.id and space.type == "shared")
# Resource is approved.
IsApproved() (self.approved = "true")
# Resource is owned by user.
IsOwnedByMe() (user.subType == "user" and self.ownerId == user.userId)
# Is app object a master item.
IsMasterObject() (self._objecttype = { "masterobject", "dimension", "measure" })
# Is app object a story item.
IsStoryObject() (self._objecttype = { "story", "snapshot", "bookmark" })
# Is app object a content item (sheet, story, snapshot, bookmark).
IsContentObject() (self._objecttype = {"sheet", "story", "snapshot", "bookmark"})
# Public objects created outside of sheets
IsPublicObject() (self._objecttype = { "appprops", "colormap", "odagapplink", "loadmodel", "dynamicappview", "businessmodel"})
# Is it the script object.
IsScriptObject() (self._objecttype = "app_appscript")
# Is user an editor in the space this resource belongs to. Producers are the roles produce or facilitator (space owner is automatically a facilitator)
UserIsEditorInSharedSpace() (self.spaceId == space.id and space.type == "shared" and (space.roles == {"producer", "facilitator"} or user.userId == space.ownerId))
# Is is a consumer in a shared space
UserIsConsumerInSharedSpace() (self.spaceId == space.id and space.type == "shared" and space.roles == {"consumer"})
# Is user the owner of this personal space.
IsOwnedInPersonalSpace() (self.IsOwnedByMe() and self.MissingOrEmptyProp(spaceId))
# Is user member of a shared space that the resource belongs to.
UserIsSharedSpaceMember() (self.spaceId == space.id and space.type == "shared" and (space.roles == {"consumer", "producer", "facilitator"} or user.userId == space.ownerId))
# User can publish to a managed space if he has the role publisher or he is the owner of the space.
UserIsPublisherInManagedSpace() (self.spaceId == space.id and space.type == "managed" and (space.roles == {"publisher"} or user.userId == space.ownerId))
# Is user member of a managed space that the resource belongs to.
UserIsViewerInManagedSpace() (self.spaceId == space.id and space.type == "managed" and (space.roles == {"consumer", "contributor", "facilitator"} or user.userId == space.ownerId))
# Is user member of a managed space that the resource belongs to.
UserIsFacilitatorInManagedSpace() (self.spaceId == space.id and space.type == "managed" and (space.roles == {"facilitator"} or user.userId == space.ownerId))
# Is user member of a managed space that the resource belongs to.
UserIsContributorInManagedSpace() (self.spaceId == space.id and space.type == "managed" and (space.roles == {"contributor", "facilitator"} or user.userId == space.ownerId))
# Is user a facilitator on the space this resource belongs to.
UserIsFacilitator() (self.spaceId == space.id and space.type == {"shared", "managed"} and (space.roles == {"facilitator"} or user.userId == space.ownerId))
# Is owned in personal space or editor in shared space.
IsOwnedInPersonalOrSharedSpace() (self.IsOwnedInPersonalSpace() or self.UserIsEditorInSharedSpace())
# Is in a non existing space.
IsInNonExistingSpace() (!self.MissingOrEmptyProp(spaceId) and !(self.spaceId == space.id))
# Is app.
IsApp() (self._resourcetype=={"app"})
# Is app or QlikView app.
IsAppOrQvApp() (self._resourcetype=={"app", "qvapp"})
# Is app object.
IsAppObject() (self._resourcetype=={"app.object"})
# Is app or app object.
IsAppOrAppObject() (self._resourcetype=={"app", "app.object"})
# Is QlikView enabled.
IsQvEnabled() (self._provision.qvEnabled == "true")
# Is a QlikView app.
IsQvApp() (self._resourcetype=={"qvapp"})
# Is a QlikView app object.
IsQvAppObject() (self._resourcetype=={"qvapp.object"})
# Is datafile.
IsDataFile() (self._resourcetype=={"datafile"})
# Is nfs connection.
IsNfsConnection() (self._resourcetype=={"nfsConnection"})
# Is GenericLink.
IsGenericLink() (self._resourcetype=={"genericlink"})
# Is SharingService.
IsSharingService() (self._resourcetype=={"sharingservice"})
# Is SharingServiceTask.
IsSharingServiceTask() (self._resourcetype=={"sharingservicetask"})
# Is InsightLink.
IsInsightLink() (self._resourcetype=={"insightlink"})
# Is SharingServiceAlertingTask.
IsSharingServiceAlertingTask() (self._resourcetype=={"sharingservicealertingtask"})
---
# Source: qliksense/charts/feature-flags/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: qliksense-feature-flags-configmap
data:
featuresConfig:
"{\"globalFeatures\":{\"ACCUMULATIONS\":true,\"ACCUMULATION_OTHERS\":true,\"ACTION_BUTTON\":true,\"AGNOSTIC_KPI\":true,\"ALLOW_OPEN_HUB_IN_SAME_TAB\":true,\"AOSHARE\":true,\"AOSHARE_FROM_SPACE\":true,\"AUDIT_API_ENABLED\":true,\"AUDIT_SUBSCRIPTION_ENABLED\":true,\"AYLIEN_NewsConnector\":true,\"AYLIEN_SentimentConnector\":true,\"AmazonS3Connector\":true,\"AzureStorageConnector\":true,\"BARCHART\":true,\"BC_STYLE_EDITOR\":true,\"BC_XAXIS_MODE\":true,\"BULLET_CHART\":true,\"BUSINESS_MODEL\":true,\"BitlyConnectorV2\":true,\"CAO\":true,\"CAO_CHANGE_CHART_TYPE\":true,\"CAO_CREATE_LIBITEMS_SETEXPR\":true,\"CAO_DATA_VALUES\":true,\"CAO_ENABLE_PUBLISHED\":true,\"CAO_FIRST_TIME\":true,\"CAO_LIKED_ANALYSIS\":true,\"CAO_TWEAK\":true,\"CE_PRECEDENTS\":true,\"CHART_KPI_FONT_SIZE_LAYOUTS\":true,\"CLASSIFY_ON_DEMAND\":true,\"CLIENT_DATACONNECTIONS\":true,\"CLIENT_METRICS\":true,\"CLIENT_NET_EVENTS\":true,\"CLIENT_REST_TIMEOUT\":true,\"CLIENT_WS_RECONNECT\":true,\"CLOUD_EXTENSIONS\":true,\"CLOUD_SHARING_SERVICE\":true,\"CLOUD_THEMES\":true,\"CONNECTOR_DCAAS\":true,\"CONTAINER_OBJECT\":true,\"COPY_FILTERPANE_VALUE\":true,\"CRE_ALLOW_EXTENSIONS\":true,\"CUSTOM_TOOLTIP_BASIC\":true,\"CUSTOM_TOOLTIP_PHASE2\":true,\"CUSTOM_TOOLTIP_REMOVE_LIMITS\":true,\"DASHBOARD_EXT_BUNDLE\":true,\"DATAFILES_SPACES_ENABLED\":true,\"DATAPREP_REST\":true,\"DIFFERENCE\":true,\"DISABLE_ONPREM_THEMES\":true,\"DMV_SEARCH\":true,\"DM_join_tables\":true,\"DOWNLOAD_DATA_OBJECT\":true,\"DOWNLOAD_OBJECT\":true,\"DOWNLOAD_SHEET\":true,\"DOWNLOAD_STORY\":true,\"DOWNLOAD_USE_REPORTING\":true,\"DROP_ZONES\":true,\"DUPLICATE\":true,\"DYNAMIC_VIEWS\":true,\"DropboxConnector\":true,\"ELASTIC_DND\":true,\"EMAIL_IDENTITY_MAPPING\":true,\"ENGINE_PERSIST_USER_STATE\":true,\"EVENTING_NOTIFICATIONS\":true,\"EXPORT_DATA_ENABLED\":true,\"EXPORT_IMAGE_ENABLED\":true,\"FacebookFanPagesConnector\":true,\"FacebookInsightsConnector\":true,\"File_AmazonS3Connector\":true,\"File_AzureStorageConnector\":true,\"File_DropboxConnector\":true,\"File_GoogleDriveConnector\":true,\"GEO_BACKGROUND_IMAGE\":true,\"GEO_BACKGROUND_WMS\":true,\"GEO_DISABLE_SELECTION\":true,\"GEO_EXCL_AUTOZOOM\":true,\"GEO_EXPLORATION_MENU\":true,\"GEO_MYLOC\":true,\"GEO_NUM_FORMAT\":true,\"GEO_OPERATIONS_GEOCODING\":true,\"GEO_OPERATIONS_SERVICE\":true,\"GEO_POINT_SYMBOLS\":true,\"GEO_SIZE_LEGEND\":true,\"GRACEFUL_WS_IDLE\":true,\"GitHubConnector\":true,\"GoogleAdSenseConnector\":true,\"GoogleAdWordsConnector\":true,\"GoogleAnalyticsConnector\":true,\"GoogleCalendarConnector\":true,\"GoogleDriveConnector\":true,\"GoogleSearchConsoleConnector\":true,\"HIDE_ABOUT_BUTTON\":true,\"HIDE_IDP\":true,\"HIDE_INVITE_USER\":true,\"HUB_API_KEYS\":true,\"HUB_BJ\":true,\"HUB_BJ2\":true,\"HUB_CONN_MGMT\":true,\"HUB_DATA_FILES\":true,\"HUB_EXPORT_APP\":true,\"HUB_FILTER_BY_TAG\":true,\"HUB_FTE_30\":true,\"HUB_GENERIC_LINKS\":true,\"HUB_GROUPS\":true,\"HUB_HIDE_SHARE\":true,\"HUB_HOME\":true,\"HUB_MANAGED_SPACES\":true,\"HUB_NOTIFICATIONS\":true,\"HUB_OPEN_WITH_PLUGIN\":true,\"HUB_QV\":true,\"HUB_SCHEDULE_RELOAD\":true,\"HUB_SHARE_APP\":true,\"HUB_SPACES\":true,\"HUB_SPACE_DETAILS\":true,\"HUB_TUS\":true,\"HUB_WEBSOCKETS\":true,\"IFRAME_CONNECTOR_QWC\":true,\"INSIGHTS_CARD_TWEAKS\":true,\"INSIGHT_LIGHT_EDITING\":true,\"JIRAConnector\":true,\"LANDING_PAGE\":true,\"LINECHART\":true,\"LISTBOX_ALIGN\":true,\"MANAGEMENT_CONSOLE_API_KEYS_ENABLED\":true,\"MANAGEMENT_CONSOLE_CSP_ENABLED\":true,\"MANAGEMENT_CONSOLE_INVITE_USERS_ENABLED\":true,\"MANAGEMENT_CONSOLE_METRICS_ENABLED\":false,\"MANAGEMENT_CONSOLE_TENANT_RENAME\":true,\"MANAGEMENT_CONSOLE_TRIAL_COUNTDOWN_ENABLED\":true,\"MEKKO\":true,\"MLREST\":true,\"MOBILE_GRID\":true,\"MOVING_AVERAGE\":true,\"MSCRMConnectorV2\":true,\"MailChimpConnectorV2\":true,\"MailboxIMAPConnector\":true,\"NLU_INSIGHTS\":true,\"NLU_INSIGHTS_VOICE_QUERY\":true,\"NORMALIZATION\":true,\"NUM_FMT_CBM_S1\":true,\"ODAG_CLIENT_SAAS\":true,\"ODAG_SAAS_ENABLED\":true,\"ODAG_SHARED_SPACES\":true,\"ODAG_SIMPLIFICATION\":true,\"Office365Connector\":true,\"Outlook365Connector\":true,\"PC_STYLE_EDITOR\":true,\"PIVOT_ALIGN\":true,\"PIVOT_BY_Y\":true,\"PIVOT_CUSTOM_STYLES\":true,\"PP_ADD_MASTER\":true,\"PS_7141_CHARTSHARING\":true,\"PS_7343_Export_Import_of_app_links\":true,\"PS_7587_MC_APP_GOVERNANCE_ENABLED\":true,\"PUBLISH_BOOKMARKS_IN_PUBLIC_APPS\":true,\"QSD_AUTHENTICATION\":true,\"QUOTA_MANAGEMENT_APP_SIZE\":true,\"QUOTA_MANAGEMENT_SPACES\":true,\"QualtricsConnector\":true,\"REBRAND2018\":true,\"REMOTE_CONFIG_ENABLED\":true,\"RESUMABLE_UPLOAD\":true,\"SEARCH_HYPERLINKS\":true,\"SELECTION_INSIGHTS\":true,\"SELECTION_INSIGHTS_V2\":true,\"SHARED_SPACES_API_ENABLED\":true,\"SHARE_BUTTON_EXTENSION\":true,\"SHEET_HINT_2020\":true,\"SHEET_TRIGGER\":true,\"SHOW_ALL_SPACE_CONNECTIONS\":true,\"SINGLE_CONFIG\":true,\"SMTPConnector\":true,\"SlackConnector\":true,\"StravaConnector\":true,\"SugarCRMConnector\":true,\"SurveyMonkeyConnector\":true,\"TABLE_FREEZE_TOUCH\":true,\"TABLE_HOVER_ROW\":true,\"TABLE_INDICATORS\":true,\"TABLE_MINI_CHART\":true,\"TABLE_SCROLLBAR_SIZE\":true,\"TABLE_SEARCH_SORTING\":true,\"TABLE_STYLES\":true,\"THEME_CARDS\":true,\"THEME_FONT_FAMILY\":true,\"TRENDLINES\":true,\"TRENDLINES_LINECHART\":true,\"TextAnalyser_MeaningCloudConnector\":true,\"TextAnalyser_RepustateConnector\":true,\"TextAnalyser_Sentiment140Connector\":true,\"TextAnalyser_WatsonConnector\":true,\"TwitterConnector\":true,\"USER_API_KEYS\":true,\"USE_DC_DATACONNECTIONS\":true,\"USE_LOCALE_SERVICE\":true,\"USE_PIVOT_STATE\":true,\"VIZBUN_QCS_31\":true,\"VIZBUN_QCS_ORG_CHART\":true,\"VIZBUN_QCS_SMARTPIVOT\":true,\"VIZBUN_QCS_TRELLIS\":true,\"VIZBUN_QCS_VARIANCE_WATERFALL\":true,\"VIZ_EXT_BUNDLE\":true,\"WEBSOCKET_KEEP_ALIVE\":true,\"YouTubeAnalyticsConnector\":true,\"YouTubeConnector\":true,\"analyzerEnabled\":true,\"apache-hive\":true,\"apache-phoenix\":true,\"apache-spark\":true,\"azure_sql\":true,\"content_security_policy\":true,\"createAndReloadEnabled\":true,\"drill\":true,\"enableAliasLogin\":true,\"gbq\":true,\"impala\":true,\"mongo\":true,\"mssql\":true,\"mysql\":true,\"oracle\":true,\"postgres\":true,\"presto\":true,\"qix-datafiles\":true,\"redshift\":true,\"rest\":true,\"sap-sql\":true,\"sfdc\":true,\"snowflake\":true,\"teradata\":true},\"tenantFeatures\":{},\"userFeatures\":{}}"
---
# Source: qliksense/charts/groups/templates/manifest.yaml
apiVersion: v1
data:
ingressAuthUrl: http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth
keysUri: http://qliksense-keys:8080/v1/keys/qlik.api.internal
logLevel: verbose
redisUri: qliksense-redis-master:6379
tokenAuthUri: http://qliksense-edge-auth:8080/v1
kind: ConfigMap
metadata:
labels:
app: groups
chart: groups-3.0.2
heritage: Tiller
release: qliksense
name: qliksense-groups-configs
namespace: qliksense
---
apiVersion: v1
data:
mongodbUri: bW9uZ29kYjovL3FsaWtzZW5zZS1tb25nb2RiOjI3MDE3L3FsaWtzZW5zZT9zc2w9ZmFsc2U=
tokenAuthPrivateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkREcFNOdmV4KzdUUEZkR1RnMnlNRnQrckFHUnkrM3R1TU40dWdqMExGWjhCZEtNUGtVRFNZUUUKbmVmdDdNanR0cVdnQndZRks0RUVBQ0toWkFOaUFBVGdyblpkaXRUUVlyNmxpNzVtMlFOVDdrL1g2T3k2aTlGcgp4b0tyQjM4bDBWdmdTbGtSNmtKTmRhRFZXejh6WkpXMENnUTAwVGYyNEpVbkgzL0JaazN4aWdPQVNpdkozeWx1Ckd3K1IvcTVKZ1N3eWVjQTRMd3B5MDJpd0dUb0p0OGc9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
tokenAuthPrivateKeyId: LXpxMmoyRFVwNkZpc0RESVRSanl0RkNOajdpZUl5U3VUaEhJel9UdGhSMA==
kind: Secret
metadata:
labels:
app: groups
chart: groups-3.0.2
heritage: Tiller
release: qliksense
name: qliksense-groups-secrets
namespace: qliksense
type: Opaque
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/auth-url: http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/(.*) /$1 break;
more_clear_input_headers "X-Forwarded-Host" "X-Forwarded-For" "X-Forwarded-Proto" "X-Original-URI" "X-Original-URL";
nginx.ingress.kubernetes.io/enable-cors: "true"
labels:
app: groups
chart: groups-3.0.2
heritage: Tiller
release: qliksense
name: qliksense-groups
namespace: qliksense
spec:
rules:
- http:
paths:
- backend:
serviceName: qliksense-groups
servicePort: 8080
path: /api/v1/qlik-groups
- backend:
serviceName: qliksense-groups
servicePort: 8080
path: /api/v1/idp-groups
---
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: groups
chart: groups-3.0.2
heritage: Tiller
release: qliksense
name: qliksense-groups
namespace: qliksense
spec:
ports:
- name: groups
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: groups
release: qliksense
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: groups
chart: groups-3.0.2
heritage: Tiller
release: qliksense
name: qliksense-groups
namespace: qliksense
spec:
replicas: 1
selector:
matchLabels:
app: groups
release: qliksense
template:
metadata:
annotations:
checksum/configs: 3ce3528a3a1895dae09f07d190842b064d5f631968fcc9d7d1182c104ccece24
checksum/secrets: 7e636723deb417369c2004b5dd0e25f2d38ae9b354e918d6437dd17130a0f368
labels:
app: groups
release: qliksense
spec:
containers:
- env:
- name: MONGODB_URI_FILE
value: /run/secrets/qlik.com/qliksense/mongodbUri
- name: TOKEN_AUTH_PRIVATE_KEY_FILE
value: /run/secrets/qlik.com/qliksense-groups/tokenAuthPrivateKey
- name: TOKEN_AUTH_PRIVATE_KEY_ID_FILE
value: /run/secrets/qlik.com/qliksense-groups/tokenAuthPrivateKeyId
- name: INGRESS_AUTH_URL
valueFrom:
configMapKeyRef:
key: ingressAuthUrl
name: qliksense-groups-configs
- name: KEYS_URI
valueFrom:
configMapKeyRef:
key: keysUri
name: qliksense-groups-configs
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
key: logLevel
name: qliksense-groups-configs
- name: REDIS_URI
valueFrom:
configMapKeyRef:
key: redisUri
name: qliksense-groups-configs
- name: TOKEN_AUTH_URI
valueFrom:
configMapKeyRef:
key: tokenAuthUri
name: qliksense-groups-configs
- name: ENVIRONMENT
value: qliksense
- name: REGION
value: example
image: ghcr.io/qlik-download/groups:3.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /live
port: http
name: groups
ports:
- containerPort: 8080
name: http
protocol: TCP
readinessProbe:
httpGet:
path: /ready
port: http
resources:
volumeMounts:
- mountPath: /run/secrets/qlik.com/qliksense-groups
name: qliksense-groups-secrets
readOnly: true
- mountPath: /run/secrets/qlik.com/qliksense
name: qliksense-secrets
readOnly: true
dnsConfig:
options:
- name: timeout
value: "1"
imagePullSecrets:
- name: artifactory-docker-secret
volumes:
- name: qliksense-groups-secrets
secret:
secretName: qliksense-groups-secrets
- name: qliksense-secrets
secret:
secretName: qliksense-secrets
---
---
---
---
# Source: qliksense/charts/keys/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: qliksense-keys-configmap
data:
qlik.api.internal-api-keys: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"GR4BOyUiWkDpR1SGrquOymiuKSMdrYE4uuDBIkYnjyo\",\"crv\":\"P-384\",\"x\":\"I6klmP30Hl4QLEJdDve5eTiOvyIECXS-WQfFlcMq-mFqI82S6pOO57643k50l5aL\",\"y\":\"csshnKq3RpKGMaDuBNLJjiG3WqXyAKhYP4P4JfEJR8yDqKuuNG69xag2nlzKdK4G\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEI6klmP30Hl4QLEJdDve5eTiOvyIECXS+\\nWQfFlcMq+mFqI82S6pOO57643k50l5aLcsshnKq3RpKGMaDuBNLJjiG3WqXyAKhY\\nP4P4JfEJR8yDqKuuNG69xag2nlzKdK4G\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-audit: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"V5uEI2x2sYjIq0Ezz7NlqoExS1Y4dvwhdt3iakflxGY\",\"crv\":\"P-384\",\"x\":\"7NySyRC9cu6VEOrtXjoSdzOQVUT2UUOHbqLkbETP8JAG_jpTALMhWQrhILQxdeBv\",\"y\":\"9kWOIHqVJAEQRQoBDtBN1mq0hB0DEtuqTX5ERxxFAGjr0-rz-PgaoEJoftDG0rSi\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE7NySyRC9cu6VEOrtXjoSdzOQVUT2UUOH\\nbqLkbETP8JAG/jpTALMhWQrhILQxdeBv9kWOIHqVJAEQRQoBDtBN1mq0hB0DEtuq\\nTX5ERxxFAGjr0+rz+PgaoEJoftDG0rSi\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-chronos-worker: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"BKIz36TOxYe2wf6sB2f2pA5sb9GIDOZZXmWHDYG-pwQ\",\"crv\":\"P-384\",\"x\":\"jKPw2LipVXTTGU9IdWMVXaHraZkTFzw-rDyV46lzdSi9UhWJPW_70BGWCVrlqwK0\",\"y\":\"xHoMjZjTj72j1Ji498c7ebFJ3hmNC5UPMn9lLw4mJpRnLCd-aHdYJHDkNsJN5Wjc\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEjKPw2LipVXTTGU9IdWMVXaHraZkTFzw+\\nrDyV46lzdSi9UhWJPW/70BGWCVrlqwK0xHoMjZjTj72j1Ji498c7ebFJ3hmNC5UP\\nMn9lLw4mJpRnLCd+aHdYJHDkNsJN5Wjc\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-collections: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"2gMxQ_Xn45K4P_UZK8QcQT72l1R9-zwQGnNTiDvx8VI\",\"crv\":\"P-384\",\"x\":\"gh2rEM1NVo611yqSY2HJkaZzclyrUuYFhsRUBTCXSElKij48E9V6ALxuy8apKi-I\",\"y\":\"-sU5Y9BxoIoVdA71LHbst004tQ_thYGXyYtYmGaxSr1Xe1-Jp47_OLD2afOhwIHJ\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEgh2rEM1NVo611yqSY2HJkaZzclyrUuYF\\nhsRUBTCXSElKij48E9V6ALxuy8apKi+I+sU5Y9BxoIoVdA71LHbst004tQ/thYGX\\nyYtYmGaxSr1Xe1+Jp47/OLD2afOhwIHJ\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-data-connections: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"Imjw67kdScLNfPPragGwlTSZf4E_XvoNCR3IK6BETGk\",\"crv\":\"P-384\",\"x\":\"fCCpT_yrTX_rq175JJvRlfxGdxSizgg9UK7CWcmRO5jBnutLOfMVm68yjbWpMp5s\",\"y\":\"1FK4YAyVh5mOFp-Fg3sKChvAog33FNtI0AaVLbWoSZGRd-9Ei50zITWnnzTOEv-A\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEfCCpT/yrTX/rq175JJvRlfxGdxSizgg9\\nUK7CWcmRO5jBnutLOfMVm68yjbWpMp5s1FK4YAyVh5mOFp+Fg3sKChvAog33FNtI\\n0AaVLbWoSZGRd+9Ei50zITWnnzTOEv+A\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-data-engineering-exporter: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"Ekg75kPFEn8WzawPn59o5jr_BqcOkli-919rYn_VCmg\",\"crv\":\"P-384\",\"x\":\"t7HxljSnx4SCHE3eykDSxnE1yU0CBESJDAHVvCukyuvzcQALuqwwVXkfMOVtnVwf\",\"y\":\"qTL2PNQVqjCTHzj_FxVAS8w9YhiZSNDcw9y2aE_nYVbaH59hevkg0oBTTcnpcogh\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEt7HxljSnx4SCHE3eykDSxnE1yU0CBESJ\\nDAHVvCukyuvzcQALuqwwVXkfMOVtnVwfqTL2PNQVqjCTHzj/FxVAS8w9YhiZSNDc\\nw9y2aE/nYVbaH59hevkg0oBTTcnpcogh\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-edge-auth: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"ENTY6Jgmp49H6xPfogxepd-xXdbEgqvQsUu3e5cPkmI\",\"crv\":\"P-384\",\"x\":\"agf54BGVzQ1yooK8JvYVeCXB1Oham64QvVe33orqj8LrxlEurZnyfFdUKK1Q-0hX\",\"y\":\"_sTVgkhpeAic4anO2pfdoBTgndRJgm3GW_Z89FUjShI55fcgnE904Xa--cET2es6\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEagf54BGVzQ1yooK8JvYVeCXB1Oham64Q\\nvVe33orqj8LrxlEurZnyfFdUKK1Q+0hX/sTVgkhpeAic4anO2pfdoBTgndRJgm3G\\nW/Z89FUjShI55fcgnE904Xa++cET2es6\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-engine: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"uHxp0YvnYQx-AqQgHnxgKqTk_HmZiT67B8SYOlzSgoM\",\"crv\":\"P-384\",\"x\":\"kPiEXSJOQ1FSVvC7flId1pZYIxox10XyPmjQXJjONZ2MEZR72nVBseRmaphX-IOz\",\"y\":\"L-uxUeqMiLUQ5j7bfUDg5tgT8gN2n7jzaaDxHOgy4Dvbba2Ex1jpHnB2P2Tm6h9q\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEkPiEXSJOQ1FSVvC7flId1pZYIxox10Xy\\nPmjQXJjONZ2MEZR72nVBseRmaphX+IOzL+uxUeqMiLUQ5j7bfUDg5tgT8gN2n7jz\\naaDxHOgy4Dvbba2Ex1jpHnB2P2Tm6h9q\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-eventing: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"_a9lgpnajgIAPxZIrOfyJ2O_xFyEP0QyywWewyYNoWo\",\"crv\":\"P-384\",\"x\":\"cKoZW3g0aMq85UkPgTnTEKKoiw8BD5u5kN-dJwCt4hItEGvSnKDlTq97f-teXvkw\",\"y\":\"HdF8BxSQTdSjV_LrDMspP_B5Mtyvs-oCJ6nZb_o-P0EKMSZT1fGXfQh7kTvUu5HF\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEcKoZW3g0aMq85UkPgTnTEKKoiw8BD5u5\\nkN+dJwCt4hItEGvSnKDlTq97f+teXvkwHdF8BxSQTdSjV/LrDMspP/B5Mtyvs+oC\\nJ6nZb/o+P0EKMSZT1fGXfQh7kTvUu5HF\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-generic-links: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"z4YaArQ3CzF9748arHaNfJkHjPTB2nCoBLeN-Zbdle0\",\"crv\":\"P-384\",\"x\":\"u9hZCyiVTPdhEFGBWwx4yozNQGXDItPQcEAgzYaAG0tjuHqeU4bBEgE-58PyqAzd\",\"y\":\"WzB8k0OlmEQdKekhfe5lm6PRlCWbI-k_jZA1prsz5OiNf7A4OZDKlay0LAF419RB\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEu9hZCyiVTPdhEFGBWwx4yozNQGXDItPQ\\ncEAgzYaAG0tjuHqeU4bBEgE+58PyqAzdWzB8k0OlmEQdKekhfe5lm6PRlCWbI+k/\\njZA1prsz5OiNf7A4OZDKlay0LAF419RB\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-geo-operations: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"N0I3roEVoh1utSb1JFkqklahRXmGikq8FIkxLLuEpcU\",\"crv\":\"P-384\",\"x\":\"ypbW9AEZdYOPOFJhrUUzWGTEuPqT0rOYzSP2bSa2-ISKuJen25cCMQ2bzJTOWpMn\",\"y\":\"G-4DaOWXMKM6WW_ufgnhf-cDGpcitGvlWThgmfNLUsbgO3Aeq8ADmjt2IZqJZL-G\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEypbW9AEZdYOPOFJhrUUzWGTEuPqT0rOY\\nzSP2bSa2+ISKuJen25cCMQ2bzJTOWpMnG+4DaOWXMKM6WW/ufgnhf+cDGpcitGvl\\nWThgmfNLUsbgO3Aeq8ADmjt2IZqJZL+G\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-groups: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"-zq2j2DUp6FisDDITRjytFCNj7ieIySuThHIz_TthR0\",\"crv\":\"P-384\",\"x\":\"4K52XYrU0GK-pYu-ZtkDU-5P1-jsuovRa8aCqwd_JdFb4EpZEepCTXWg1Vs_M2SV\",\"y\":\"tAoENNE39uCVJx9_wWZN8YoDgEoryd8pbhsPkf6uSYEsMnnAOC8KctNosBk6CbfI\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE4K52XYrU0GK+pYu+ZtkDU+5P1+jsuovR\\na8aCqwd/JdFb4EpZEepCTXWg1Vs/M2SVtAoENNE39uCVJx9/wWZN8YoDgEoryd8p\\nbhsPkf6uSYEsMnnAOC8KctNosBk6CbfI\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-identity-providers: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"JYJ4SoPYPN8JWQR7UBuE2orr1rZEFSc53ARC0e1ldVo\",\"crv\":\"P-384\",\"x\":\"cdOgdRskL4yQccelknZPICzsjpjekBiUfBzBG4cRHQ3spcDp_s05yBkiiH4e1y2d\",\"y\":\"BerNrxRqxYEotHKNdzDdi-qcnA1jJULdPT9nWF5wzWsYweAYS-lbuqWzjC7uab78\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEcdOgdRskL4yQccelknZPICzsjpjekBiU\\nfBzBG4cRHQ3spcDp/s05yBkiiH4e1y2dBerNrxRqxYEotHKNdzDdi+qcnA1jJULd\\nPT9nWF5wzWsYweAYS+lbuqWzjC7uab78\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-insights: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"a6TNsX_wYGt2ADVrUf7E2mtc3dHYVGB4smiuluDfAnc\",\"crv\":\"P-384\",\"x\":\"Lj0RX4o0OTcXxsg07antpqr5GZAsFU_FOGVVlpa7y3yxGDThCgqQ-ECvWyxWUVT-\",\"y\":\"PB5DoV63jWxdpnBN1XWKSWZeIZz0CBswirORAFduHLG2wZm9QrYPP6JfSrry6zXW\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAELj0RX4o0OTcXxsg07antpqr5GZAsFU/F\\nOGVVlpa7y3yxGDThCgqQ+ECvWyxWUVT+PB5DoV63jWxdpnBN1XWKSWZeIZz0CBsw\\nirORAFduHLG2wZm9QrYPP6JfSrry6zXW\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-invite: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"JtyhhqJOLBf8_-vRTthOdYW4ZsPC_sVn14eYRwrZbIw\",\"crv\":\"P-384\",\"x\":\"DhDSolF2fxuHGcySnczwSnhE97GgD8trtQeaCnmHTqoEkRPgHCNDdRW7KCecWKCL\",\"y\":\"_zkjdDKwOVDwHtFe_9aPTb56YypPGTpXpPTC4Zaf0ODKmpMynwS8wDLgS__rIjMQ\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEDhDSolF2fxuHGcySnczwSnhE97GgD8tr\\ntQeaCnmHTqoEkRPgHCNDdRW7KCecWKCL/zkjdDKwOVDwHtFe/9aPTb56YypPGTpX\\npPTC4Zaf0ODKmpMynwS8wDLgS//rIjMQ\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-licenses: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"_WChJV76hqP6rsnPFV44TNYUR1l4jweS612XuTMopz0\",\"crv\":\"P-384\",\"x\":\"tiFoWOHCY4Sr_6wlauuDkUNNWOej76Ajt1YNtwHbji3vzdCCj3nZIu7ll-96J12c\",\"y\":\"-ciEthokwFipGqaANkC5x1jqwt8HJM-wFgIybYIHqAr01ISZhui2PUgiQMBDvMbj\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEtiFoWOHCY4Sr/6wlauuDkUNNWOej76Aj\\nt1YNtwHbji3vzdCCj3nZIu7ll+96J12c+ciEthokwFipGqaANkC5x1jqwt8HJM+w\\nFgIybYIHqAr01ISZhui2PUgiQMBDvMbj\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-nl-app-search: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"DihESBr-pTkPlMcowSp_jGL2XEdd8ndeynJ_Kqeqs84\",\"crv\":\"P-384\",\"x\":\"p0UWVG3tMa93UGjHun4SS5C25TNHx9zE2tMjWevEWTRN3YhklhfF5b2niYigf2dV\",\"y\":\"p4H8drK5X-VmLyIhSm1g8rrg8_DIiYOCum-kxrFSmZeyJHQMffhuKkGqvOcmG6Jg\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEp0UWVG3tMa93UGjHun4SS5C25TNHx9zE\\n2tMjWevEWTRN3YhklhfF5b2niYigf2dVp4H8drK5X+VmLyIhSm1g8rrg8/DIiYOC\\num+kxrFSmZeyJHQMffhuKkGqvOcmG6Jg\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-nl-parser: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"F3nEYPcWVLOjvqqeb8oMl-qk0xbMkV6j1sNb3w5DZ5Y\",\"crv\":\"P-384\",\"x\":\"Vg6b4TpqaqRYYY27lQWoIdN03Keo9a97ji68cA9hUMuNCdTMlsSCQgeLeVEmhg9p\",\"y\":\"uGQIKuqadGyhceptJnxCG20jTrOqZoFm0HJIQDvHuje9t_V2cXvUsCmBXefry9u8\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEVg6b4TpqaqRYYY27lQWoIdN03Keo9a97\\nji68cA9hUMuNCdTMlsSCQgeLeVEmhg9puGQIKuqadGyhceptJnxCG20jTrOqZoFm\\n0HJIQDvHuje9t/V2cXvUsCmBXefry9u8\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-notification-prep: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"oy6oficqj3Os7ZLLNKIDeKPOzQDoKdhGQa-w0e6YQvI\",\"crv\":\"P-384\",\"x\":\"OJxJX7aWqfSnnBsiLeNW_QTNB1Kws1IYToSvw7fA_pLbB9Ezqbfre7maIOLoM1pc\",\"y\":\"pktSxFQbYaqFkNDkqCs6iOOApZLU0pzxiaQoa0enGjZnBjmb3pfKKKoDcJZE9kvP\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEOJxJX7aWqfSnnBsiLeNW/QTNB1Kws1IY\\nToSvw7fA/pLbB9Ezqbfre7maIOLoM1pcpktSxFQbYaqFkNDkqCs6iOOApZLU0pzx\\niaQoa0enGjZnBjmb3pfKKKoDcJZE9kvP\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-odag: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"J-QC62aBDJrkbJXxEiZixY1wlPwAjJDeZHIgE_DjnXw\",\"crv\":\"P-384\",\"x\":\"uaEyYzjoRKYqhLOwlwWOXR4KDk6wMAlhlOBbzi0HZZeu25jThv1V3uEdXhIFH87e\",\"y\":\"dkoVK3-zFA3BOYDHAp22_1oejwURjUR5BpHbAuXoU7wGrqPjch8Psd7gpF5WH8XO\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEuaEyYzjoRKYqhLOwlwWOXR4KDk6wMAlh\\nlOBbzi0HZZeu25jThv1V3uEdXhIFH87edkoVK3+zFA3BOYDHAp22/1oejwURjUR5\\nBpHbAuXoU7wGrqPjch8Psd7gpF5WH8XO\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-onboarding: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"9xviu78nWGhTSjKTUIKAWkTCQsYJ4g19iQMix8tl068\",\"crv\":\"P-384\",\"x\":\"WnXApdbD0fTwXSZQPHlurOFaDJe-_Qi33Q7nJM8iQJfoUBacJomm_b_7OgfEG3sy\",\"y\":\"nZlo-lTKgwLDh7zG7DBkMItzYCOTSyNpkT5Alh5F6RI0QJWPvxYCMsqG43nO5Mev\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEWnXApdbD0fTwXSZQPHlurOFaDJe+/Qi3\\n3Q7nJM8iQJfoUBacJomm/b/7OgfEG3synZlo+lTKgwLDh7zG7DBkMItzYCOTSyNp\\nkT5Alh5F6RI0QJWPvxYCMsqG43nO5Mev\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-policy-decisions: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"xXqGdDQhJWPRmWxQP0UONJMbYt8Q4faDzBENg9qGU5M\",\"crv\":\"P-384\",\"x\":\"ghU9Vsui8PVPogqzcAUFwTschaqyHbeQcSSf6fC0PLy4yxQmmAMpYmH8stdFYBtH\",\"y\":\"f9s7uy5KYooCf7FRiEVrOJnGCTuSvS04A52CraxHW1TTG8wWXkS4lpbwvaY9wrBb\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEghU9Vsui8PVPogqzcAUFwTschaqyHbeQ\\ncSSf6fC0PLy4yxQmmAMpYmH8stdFYBtHf9s7uy5KYooCf7FRiEVrOJnGCTuSvS04\\nA52CraxHW1TTG8wWXkS4lpbwvaY9wrBb\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-precedents: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"GrvbBlHIXFBB7vrpoOl4VyrGIYl_1kUgKSfNqBoh0ds\",\"crv\":\"P-384\",\"x\":\"CQFHkVIKx1pnS4BsE5Agwft7VicXrdE9PSYevBnRuuF_4G4A17Q0lZbVGeiffC9Y\",\"y\":\"-1nOPkQrjZctPbI63Key_qRUOJVg1gOPYWvexNDjE_SwW3R7WFk8a-5_OM4Oe8Dr\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAECQFHkVIKx1pnS4BsE5Agwft7VicXrdE9\\nPSYevBnRuuF/4G4A17Q0lZbVGeiffC9Y+1nOPkQrjZctPbI63Key/qRUOJVg1gOP\\nYWvexNDjE/SwW3R7WFk8a+5/OM4Oe8Dr\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-qix-data-connection: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"Imjw67kdScLNfPPragGwlTSZf4E_XvoNCR3IK6BETGk\",\"crv\":\"P-384\",\"x\":\"fCCpT_yrTX_rq175JJvRlfxGdxSizgg9UK7CWcmRO5jBnutLOfMVm68yjbWpMp5s\",\"y\":\"1FK4YAyVh5mOFp-Fg3sKChvAog33FNtI0AaVLbWoSZGRd-9Ei50zITWnnzTOEv-A\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEfCCpT/yrTX/rq175JJvRlfxGdxSizgg9\\nUK7CWcmRO5jBnutLOfMVm68yjbWpMp5s1FK4YAyVh5mOFp+Fg3sKChvAog33FNtI\\n0AaVLbWoSZGRd+9Ei50zITWnnzTOEv+A\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-qix-data-reload: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"QtiFtx-5MCcsnHb-xmWGgjwoJuEZYYkYHblN2I_Bibo\",\"crv\":\"P-384\",\"x\":\"tcecGYbktKzY2UACFHyM3V8iatPsxMk7TU-vyvsqBQqW13x8QXxM5oWHoUT2ffAn\",\"y\":\"vrrEcsMbhqVGtzHgfu5UALLkurJrgdhnEVAbid8nivhC0kOMjjbMHHB9OsavQJsB\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEtcecGYbktKzY2UACFHyM3V8iatPsxMk7\\nTU+vyvsqBQqW13x8QXxM5oWHoUT2ffAnvrrEcsMbhqVGtzHgfu5UALLkurJrgdhn\\nEVAbid8nivhC0kOMjjbMHHB9OsavQJsB\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-qix-datafiles: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"zpiZ-klS65lfcq1K0-o29Sa0AAZYYr4ON_1VCtAbMEA\",\"crv\":\"P-384\",\"x\":\"W12TTwY7C8tuZl19O0ornUq6yPI87vJA4mSF1YKmWC9XvF32-ZRoerstW1j6Aisw\",\"y\":\"Aphoey39y2s-_NDkrtevp-Yoy-OMC8O-9b-rFEJbBdFKT_xycepciTPUCG5HXDpr\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEW12TTwY7C8tuZl19O0ornUq6yPI87vJA\\n4mSF1YKmWC9XvF32+ZRoerstW1j6AiswAphoey39y2s+/NDkrtevp+Yoy+OMC8O+\\n9b+rFEJbBdFKT/xycepciTPUCG5HXDpr\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-qix-sessions: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"Wybd2-X3hcBpqDIjd3NwZahTsjpP1BqegTYVhx_KN1o\",\"crv\":\"P-384\",\"x\":\"oDr1snacUnZCEZ8ML4QhcTra9YOj-NLqJTKOHoUuZ9ovB_iSrNHyQjxseTtaL3lN\",\"y\":\"Bx2nXRul753mPWyzQQpXK-n_K9dP7gMzLVMW9uTmsA8ftLtUFA2ubp13xkpb88bU\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEoDr1snacUnZCEZ8ML4QhcTra9YOj+NLq\\nJTKOHoUuZ9ovB/iSrNHyQjxseTtaL3lNBx2nXRul753mPWyzQQpXK+n/K9dP7gMz\\nLVMW9uTmsA8ftLtUFA2ubp13xkpb88bU\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-quotas: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"1Kyk7eZuL_cTcwK-n0IgGcupF9vdQnvgeov5fpxugCY\",\"crv\":\"P-384\",\"x\":\"TrlITZjHltbmQd11Vb9hKEsoSmYiXhhfkBIPa94chNtUbyF3CLjYOqZzUo0kCIKE\",\"y\":\"70Ro89RtnRW8iBKEVJhs3P69aU7Gh0Ac6oRXRj0f_MVVzHBZI_pI1caEv8MdF1Hx\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETrlITZjHltbmQd11Vb9hKEsoSmYiXhhf\\nkBIPa94chNtUbyF3CLjYOqZzUo0kCIKE70Ro89RtnRW8iBKEVJhs3P69aU7Gh0Ac\\n6oRXRj0f/MVVzHBZI/pI1caEv8MdF1Hx\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-reload-tasks: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"tGqCjbBab4T5LCzwDKkOsYUtTDanLJrFrtoQm9PRSxE\",\"crv\":\"P-384\",\"x\":\"aehmMnoPo5KIYeBRUxPDEnxhNL9RCMGhAbx8iztSNSApjyPUapXJwj1bfQtc02Qk\",\"y\":\"9PfdU7ViP5Aez6swlZygPIGhv1Uz8IC26PKhLN0LxpYuyBxd675NtVXptiwZVZp9\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEaehmMnoPo5KIYeBRUxPDEnxhNL9RCMGh\\nAbx8iztSNSApjyPUapXJwj1bfQtc02Qk9PfdU7ViP5Aez6swlZygPIGhv1Uz8IC2\\n6PKhLN0LxpYuyBxd675NtVXptiwZVZp9\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-reporting: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"7nHZ6rfrzzjxuhqByuIrLTWg4HnNzgMMQdURgUQKOvg\",\"crv\":\"P-384\",\"x\":\"OljjAsqkMTxBiNr6Gxwbo27gCP0NtaOE-Z-AEedIY97nOdcWaVIxBEPJK_6ubfcY\",\"y\":\"p42QA1FsAKtN76TQF3vOa0hqMuaf0seBYoryhb8CQDbboLxKC1H4M07vWdYpwKRA\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEOljjAsqkMTxBiNr6Gxwbo27gCP0NtaOE\\n+Z+AEedIY97nOdcWaVIxBEPJK/6ubfcYp42QA1FsAKtN76TQF3vOa0hqMuaf0seB\\nYoryhb8CQDbboLxKC1H4M07vWdYpwKRA\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-resource-library: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"m_1HJQ4CKk1CGdjahppB9TE-ijXzfeZbPyEaPdrZ7q0\",\"crv\":\"P-384\",\"x\":\"RjVZgoQaUfAVxEiI8VGtbsz6ph64__XddAkj8pa6jNmNw5Ojnx_TVC7tHIMU9YYJ\",\"y\":\"Rr5yaCSDwQouF4mlAC8hqiOirhYWNdovJlFzOn19A9sU1rnWTlVOMlBzVNrLmjdF\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAERjVZgoQaUfAVxEiI8VGtbsz6ph64//Xd\\ndAkj8pa6jNmNw5Ojnx/TVC7tHIMU9YYJRr5yaCSDwQouF4mlAC8hqiOirhYWNdov\\nJlFzOn19A9sU1rnWTlVOMlBzVNrLmjdF\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-sharing: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"nt7vrIzpznLm1wGRS7U7TF_4p4GEm5OEFmmuVJKy7Lc\",\"crv\":\"P-384\",\"x\":\"MyFvn6pcsJ2rdMfuNWcK3hbcLv4Bg9q0zt7Xcyapf7zT4b0G9um6bV-mRMpXNqjr\",\"y\":\"2MXi0RajsQTY2T1VmOPF-uZqQs6vMCUnCZRI0zYKe8D-DeVMdq_lMdUlgJkCQnNp\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEMyFvn6pcsJ2rdMfuNWcK3hbcLv4Bg9q0\\nzt7Xcyapf7zT4b0G9um6bV+mRMpXNqjr2MXi0RajsQTY2T1VmOPF+uZqQs6vMCUn\\nCZRI0zYKe8D+DeVMdq/lMdUlgJkCQnNp\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-spaces: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"j3MbBtOiEib3tLcVbvscwehV3K0WAZVFBp3ysfsdksg\",\"crv\":\"P-384\",\"x\":\"ep7pduYemcRVVqWKe--V7m-kacwIKC18A2yuBVbBQGLUKCTBAO23fR6QGf_U5y-w\",\"y\":\"l9n9QlF5fgqyfk8PckpPKq_zXvGTMNg_uoN1sB-KYgPjr0jQsHdRO_JgxbGEI_bq\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEep7pduYemcRVVqWKe++V7m+kacwIKC18\\nA2yuBVbBQGLUKCTBAO23fR6QGf/U5y+wl9n9QlF5fgqyfk8PckpPKq/zXvGTMNg/\\nuoN1sB+KYgPjr0jQsHdRO/JgxbGEI/bq\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-subscriptions: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"iUsv5s2Q5CXHPTFn-mHEnr5CIPrW5-KUrfuJPKlpyCE\",\"crv\":\"P-384\",\"x\":\"1vyDjEuHHM-Bvo-oO4ZKd6dRS5NazHM-qcl_2T1UGtAl6bIBUD9a6MMMfIxG1yOh\",\"y\":\"6LTPElvI3DIF1Gmj6xlZELdafczq2eZoCG1NutlsOxXzG4gRVVNhwohDrhGbOj0C\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE1vyDjEuHHM+Bvo+oO4ZKd6dRS5NazHM+\\nqcl/2T1UGtAl6bIBUD9a6MMMfIxG1yOh6LTPElvI3DIF1Gmj6xlZELdafczq2eZo\\nCG1NutlsOxXzG4gRVVNhwohDrhGbOj0C\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-temporary-contents: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"ckZJbjOzS1zWHMV8XqX5Q_YKWx2A4FIuGM-Ac8PF4aA\",\"crv\":\"P-384\",\"x\":\"Dr1eUA8DovqLG6h1rzkEyuUoU2nnuQP6poSg4PKYx7SkC2wgWp3ru2BOGrCFGLq-\",\"y\":\"O29e6ZKUxvV5_bOCTL8zuvOXCkvdA-DIgLZ3iF-RSc91UZxnU4odMjDwvXwKnbKy\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEDr1eUA8DovqLG6h1rzkEyuUoU2nnuQP6\\npoSg4PKYx7SkC2wgWp3ru2BOGrCFGLq+O29e6ZKUxvV5/bOCTL8zuvOXCkvdA+DI\\ngLZ3iF+RSc91UZxnU4odMjDwvXwKnbKy\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-tenants: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"Mf9AcMRQ-bLHduxLoE-POyozm6Ze6yfvW1Pyq3Fv1Bo\",\"crv\":\"P-384\",\"x\":\"sGQYXzx6jEU8pAzDBOjS6JJM3jqvW1MBOlWpm3AqagOErOjzI_l6C_6Z0NxuguKx\",\"y\":\"BK8fuZsLY7UQ9QoHctUqxjImtgMTqpkgKo1C4zA5Ybo5lnUtIDffFsKIuSMhvA-F\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEsGQYXzx6jEU8pAzDBOjS6JJM3jqvW1MB\\nOlWpm3AqagOErOjzI/l6C/6Z0NxuguKxBK8fuZsLY7UQ9QoHctUqxjImtgMTqpkg\\nKo1C4zA5Ybo5lnUtIDffFsKIuSMhvA+F\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-transport: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"hPe8ng6iIeKvQFVtzehbgjGKH4uFu9uKyCgGQ1SjjCU\",\"crv\":\"P-384\",\"x\":\"BuvlyzGB6xKtZlIgu34QP77aVYW8Xt50YrqTfLCf9N8NNPU140ejg6zlJgiZKTaK\",\"y\":\"50dgd8JzjTknMe3YGgG-C-mlAoHY6pGkpOrE42MzBN-U-p5qGOxfdYhy4NkE3xoM\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEBuvlyzGB6xKtZlIgu34QP77aVYW8Xt50\\nYrqTfLCf9N8NNPU140ejg6zlJgiZKTaK50dgd8JzjTknMe3YGgG+C+mlAoHY6pGk\\npOrE42MzBN+U+p5qGOxfdYhy4NkE3xoM\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-users: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"jhnbOw3nZwHlAfz4FRjEPgo5CG_Tw0uezR2VsyagBzY\",\"crv\":\"P-384\",\"x\":\"JhGD0ZR_tBKSIChkAWlYE1C2kVuCF4gHUTEZcvzh1i77WeSJbMofOsLaPQ68EkC8\",\"y\":\"FtULlIOHnafa8dZDY9aLnpo-Th3hklEQYnMNBHkIU-nUpuR2RQ84o0bj8Gsfb1dW\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJhGD0ZR/tBKSIChkAWlYE1C2kVuCF4gH\\nUTEZcvzh1i77WeSJbMofOsLaPQ68EkC8FtULlIOHnafa8dZDY9aLnpo+Th3hklEQ\\nYnMNBHkIU+nUpuR2RQ84o0bj8Gsfb1dW\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-web-notifications: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"YUiIenAWJzwQHexnMp5gqMm7-JzlAx5JhnoeqLHLvmo\",\"crv\":\"P-384\",\"x\":\"KbUjCkZdqhK0IEV_fI04AeVGs1Aa_Oe_Y6fop4GHgWZCQIY0l3-0lQTYc7_nUSyH\",\"y\":\"fncz7kPKWLdhR76urjIFj2cmlm907t3ywfI8awrMVpCX8oV5LSDfL69_Jox7QPWo\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEKbUjCkZdqhK0IEV/fI04AeVGs1Aa/Oe/\\nY6fop4GHgWZCQIY0l3+0lQTYc7/nUSyHfncz7kPKWLdhR76urjIFj2cmlm907t3y\\nwfI8awrMVpCX8oV5LSDfL69/Jox7QPWo\\n-----END PUBLIC KEY-----\\n\"}]}"
qlik.api.internal-web-security: "{\"keys\":[{\"kty\":\"EC\",\"kid\":\"ySG-VC4hiYm9Jm00JN4TEroq_CekjreqZoRgSiNjSqU\",\"crv\":\"P-384\",\"x\":\"6UvLQHfGVio2X5MEwLNOt1Bntpvj1AljLpLQn3xpWotLRPg-9JRSFna0PI5ks27e\",\"y\":\"-bgNUf3350XYVkVqt7PRzMOmAiPsKnvfPDLTBifMgwWcEkS_ve7ZMFXfABGugto2\",\"pem\":\"-----BEGIN PUBLIC KEY-----\\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE6UvLQHfGVio2X5MEwLNOt1Bntpvj1Alj\\nLpLQn3xpWotLRPg+9JRSFna0PI5ks27e+bgNUf3350XYVkVqt7PRzMOmAiPsKnvf\\nPDLTBifMgwWcEkS/ve7ZMFXfABGugto2\\n-----END PUBLIC KEY-----\\n\"}]}"
---
# Source: qliksense/charts/messaging/charts/nats/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: "nats"
chart: "nats-1.0.6"
heritage: "Tiller"
release: "qliksense"
name: qliksense-nats
data:
gnatsd.conf: |-
listen: 0.0.0.0:4222
http: 0.0.0.0:8222
client_advertise: qliksense-nats-client:4222
# Authorization for client connections
authorization {
timeout: 1
users: [
{
user: "natsClient",
password: "clientPass",
}
]
}
# Logging options
debug: false
trace: false
logtime: false
# Pid file
pid_file: "/tmp/gnatsd.pid"
# Some system overides
# Clustering definition
cluster {
listen: 0.0.0.0:6222
no_advertise: false
# Authorization for cluster connections
# Routes are actively solicited and connected to from this server.
# Other servers can connect to us if they supply the correct credentials
# in their routes definitions from above
routes = [
nats://qliksense-nats-cluster:6222
]
}
users.json: "[{\"stanPermissions\":{\"subscribe\":[\"system-events.odag.request\",\"system-events.engine.app\",\"system-events.user-session\",\"system-events.spaces\",\"system-events.licenses\",\"system-events.generic-links\",\"system-events.api-keys\",\"system-events.user-identity\",\"system-events.web-security\",\"system-events.tenants\"]},\"user\":\"audit\"},{\"stanPermissions\":{\"publish\":[\"chronos-worker.\\u003e\"]},\"user\":\"chronos-worker\"},{\"stanPermissions\":{\"subscribe\":[\"system-events.\\u003e\"]},\"user\":\"data-engineering-exporter\"},{\"stanPermissions\":{\"publish\":[\"system-events.user-session\",\"system-events.user-identity\"],\"subscribe\":[\"system-events.users\",\"system-events.user-session\",\"system-events.identity-providers\",\"private.idp-sync\"]},\"user\":\"edge-auth\"},{\"stanPermissions\":{\"publish\":[\"com.qlik.app\",\"com.qlik.engine.session\",\"com.qlik.engine.system\",\"system-events.engine.app\",\"system-events.engine.session\",\"system-events.engine.system\"]},\"user\":\"engine\"},{\"stanPermissions\":{\"publish\":[\"private.idp-sync\",\"system-events.identity-providers\"]},\"user\":\"identity-providers\"},{\"stanPermissions\":{\"publish\":[\"system-events.invite\"],\"subscribe\":[\"system-events.users\"]},\"user\":\"invite\"},{\"stanPermissions\":{\"subscribe\":[\"system-events.engine.app\"]},\"user\":\"nl-parser\"},{\"stanPermissions\":{\"publish\":[\"system-events.odag.request\",\"odag.\\u003e\"],\"subscribe\":[\"odag.\\u003e\",\"system-events.engine.app\",\"system-events.reloadResults\"]},\"user\":\"odag\"},{\"stanPermissions\":{\"publish\":[\"reload\",\"system-events.reloadResults\"],\"subscribe\":[\"reload\"]},\"user\":\"qix-data-reload\"},{\"stanPermissions\":{\"publish\":[\"system-events.resource-library\"]},\"user\":\"resource-library\"},{\"stanPermissions\":{\"publish\":[\"system-events.tenants\",\"system-events.web-integrations\"]},\"user\":\"tenants\"},{\"stanPermissions\":{\"publish\":[\"system-events.users\"]},\"user\":\"users\"},{\"stanPermissions\":{\"publish\":[\"system-events.api-keys\"],\"subscribe\":[\"system-events.users\"]},\"user\":\"api-keys\"},{\"stanPermissions\":{\"publish\":[\"system-events.items\"],\"subscribe\":[\"system-events.engine.app\",\"system-events.generic-links\"]},\"user\":\"collections\"},{\"stanPermissions\":{\"publish\":[\"system-events.licenses\"],\"subscribe\":[\"system-events.licenses\"]},\"user\":\"licenses\"},{\"stanPermissions\":{\"publish\":[\"system-events.spaces\"],\"subscribe\":[\"system-events.tenants\"]},\"user\":\"spaces\"},{\"stanPermissions\":{\"subscribe\":[\"system-events.engine.app\"]},\"user\":\"precedents\"},{\"stanPermissions\":{\"publish\":[\"system-events.notification-request\"],\"subscribe\":[\"system-events.engine.app\",\"system-events.spaces\",\"system-events.web-notifications\",\"system-events.sharing\"]},\"user\":\"eventing\"},{\"stanPermissions\":{\"subscribe\":[\"system-events.engine.app\",\"system-events.engine.session\",\"system-events.engine.system\",\"system-events.reloadResults\"]},\"user\":\"qix-sessions\"},{\"stanPermissions\":{\"subscribe\":[\"system-events.engine.app\",\"system-events.spaces\"]},\"user\":\"qix-datafiles\"},{\"stanPermissions\":{\"publish\":[\"system-events.notification-request\",\"system-events.sharing\"],\"subscribe\":[\"system-events.engine.app\"]},\"user\":\"sharing\"},{\"stanPermissions\":{\"subscribe\":[\"system-events.engine.app\"]},\"user\":\"subscriptions\"},{\"stanPermissions\":{\"publish\":[\"system-events.transport-request\"],\"subscribe\":[\"system-events.notification-request\"]},\"user\":\"notification-prep\"},{\"stanPermissions\":{\"publish\":[\"system-events.web-notifications\"],\"subscribe\":[\"system-events.transport-request\"]},\"user\":\"web-notifications\"},{\"stanPermissions\":{\"publish\":[\"system-events.generic-links\"]},\"user\":\"generic-links\"},{\"stanPermissions\":{\"subscribe\":[\"system-events.spaces\"]},\"user\":\"data-connections\"},{\"stanPermissions\":{\"publish\":[\"system-events.transport-response\",\"system-events.notification-request\"],\"subscribe\":[\"system-events.transport-request\"]},\"user\":\"transport\"},{\"stanPermissions\":{\"publish\":[\"system-events.web-security\"]},\"user\":\"web-security\"},{\"stanPermissions\":{\"subscribe\":[\"system-events.engine.app\"]},\"user\":\"reload-tasks\"},{\"stanPermissions\":{\"publish\":[\"reporting.\\u003e\"]},\"user\":\"reporting\"},{\"stanPermissions\":{\"publish\":[\"nl-app-search.\\u003e\"],\"subscribe\":[\"system-events.engine.app\",\"system-events.reloadResults\",\"nl-app-search.\\u003e\"]},\"user\":\"nl-app-search\"},{\"stanPermissions\":{\"subscribe\":[\"system-events.spaces\"]},\"user\":\"policy-decisions\"}]"
---
# Source: qliksense/charts/qix-sessions/templates/configmaps.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: qliksense-qix-sessions-configmap
data:
appPlacement:
"selectors:\n- qlik.com/default\n"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: qliksense-qix-sessions-tenant-quotas-configmap
data:
quotas:
"{}\n"
---
# Source: qliksense/charts/redis/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: qliksense-redis
labels:
app: redis
chart: redis-10.5.6
heritage: Tiller
release: qliksense
data:
redis.conf: |-
# User-supplied configuration:
# Enable AOF https://redis.io/topics/persistence#append-only-file
appendonly yes
# Disable RDB persistence, AOF persistence already enabled.
save ""
master.conf: |-
dir /data
rename-command FLUSHDB ""
rename-command FLUSHALL ""
replica.conf: |-
dir /data
slave-read-only yes
rename-command FLUSHDB ""
rename-command FLUSHALL ""
---
# Source: qliksense/charts/redis/templates/health-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: qliksense-redis-health
labels:
app: redis
chart: redis-10.5.6
heritage: Tiller
release: qliksense
data:
ping_readiness_local.sh: |-
response=$(
timeout -s 9 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
ping_liveness_local.sh: |-
response=$(
timeout -s 9 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
ping
)
if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
echo "$response"
exit 1
fi
ping_readiness_master.sh: |-
response=$(
timeout -s 9 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
ping
)
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
ping_liveness_master.sh: |-
response=$(
timeout -s 9 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
ping
)
if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then
echo "$response"
exit 1
fi
ping_readiness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_readiness_local.sh" $1 || exit_status=$?
"$script_dir/ping_readiness_master.sh" $1 || exit_status=$?
exit $exit_status
ping_liveness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_liveness_local.sh" $1 || exit_status=$?
"$script_dir/ping_liveness_master.sh" $1 || exit_status=$?
exit $exit_status
---
# Source: qliksense/charts/sense-client/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: csp-configmap
data:
csp: >-
default-src 'none';
base-uri 'self';
img-src 'self' data: maps.qlikcloud.com services.arcgisonline.com ;
script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.qlikcloud.com ;
style-src 'self' 'unsafe-inline' ;
font-src 'self' data: ;
frame-ancestors 'self';
frame-src 'self';
connect-src 'self' api.qlikdataengineering.com sqs.us-east-1.amazonaws.com maps.qlikcloud.com api.rollbar.com ;
block-all-mixed-content;
upgrade-insecure-requests;
---
# Source: qliksense/charts/tenants/templates/manifest.yaml
apiVersion: v1
data:
ingressAuthUrl: http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth
keysUri: http://qliksense-keys:8080/v1/keys/qlik.api.internal
licensesUri: http://qliksense-licenses:9200/v1
logLevel: verbose
natsStreamingClusterId: qliksense-nats-streaming-cluster
natsUri: nats://qliksense-nats-client:4222
tokenAuthUri: http://qliksense-edge-auth:8080/v1
usersUri: http://qliksense-users:8080/v1
kind: ConfigMap
metadata:
labels:
app: tenants
chart: tenants-4.0.18
heritage: Tiller
release: qliksense
name: qliksense-tenants-configs
namespace: qliksense
---
apiVersion: v1
data:
mongodbUri: bW9uZ29kYjovL3FsaWtzZW5zZS1tb25nb2RiOjI3MDE3L3FsaWtzZW5zZT9zc2w9ZmFsc2U=
tokenAuthPrivateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRDRzhtWEtObXRvMDhNWHY3dm85bExtNTkrYW00ankwRDBoZ3ZCS0JLWkZJSW5hK1QxVk5HTXoKcUNyZzlEKzhSZW1nQndZRks0RUVBQ0toWkFOaUFBU3daQmhmUEhxTVJUeWtETU1FNk5Mb2tremVPcTliVXdFNgpWYW1iY0NwcUE0U3M2UE1qK1hvTC9wblEzRzZDNHJFRXJ4KzVtd3RqdFJEMUNnZHkxU3JHTWlhMkF4T3FtU0FxCmpVTGpNRGxodWptV2RTMGdOOThXd29pNUl5RzhENFU9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
tokenAuthPrivateKeyId: TWY5QWNNUlEtYkxIZHV4TG9FLVBPeW96bTZaZTZ5ZnZXMVB5cTNGdjFCbw==
kind: Secret
metadata:
labels:
app: tenants
chart: tenants-4.0.18
heritage: Tiller
release: qliksense
name: qliksense-tenants-secrets
namespace: qliksense
type: Opaque
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/auth-url: http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth
nginx.ingress.kubernetes.io/configuration-snippet: |
set $host_and_uri $http_host$request_uri;
if ( $host_and_uri ~* "^.{2049,}$" ) { return 414; }
rewrite (?i)/api/(.*) /$1 break;
more_clear_input_headers "X-Forwarded-Host" "X-Forwarded-For" "X-Forwarded-Proto" "X-Original-URI" "X-Original-URL";
nginx.ingress.kubernetes.io/enable-cors: "true"
labels:
app: tenants
chart: tenants-4.0.18
heritage: Tiller
release: qliksense
name: qliksense-tenants
namespace: qliksense
spec:
rules:
- http:
paths:
- backend:
serviceName: qliksense-tenants
servicePort: 8080
path: /api/v1/tenants
- backend:
serviceName: qliksense-tenants
servicePort: 8080
path: /api/v1/web-integrations
---
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: tenants
chart: tenants-4.0.18
heritage: Tiller
release: qliksense
name: qliksense-tenants
namespace: qliksense
spec:
ports:
- name: tenants
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: tenants
release: qliksense
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: tenants
chart: tenants-4.0.18
heritage: Tiller
release: qliksense
name: qliksense-tenants
namespace: qliksense
spec:
replicas: 1
selector:
matchLabels:
app: tenants
release: qliksense
template:
metadata:
annotations:
checksum/configs: f31f9105da5f784c4f469dab4922ee441a32f2cbd7d97bc1c812088e0c280ee4
checksum/secrets: 2c0d1ed3ac714cc1ceba2ba318c71b1216633ff44c9fda31cb5f6729cd851226
labels:
app: tenants
qliksense-nats-client: "true"
release: qliksense
spec:
containers:
- env:
- name: NATS_CLIENT_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MONGODB_URI_FILE
value: /run/secrets/qlik.com/qliksense/mongodbUri
- name: TOKEN_AUTH_PRIVATE_KEY_FILE
value: /run/secrets/qlik.com/qliksense-tenants/tokenAuthPrivateKey
- name: TOKEN_AUTH_PRIVATE_KEY_ID_FILE
value: /run/secrets/qlik.com/qliksense-tenants/tokenAuthPrivateKeyId
- name: INGRESS_AUTH_URL
valueFrom:
configMapKeyRef:
key: ingressAuthUrl
name: qliksense-tenants-configs
- name: KEYS_URI
valueFrom:
configMapKeyRef:
key: keysUri
name: qliksense-tenants-configs
- name: LICENSES_URI
valueFrom:
configMapKeyRef:
key: licensesUri
name: qliksense-tenants-configs
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
key: logLevel
name: qliksense-tenants-configs
- name: NATS_STREAMING_CLUSTER_ID
valueFrom:
configMapKeyRef:
key: natsStreamingClusterId
name: qliksense-tenants-configs
- name: NATS_URI
valueFrom:
configMapKeyRef:
key: natsUri
name: qliksense-tenants-configs
- name: TOKEN_AUTH_URI
valueFrom:
configMapKeyRef:
key: tokenAuthUri
name: qliksense-tenants-configs
- name: USERS_URI
valueFrom:
configMapKeyRef:
key: usersUri
name: qliksense-tenants-configs
- name: DATACENTER
value: example
- name: ENVIRONMENT
value: qliksense
- name: NATS_ENABLED
value: "true"
- name: NATS_TOKEN_AUTH_ENABLED
value: "true"
- name: REGION
value: example
image: ghcr.io/qlik-download/tenants:2.6.5
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /live
port: http
name: tenants
ports:
- containerPort: 8080
name: http
protocol: TCP
readinessProbe:
httpGet:
path: /ready
port: http
resources: {}
volumeMounts:
- mountPath: /run/secrets/qlik.com/qliksense-tenants
name: qliksense-tenants-secrets
readOnly: true
- mountPath: /run/secrets/qlik.com/qliksense
name: qliksense-secrets
readOnly: true
dnsConfig:
options:
- name: timeout
value: "1"
imagePullSecrets:
- name: artifactory-docker-secret
volumes:
- name: qliksense-tenants-secrets
secret:
secretName: qliksense-tenants-secrets
- name: qliksense-secrets
secret:
secretName: qliksense-secrets
---
# Source: qliksense/charts/users/templates/manifest.yaml
apiVersion: v1
data:
featureFlagsUri: http://qliksense-feature-flags:8080/v1
ingressAuthUrl: http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth
keysUri: http://qliksense-keys:8080/v1/keys
logLevel: verbose
natsStreamingClusterId: qliksense-nats-streaming-cluster
natsUri: nats://qliksense-nats-client:4222
tokenAuthUri: http://qliksense-edge-auth:8080/v1
kind: ConfigMap
metadata:
labels:
app: users
chart: users-2.1.31
heritage: Tiller
release: qliksense
name: qliksense-users-configs
namespace: qliksense
---
apiVersion: v1
data:
mongodbUri: bW9uZ29kYjovL3FsaWtzZW5zZS1tb25nb2RiOjI3MDE3L3FsaWtzZW5zZT9zc2w9ZmFsc2U=
tokenAuthPrivateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkREaXBDZ0grNTZQcnNIZk43clpoZE15VW1xWUtPUTFBbnViM3Ryd01OdktiZHdUbXFtS0J1VU4KYVRRSUpaUkNsTjZnQndZRks0RUVBQ0toWkFOaUFBUW1FWVBSbEgrMEVwSWdLR1FCYVZnVFVMYVJXNElYaUFkUgpNUmx5L09IV0x2dFo1SWxzeWg4Nnd0bzlEcndTUUx3VzFRdVVnNGVkcDlyeDFrTmoxb3VlbWo1T0hlR1NVUkJpCmN3MEVlUWhUNmRTbTVIWkZEemlqUnVQd2F4OXZWMVk9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
tokenAuthPrivateKeyId: amhuYk93M25ad0hsQWZ6NEZSakVQZ281Q0dfVHcwdWV6UjJWc3lhZ0J6WQ==
kind: Secret
metadata:
labels:
app: users
chart: users-2.1.31
heritage: Tiller
release: qliksense
name: qliksense-users-secrets
namespace: qliksense
type: Opaque
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/auth-url: http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth
nginx.ingress.kubernetes.io/configuration-snippet: |
set $host_and_uri $http_host$request_uri;
if ( $host_and_uri ~* "^.{2049,}$" ) { return 414; }
rewrite (?i)/api/(.*) /$1 break;
more_clear_input_headers "X-Forwarded-Host" "X-Forwarded-For" "X-Forwarded-Proto" "X-Original-URI" "X-Original-URL";
nginx.ingress.kubernetes.io/enable-cors: "true"
labels:
app: users
chart: users-2.1.31
heritage: Tiller
release: qliksense
name: qliksense-users
namespace: qliksense
spec:
rules:
- http:
paths:
- backend:
serviceName: qliksense-users
servicePort: 8080
path: /api/v1/users
---
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: users
chart: users-2.1.31
heritage: Tiller
release: qliksense
name: qliksense-users
namespace: qliksense
spec:
ports:
- name: users
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: users
release: qliksense
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: users
chart: users-2.1.31
heritage: Tiller
release: qliksense
name: qliksense-users
namespace: qliksense
spec:
replicas: 1
selector:
matchLabels:
app: users
release: qliksense
template:
metadata:
annotations:
checksum/configs: 0ea09f1e20913bdb137ae91730db6e4939c7e692ed42c99b540b4b80beb3044f
checksum/secrets: 1458ff4ed1ee322120ad970a3dd7b7bfb5233000769bf0397b82dd64e3e879d0
labels:
app: users
qliksense-nats-client: "true"
release: qliksense
spec:
containers:
- env:
- name: NATS_CLIENT_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MONGODB_URI_FILE
value: /run/secrets/qlik.com/qliksense/mongodbUri
- name: TOKEN_AUTH_PRIVATE_KEY_FILE
value: /run/secrets/qlik.com/qliksense-users/tokenAuthPrivateKey
- name: TOKEN_AUTH_PRIVATE_KEY_ID_FILE
value: /run/secrets/qlik.com/qliksense-users/tokenAuthPrivateKeyId
- name: FEATURE_FLAGS_URI
valueFrom:
configMapKeyRef:
key: featureFlagsUri
name: qliksense-users-configs
- name: INGRESS_AUTH_URL
valueFrom:
configMapKeyRef:
key: ingressAuthUrl
name: qliksense-users-configs
- name: KEYS_URI
valueFrom:
configMapKeyRef:
key: keysUri
name: qliksense-users-configs
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
key: logLevel
name: qliksense-users-configs
- name: NATS_STREAMING_CLUSTER_ID
valueFrom:
configMapKeyRef:
key: natsStreamingClusterId
name: qliksense-users-configs
- name: NATS_URI
valueFrom:
configMapKeyRef:
key: natsUri
name: qliksense-users-configs
- name: TOKEN_AUTH_URI
valueFrom:
configMapKeyRef:
key: tokenAuthUri
name: qliksense-users-configs
- name: ENVIRONMENT
value: qliksense
- name: MONGO_MAX_TIME_MS
value: "2000"
- name: MONGO_TIMEOUT_ENABLED
value: "true"
- name: NATS_ENABLED
value: "true"
- name: REGION
value: example
image: ghcr.io/qlik-download/users:2.7.5
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /live
port: http
name: users
ports:
- containerPort: 8080
name: http
protocol: TCP
readinessProbe:
httpGet:
path: /ready
port: http
resources:
volumeMounts:
- mountPath: /run/secrets/qlik.com/qliksense-users
name: qliksense-users-secrets
readOnly: true
- mountPath: /run/secrets/qlik.com/qliksense
name: qliksense-secrets
readOnly: true
dnsConfig:
options:
- name: timeout
value: "1"
imagePullSecrets:
- name: artifactory-docker-secret
volumes:
- name: qliksense-users-secrets
secret:
secretName: qliksense-users-secrets
- name: qliksense-secrets
secret:
secretName: qliksense-secrets
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/controller-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: nginx-ingress
chart: nginx-ingress-1.36.2
heritage: Tiller
release: qliksense
name: qliksense-nginx-ingress
---
# Source: qliksense/charts/licenses/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: qliksense-licenses
labels:
app: licenses
chart: licenses-1.21.0
release: qliksense
heritage: Tiller
---
# Source: qliksense/charts/odag/templates/sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: qliksense-odag
labels:
app: odag
chart: odag-1.9.4
release: qliksense
heritage: Tiller
---
# Source: qliksense/charts/qix-sessions/templates/sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: qliksense-qix-sessions
labels:
app: qix-sessions
chart: qix-sessions-6.4.1
release: qliksense
heritage: Tiller
---
# Source: qliksense/charts/chronos/templates/sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: qliksense-chronos
labels:
app: chronos
chart: chronos-1.6.4
release: qliksense
heritage: Tiller
---
# Source: qliksense/charts/chronos/templates/rbac.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: qliksense-chronos
namespace: qliksense
labels:
app: chronos
chart: chronos-1.6.4
release: qliksense
heritage: Tiller
rules:
# Required for leader election
- apiGroups:
- ""
resources:
- endpoints
verbs:
- "get"
- "update"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: qliksense-chronos
namespace: qliksense
labels:
app: chronos
chart: chronos-1.6.4
release: qliksense
heritage: Tiller
subjects:
- kind: ServiceAccount
name: qliksense-chronos
roleRef:
kind: Role
name: qliksense-chronos
apiGroup: rbac.authorization.k8s.io
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/controller-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: nginx-ingress
chart: nginx-ingress-1.36.2
heritage: Tiller
release: qliksense
name: qliksense-nginx-ingress
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- update
- watch
- apiGroups:
- extensions
- "networking.k8s.io" # k8s 1.14+
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- "networking.k8s.io" # k8s 1.14+
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- ingress-controller-leader-qlik-nginx
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- get
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
# Source: qliksense/charts/licenses/templates/rbac.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: qliksense-licenses
namespace: qliksense
labels:
app: licenses
chart: licenses-1.21.0
release: qliksense
heritage: Tiller
rules:
# Required for leader election
- apiGroups:
- ""
resources:
- endpoints
verbs:
- "get"
- "update"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: qliksense-licenses
namespace: qliksense
labels:
app: licenses
chart: licenses-1.21.0
release: qliksense
heritage: Tiller
subjects:
- kind: ServiceAccount
name: qliksense-licenses
roleRef:
kind: Role
name: qliksense-licenses
apiGroup: rbac.authorization.k8s.io
---
# Source: qliksense/charts/odag/templates/rbac.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: qliksense-odag
namespace: qliksense
labels:
app: odag
chart: odag-1.9.4
release: qliksense
heritage: Tiller
rules:
# Required for leader election
- apiGroups:
- ""
resources:
- endpoints
verbs:
- "get"
- "update"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: odag
namespace: qliksense
labels:
app: odag
chart: odag-1.9.4
release: qliksense
heritage: Tiller
subjects:
- kind: ServiceAccount
name: qliksense-odag
roleRef:
kind: Role
name: qliksense-odag
apiGroup: rbac.authorization.k8s.io
---
# Source: qliksense/charts/qix-sessions/templates/rbac.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: qliksense-qix-sessions
namespace: qliksense
labels:
app: qix-sessions
chart: qix-sessions-6.4.1
release: qliksense
heritage: Tiller
rules:
# these permissions are required for replicasets and deployments and pod creation/deletion and leader elections
- apiGroups:
- "*"
# - extensions
# - apps
# - autoscaling
resources:
- deployments
- pods
- configmaps
- events
- horizontalpodautoscalers
verbs:
- "*"
- apiGroups:
- ""
- extensions
- apps
resources:
- replicasets
verbs:
- get
- list
- watch
- "delete"
#these permissions are required for engine custom resources
- apiGroups:
- qixmanager.qlik.com
resources:
- engines
- engines/finalizers
verbs:
- "*"
- apiGroups:
- qixengine.qlik.com
resources:
- engines
- engines/finalizers
- engines/status
- enginevariants
- enginevariants/status
- enginevariants/finalizers
- enginetemplates
- enginetemplates/finalizers
verbs:
- "*"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: qliksense-qix-sessions
namespace: qliksense
labels:
app: qix-sessions
chart: qix-sessions-6.4.1
release: qliksense
heritage: Tiller
subjects:
- kind: ServiceAccount
name: qliksense-qix-sessions
roleRef:
kind: Role
name: qliksense-qix-sessions
apiGroup: rbac.authorization.k8s.io
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/controller-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: nginx-ingress
chart: nginx-ingress-1.36.2
heritage: Tiller
release: qliksense
name: qliksense-nginx-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: qliksense-nginx-ingress
subjects:
- kind: ServiceAccount
name: qliksense-nginx-ingress
namespace: qliksense
---
# Source: qliksense/charts/chronos-worker/templates/svc.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-chronos-worker
labels:
app: chronos-worker
chart: chronos-worker-1.4.10
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
spec:
ports:
- name: chronos-worker
port: 8080
targetPort: 8080
selector:
app: chronos-worker
---
# Source: qliksense/charts/chronos/templates/svc.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-chronos
labels:
app: chronos
chart: chronos-1.6.4
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8585"
spec:
ports:
- name: chronos
port: 8585
targetPort: 8585
selector:
app: chronos
---
# Source: qliksense/charts/collections/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-collections
labels:
app: collections
chart: collections-2.8.55
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: collections
selector:
app: collections
release: qliksense
---
# Source: qliksense/charts/data-connections/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-data-connections
labels:
app: data-connections
chart: data-connections-1.7.4
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9011"
spec:
type: ClusterIP
ports:
- port: 9011
targetPort: 9011
protocol: TCP
name: data-connections
selector:
app: data-connections
release: qliksense
---
# Source: qliksense/charts/data-connector-odbc/templates/service-cmd.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-data-connector-odbc-cmd
labels:
app: data-connector-odbc
chart: data-connector-odbc-1.4.10
action: "command"
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "3005"
spec:
type: ClusterIP
ports:
- port: 50060
targetPort: 50060
protocol: TCP
name: grpc
- port: 3005
targetPort: 3005
protocol: TCP
name: http
selector:
app: data-connector-odbc
release: qliksense
action: "command"
---
# Source: qliksense/charts/data-connector-odbc/templates/service-rld.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-data-connector-odbc-rld
labels:
app: data-connector-odbc
chart: data-connector-odbc-1.4.10
action: "reload"
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "3005"
spec:
type: ClusterIP
ports:
- port: 50060
targetPort: 50060
protocol: TCP
name: grpc
- port: 3005
targetPort: 3005
protocol: TCP
name: http
selector:
app: data-connector-odbc
release: qliksense
action: "reload"
---
# Source: qliksense/charts/data-connector-qwc/templates/service-cmd.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-data-connector-qwc-cmd
labels:
app: data-connector-qwc
chart: data-connector-qwc-3.0.3
action: "command"
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "3005"
spec:
type: ClusterIP
ports:
- port: 50060
targetPort: 50060
protocol: TCP
name: grpc
- port: 3005
targetPort: 3005
protocol: TCP
name: http
selector:
app: data-connector-qwc
release: qliksense
action: "command"
---
# Source: qliksense/charts/data-connector-qwc/templates/service-rld.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-data-connector-qwc-rld
labels:
app: data-connector-qwc
chart: data-connector-qwc-3.0.3
action: "reload"
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "3005"
spec:
type: ClusterIP
ports:
- port: 50060
targetPort: 50060
protocol: TCP
name: grpc
- port: 3005
targetPort: 3005
protocol: TCP
name: http
selector:
app: data-connector-qwc
release: qliksense
action: "reload"
---
# Source: qliksense/charts/data-connector-qwc/templates/service-web.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-data-connector-qwc-web
labels:
app: data-connector-qwc
chart: data-connector-qwc-3.0.3
action: "web"
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9121"
spec:
type: ClusterIP
ports:
- port: 6384
targetPort: 6384
protocol: TCP
name: http
selector:
app: data-connector-qwc
release: qliksense
action: "web"
---
# Source: qliksense/charts/data-connector-rest/templates/service-cmd.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-data-connector-rest-cmd
labels:
app: data-connector-rest
chart: data-connector-rest-1.2.9
action: "command"
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "3005"
spec:
type: ClusterIP
ports:
- port: 50060
targetPort: 50060
protocol: TCP
name: grpc
- port: 3005
targetPort: 3005
protocol: TCP
name: http
selector:
app: data-connector-rest
release: qliksense
action: "command"
---
# Source: qliksense/charts/data-connector-rest/templates/service-rld.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-data-connector-rest-rld
labels:
app: data-connector-rest
chart: data-connector-rest-1.2.9
action: "reload"
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "3005"
spec:
type: ClusterIP
ports:
- port: 50060
targetPort: 50060
protocol: TCP
name: grpc
- port: 3005
targetPort: 3005
protocol: TCP
name: http
selector:
app: data-connector-rest
release: qliksense
action: "reload"
---
# Source: qliksense/charts/data-connector-sap-sql/templates/service-cmd.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-data-connector-sap-sql-cmd
labels:
app: data-connector-sap-sql
chart: data-connector-sap-sql-1.1.18
action: "command"
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "3005"
spec:
type: ClusterIP
ports:
- port: 50060
targetPort: 50060
protocol: TCP
name: grpc
- port: 3005
targetPort: 3005
protocol: TCP
name: http
selector:
app: data-connector-sap-sql
release: qliksense
action: "command"
---
# Source: qliksense/charts/data-connector-sap-sql/templates/service-rld.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-data-connector-sap-sql-rld
labels:
app: data-connector-sap-sql
chart: data-connector-sap-sql-1.1.18
action: "reload"
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "3005"
spec:
type: ClusterIP
ports:
- port: 50060
targetPort: 50060
protocol: TCP
name: grpc
- port: 3005
targetPort: 3005
protocol: TCP
name: http
selector:
app: data-connector-sap-sql
release: qliksense
action: "reload"
---
# Source: qliksense/charts/data-connector-sfdc/templates/service-cmd.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-data-connector-sfdc-cmd
labels:
app: data-connector-sfdc
chart: data-connector-sfdc-1.6.3
action: "command"
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "3005"
spec:
type: ClusterIP
ports:
- port: 50060
targetPort: 50060
protocol: TCP
name: grpc
- port: 3005
targetPort: 3005
protocol: TCP
name: http
selector:
app: data-connector-sfdc
release: qliksense
action: "command"
---
# Source: qliksense/charts/data-connector-sfdc/templates/service-rld.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-data-connector-sfdc-rld
labels:
app: data-connector-sfdc
chart: data-connector-sfdc-1.6.3
action: "reload"
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "3005"
spec:
type: ClusterIP
ports:
- port: 50060
targetPort: 50060
protocol: TCP
name: grpc
- port: 3005
targetPort: 3005
protocol: TCP
name: http
selector:
app: data-connector-sfdc
release: qliksense
action: "reload"
---
# Source: qliksense/charts/data-prep/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-data-prep
labels:
app: data-prep
chart: data-prep-2.0.7
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9072"
spec:
type: ClusterIP
ports:
- port: 9072
targetPort: 9072
protocol: TCP
name: qliksense-data-prep
selector:
app: data-prep
release: qliksense
---
# Source: qliksense/charts/data-rest-source/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-data-rest-source
labels:
app: data-rest-source
chart: data-rest-source-1.2.1
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: data-rest-source
selector:
app: data-rest-source
release: qliksense
---
# Source: qliksense/charts/dcaas-web/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-dcaas-web
labels:
app: dcaas-web
chart: dcaas-web-1.1.92
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9180"
spec:
type: ClusterIP
ports:
- port: 6384
targetPort: 6384
protocol: TCP
name: dcaas-web
selector:
app: dcaas-web
release: qliksense
---
# Source: qliksense/charts/dcaas/charts/dcaas-redis/templates/headless-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-dcaas-redis-headless
labels:
app: dcaas-redis
chart: dcaas-redis-10.5.6
release: qliksense
heritage: Tiller
spec:
type: ClusterIP
clusterIP: None
ports:
- name: redis
port: 6379
targetPort: redis
selector:
app: dcaas-redis
release: qliksense
---
# Source: qliksense/charts/dcaas/charts/dcaas-redis/templates/redis-master-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-dcaas-redis-master
labels:
app: dcaas-redis
chart: dcaas-redis-10.5.6
release: qliksense
heritage: Tiller
spec:
type: ClusterIP
ports:
- name: redis
port: 6379
targetPort: redis
selector:
app: dcaas-redis
release: qliksense
role: master
---
# Source: qliksense/charts/dcaas/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-dcaas
labels:
app: dcaas
chart: dcaas-1.7.4
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/scrape_high_cardinality: "true"
prometheus.io/port: "9026"
spec:
type: ClusterIP
ports:
- port: 9026
targetPort: http
protocol: TCP
name: http
selector:
app: dcaas
release: qliksense
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/controller-metrics-service.yaml
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
labels:
app: nginx-ingress
chart: nginx-ingress-1.36.2
component: "controller"
heritage: Tiller
release: qliksense
name: qliksense-nginx-ingress-controller-metrics
spec:
ports:
- name: metrics
port: 9913
targetPort: metrics
selector:
app: nginx-ingress
release: qliksense
app.kubernetes.io/component: controller
type: "ClusterIP"
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/controller-service.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx-ingress
chart: nginx-ingress-1.36.2
component: "controller"
heritage: Tiller
release: qliksense
name: qliksense-nginx-ingress-controller
spec:
clusterIP: ""
ports:
- name: http
nodePort: 30033
port: 80
protocol: TCP
targetPort: http
- name: https
nodePort: 32662
port: 443
protocol: TCP
targetPort: https
selector:
app: nginx-ingress
release: qliksense
app.kubernetes.io/component: controller
type: "NodePort"
---
# Source: qliksense/charts/engine/charts/redis-user-state/templates/headless-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-redis-user-state-headless
labels:
app: redis-user-state
chart: redis-user-state-10.5.6
release: qliksense
heritage: Tiller
spec:
type: ClusterIP
clusterIP: None
ports:
- name: redis
port: 6379
targetPort: redis
- name: redis-sentinel
port: 26379
targetPort: redis-sentinel
selector:
app: redis-user-state
release: qliksense
---
# Source: qliksense/charts/engine/charts/redis-user-state/templates/redis-with-sentinel-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-redis-user-state
labels:
app: redis-user-state
chart: redis-user-state-10.5.6
release: qliksense
heritage: Tiller
spec:
type: ClusterIP
ports:
- name: redis
port: 6379
targetPort: redis
- name: redis-sentinel
port: 26379
targetPort: redis-sentinel
selector:
app: redis-user-state
release: qliksense
---
# Source: qliksense/charts/engine/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-engine
labels:
app: qliksense-engine
chart: engine-1.68.13
release: qliksense
heritage: Tiller
spec:
type: ClusterIP
ports:
- port: 9076
protocol: TCP
name: qliksense-engine
selector:
app: qliksense-engine
release: qliksense
---
# Source: qliksense/charts/eventing/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-eventing
labels:
app: eventing
chart: eventing-1.3.3
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: eventing
selector:
app: eventing
release: qliksense
---
# Source: qliksense/charts/feature-flags/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-feature-flags
labels:
app: feature-flags
chart: feature-flags-2.0.8
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: feature-flags
selector:
app: feature-flags
release: qliksense
---
# Source: qliksense/charts/generic-links/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-generic-links
labels:
app: generic-links
chart: generic-links-1.1.18
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "6080"
spec:
type: ClusterIP
ports:
- port: 6080
targetPort: 6080
protocol: TCP
name: generic-links
selector:
app: generic-links
release: qliksense
---
# Source: qliksense/charts/geo-operations/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-geo-operations
labels:
app: qliksense-geo-operations
chart: geo-operations-1.1.4
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "40072"
spec:
type: ClusterIP
ports:
- port: 50072
targetPort: 50072
protocol: TCP
name: grpc
- port: 40072
targetPort: 40072
protocol: TCP
name: http
selector:
app: qliksense-geo-operations
release: qliksense
---
# Source: qliksense/charts/hub/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-hub
labels:
app: hub
chart: hub-1.3.109
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9180"
spec:
type: ClusterIP
ports:
- port: 3023
targetPort: 3023
protocol: TCP
name: hub
selector:
app: hub
release: qliksense
---
# Source: qliksense/charts/identity-providers/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-identity-providers
labels:
app: identity-providers
chart: identity-providers-1.8.32
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: identity-providers
selector:
app: identity-providers
release: qliksense
---
# Source: qliksense/charts/insights/templates/insights.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-insights
labels:
app: insights
chart: insights-1.9.1
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9292"
spec:
ports:
- name: insights
port: 9292
targetPort: 9292
selector:
app: insights
---
# Source: qliksense/charts/keys/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-keys
labels:
app: keys
chart: keys-1.5.11
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: keys
selector:
app: keys
release: qliksense
---
# Source: qliksense/charts/licenses/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-licenses
labels:
app: licenses
chart: licenses-1.21.0
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9200"
spec:
type: ClusterIP
ports:
- port: 9200
targetPort: 9200
protocol: TCP
name: licenses
selector:
app: licenses
release: qliksense
---
# Source: qliksense/charts/locale/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-locale
labels:
app: locale
chart: locale-1.3.6
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: locale
selector:
app: locale
release: qliksense
---
# Source: qliksense/charts/management-console/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-management-console
labels:
app: management-console
chart: management-console-1.6.295
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9180"
spec:
type: ClusterIP
ports:
- port: 3024
targetPort: 3024
protocol: TCP
name: management-console
selector:
app: management-console
release: qliksense
---
# Source: qliksense/charts/messaging/charts/nats-streaming/templates/monitoring-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-nats-streaming-monitoring
labels:
app: nats-streaming
chart: "nats-streaming-1.0.2"
release: "qliksense"
heritage: "Tiller"
annotations:
prometheus.io/port: "7777"
prometheus.io/scrape: "true"
spec:
type: ClusterIP
ports:
- name: monitoring
port: 8222
targetPort: monitoring
selector:
app: nats-streaming
release: "qliksense"
---
# Source: qliksense/charts/messaging/charts/nats/templates/client-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-nats-client
labels:
app: "nats"
chart: "nats-1.0.6"
release: "qliksense"
heritage: "Tiller"
spec:
type: ClusterIP
ports:
- port: 4222
targetPort: client
name: client
selector:
app: "nats"
release: "qliksense"
---
# Source: qliksense/charts/messaging/charts/nats/templates/cluster-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-nats-cluster
labels:
app: "nats"
chart: "nats-1.0.6"
release: "qliksense"
heritage: "Tiller"
spec:
type: ClusterIP
ports:
- port: 6222
targetPort: cluster
name: cluster
selector:
app: "nats"
release: "qliksense"
---
# Source: qliksense/charts/messaging/charts/nats/templates/headless-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-nats-headless
labels:
app: nats
chart: nats-1.0.6
release: "qliksense"
heritage: "Tiller"
spec:
type: ClusterIP
clusterIP: None
ports:
- name: client
port: 4222
targetPort: client
- name: cluster
port: 6222
targetPort: cluster
selector:
app: nats
release: "qliksense"
---
# Source: qliksense/charts/messaging/charts/nats/templates/monitoring-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-nats-monitoring
labels:
app: "nats"
chart: "nats-1.0.6"
release: "qliksense"
heritage: "Tiller"
annotations:
prometheus.io/port: "7777"
prometheus.io/scrape: "true"
spec:
type: ClusterIP
ports:
- port: 8222
targetPort: monitoring
name: monitoring
selector:
app: "nats"
release: "qliksense"
---
# Source: qliksense/charts/nl-broker/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-nl-broker
labels:
app: nl-broker
chart: nl-broker-1.2.3
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "30301"
spec:
type: ClusterIP
ports:
- port: 30301
targetPort: 30301
protocol: TCP
name: nl-broker
selector:
app: nl-broker
release: qliksense
---
# Source: qliksense/charts/nl-parser/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-nl-parser
labels:
app: nl-parser
chart: nl-parser-1.3.1
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "30302"
spec:
type: ClusterIP
ports:
- port: 30302
targetPort: 30302
protocol: TCP
name: nl-parser
selector:
app: nl-parser
release: qliksense
---
# Source: qliksense/charts/notification-prep/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-notification-prep
labels:
app: notification-prep
chart: notification-prep-1.0.10
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: notification-prep
selector:
app: notification-prep
release: qliksense
---
# Source: qliksense/charts/odag/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-odag
labels:
app: odag
chart: odag-1.9.4
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9098"
spec:
type: ClusterIP
ports:
- port: 9098
protocol: TCP
name: qliksense-odag
selector:
app: odag
release: qliksense
---
# Source: qliksense/charts/policy-decisions/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-policy-decisions
labels:
app: policy-decisions
chart: policy-decisions-2.0.0
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "5080"
spec:
type: ClusterIP
ports:
- port: 5080
targetPort: 5080
protocol: TCP
name: policy-decisions
selector:
app: policy-decisions
release: qliksense
---
# Source: qliksense/charts/precedents/templates/service-cayley.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-precedents-cayley
labels:
app: precedents
chart: precedents-1.1.32
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "50052"
spec:
type: ClusterIP
ports:
- port: 50052
targetPort: 50052
protocol: TCP
name: qliksense-precedents
selector:
app: precedents
release: qliksense
---
# Source: qliksense/charts/precedents/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-precedents
labels:
app: precedents
chart: precedents-1.1.32
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9054"
spec:
type: ClusterIP
ports:
- port: 9054
targetPort: 9054
protocol: TCP
name: qliksense-precedents
selector:
app: precedents
release: qliksense
---
# Source: qliksense/charts/qix-data-connection/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-qix-data-connection
labels:
app: qix-data-connection
chart: qix-data-connection-1.8.9
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9011"
spec:
type: ClusterIP
ports:
- port: 9011
targetPort: 9011
protocol: TCP
name: qix-data-connection
selector:
app: qix-data-connection
release: qliksense
---
# Source: qliksense/charts/qix-datafiles/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-qix-datafiles
labels:
app: qix-datafiles
chart: qix-datafiles-1.10.42
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: qliksense-qix-datafiles
- port: 50051
targetPort: 50051
protocol: TCP
name: grpc
selector:
app: qix-datafiles
release: qliksense
---
# Source: qliksense/charts/qix-sessions/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-qix-sessions
labels:
app: qix-sessions
chart: qix-sessions-6.4.1
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/scrape_high_cardinality: "true"
prometheus.io/port: "8080"
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: qix-sessions
selector:
app: qix-sessions
release: qliksense
---
apiVersion: v1
kind: Service
metadata:
name: qliksense-qix-sessions-operator-metrics
labels:
app: qix-sessions-operator-metrics
chart: qix-sessions-6.4.1
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9090"
spec:
type: ClusterIP
ports:
- port: 9090
targetPort: 9090
protocol: TCP
name: oper-metrics
selector:
app: qix-sessions
release: qliksense
---
apiVersion: v1
kind: Service
metadata:
name: qliksense-qix-sessions-crd-metrics
labels:
app: qix-sessions-crd-metrics
chart: qix-sessions-6.4.1
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9091"
spec:
type: ClusterIP
ports:
- port: 9091
targetPort: 9091
protocol: TCP
name: crd-metrics
selector:
app: qix-sessions
release: qliksense
---
# Source: qliksense/charts/qlikview-client/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-qlikview-client
labels:
app: qlikview-client
chart: qlikview-client-1.0.27
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9180"
spec:
type: ClusterIP
ports:
- port: 9003
targetPort: 9003
protocol: TCP
name: qlikview-client
selector:
app: qlikview-client
release: qliksense
---
# Source: qliksense/charts/quotas/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-quotas
labels:
app: quotas
chart: quotas-1.0.4
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "6080"
spec:
type: ClusterIP
ports:
- port: 6080
targetPort: 6080
protocol: TCP
name: quotas
selector:
app: quotas
release: qliksense
---
# Source: qliksense/charts/redis/templates/headless-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-redis-headless
labels:
app: redis
chart: redis-10.5.6
release: qliksense
heritage: Tiller
spec:
type: ClusterIP
clusterIP: None
ports:
- name: redis
port: 6379
targetPort: redis
selector:
app: redis
release: qliksense
---
# Source: qliksense/charts/redis/templates/redis-master-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-redis-master
labels:
app: redis
chart: redis-10.5.6
release: qliksense
heritage: Tiller
spec:
type: ClusterIP
ports:
- name: redis
port: 6379
targetPort: redis
selector:
app: redis
release: qliksense
role: master
---
# Source: qliksense/charts/redis/templates/redis-slave-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-redis-slave
labels:
app: redis
chart: redis-10.5.6
release: qliksense
heritage: Tiller
spec:
type: ClusterIP
ports:
- name: redis
port: 6379
targetPort: redis
selector:
app: redis
release: qliksense
role: slave
---
# Source: qliksense/charts/reload-tasks/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-reload-tasks
labels:
app: reload-tasks
chart: reload-tasks-1.6.5
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: reload-tasks
selector:
app: reload-tasks
release: qliksense
---
# Source: qliksense/charts/reloads/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-reloads
labels:
app: reloads
chart: reloads-1.7.10
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: reloads
selector:
app: reloads
release: qliksense
---
# Source: qliksense/charts/reporting/templates/service-cmp.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-reporting-cmp
labels:
app: reporting
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8383"
spec:
ports:
- name: reporting-cmp
port: 8383
targetPort: 8383
selector:
app: reporting
---
# Source: qliksense/charts/reporting/templates/service-rpr.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-reporting-rpr
labels:
app: reporting
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8484"
spec:
ports:
- name: reporting-rpr
port: 8484
targetPort: 8484
selector:
app: reporting
---
# Source: qliksense/charts/reporting/templates/service-rwr.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-reporting-rwr
labels:
app: reporting
spec:
ports:
- name: reporting-rwr
port: 9288
targetPort: 9288
selector:
app: reporting
---
# Source: qliksense/charts/reporting/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-reporting
labels:
app: reporting
chart: reporting-1.18.25
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8282"
spec:
ports:
- name: reporting
port: 8282
targetPort: 8282
selector:
app: reporting
---
# Source: qliksense/charts/resource-library/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-resource-library
labels:
app: resource-library
chart: resource-library-1.10.11
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "21068"
spec:
type: ClusterIP
ports:
- port: 21068
targetPort: 21068
protocol: TCP
name: resource-library
selector:
app: resource-library
release: qliksense
---
# Source: qliksense/charts/sense-client/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-sense-client
labels:
app: sense-client
chart: sense-client-1.7.112
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9180"
spec:
type: ClusterIP
ports:
- port: 9050
targetPort: http
protocol: TCP
name: http
selector:
app: sense-client
release: qliksense
---
# Source: qliksense/charts/sharing/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-sharing
labels:
app: sharing
chart: sharing-1.4.7
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8787"
spec:
type: ClusterIP
ports:
- port: 8787
targetPort: 8787
protocol: TCP
name: sharing
selector:
app: sharing
release: qliksense
---
# Source: qliksense/charts/spaces/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-spaces
labels:
app: spaces
chart: spaces-2.8.32
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "6080"
spec:
type: ClusterIP
ports:
- port: 6080
targetPort: 6080
protocol: TCP
name: spaces
selector:
app: spaces
release: qliksense
---
# Source: qliksense/charts/subscriptions/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-subscriptions
labels:
app: subscriptions
chart: subscriptions-1.0.3
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: subscriptions
selector:
app: subscriptions
release: qliksense
---
# Source: qliksense/charts/temporary-contents/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-temporary-contents
labels:
app: temporary-contents
chart: temporary-contents-1.3.15
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "6080"
spec:
type: ClusterIP
ports:
- port: 6080
targetPort: 6080
protocol: TCP
name: temporary-contents
selector:
app: temporary-contents
release: qliksense
---
# Source: qliksense/charts/transport/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-transport
labels:
app: transport
chart: transport-1.4.0
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: transport
selector:
app: transport
release: qliksense
---
# Source: qliksense/charts/web-notifications/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-web-notifications
labels:
app: web-notifications
chart: web-notifications-1.5.13
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: web-notifications
selector:
app: web-notifications
release: qliksense
---
# Source: qliksense/charts/web-security/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: qliksense-web-security
labels:
app: web-security
chart: web-security-1.4.18
release: qliksense
heritage: Tiller
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "6263"
spec:
type: ClusterIP
ports:
- port: 6263
targetPort: 6263
protocol: TCP
name: web-security
selector:
app: web-security
release: qliksense
---
# Source: qliksense/charts/chronos-worker/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-chronos-worker
labels:
app: chronos-worker
chart: chronos-worker-1.4.10
release: qliksense
heritage: Tiller
spec:
selector:
matchLabels:
app: chronos-worker
release: qliksense
replicas: 1
template:
metadata:
labels:
app: chronos-worker
chart: chronos-worker-1.4.10
release: qliksense
heritage: Tiller
qliksense-nats-client: "true"
spec:
imagePullSecrets:
- name: artifactory-docker-secret
containers:
- image: ghcr.io/qlik-download/chronos-worker:0.8.0
name: chronos-worker
imagePullPolicy: IfNotPresent
args:
- -natsURI=nats://qliksense-nats-client:4222
- -stanClusterID=qliksense-nats-streaming-cluster
- -jwtTokenAuthEnabled=true
- -jwtTokenAuthURL=http://qliksense-edge-auth:8080/v1/internal-tokens
- -jwtKid=BKIz36TOxYe2wf6sB2f2pA5sb9GIDOZZXmWHDYG-pwQ
- -headerManagerEnabled=true
#resources:
# limits: {}
# requests: {}
ports:
- containerPort: 8080
env:
- name: REDIS_URI
valueFrom:
secretKeyRef:
name: qliksense-redis-secret
key: redis-addr
# - name: REDIS_PWD
# valueFrom:
# secretKeyRef:
# name: qliksense-redis-secret
# key: redis-password
- name: JWT_PRIVATE_KEY
value: "-----BEGIN EC PRIVATE KEY-----\nMIGkAgEBBDC3dOGDv3m5X/6y8dp1pQQBegCavKZCwUmI1l4p/HjaUEDZunScZ1mv\nVceTcH2/g4ugBwYFK4EEACKhZANiAASMo/DYuKlVdNMZT0h1YxVdoetpmRMXPD6s\nPJXjqXN1KL1SFYk9b/vQEZYJWuWrArTEegyNmNOPvaPUmLj3xzt5sUneGY0LlQ8y\nf2UvDiYmlGcsJ35od1gkcOQ2wk3laNw=\n-----END EC PRIVATE KEY-----\n"
readinessProbe:
httpGet:
path: /health
port: 8080
failureThreshold: 10
initialDelaySeconds: 30
timeoutSeconds: 5
livenessProbe:
httpGet:
path: /health
port: 8080
failureThreshold: 10
initialDelaySeconds: 30
timeoutSeconds: 5
---
# Source: qliksense/charts/chronos/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-chronos
labels:
app: chronos
chart: chronos-1.6.4
release: qliksense
heritage: Tiller
spec:
selector:
matchLabels:
app: chronos
release: qliksense
replicas: 1
template:
metadata:
labels:
app: chronos
chart: chronos-1.6.4
release: qliksense
heritage: Tiller
spec:
imagePullSecrets:
- name: artifactory-docker-secret
serviceAccountName: qliksense-chronos
containers:
- image: ghcr.io/qlik-download/leader-elector:1.8.0
name: "election"
imagePullPolicy: IfNotPresent
args:
- --election=qliksense-chronos
- --election-namespace=qliksense
- --http=0.0.0.0:4040
ports:
- containerPort: 4040
livenessProbe:
httpGet:
path: /health
port: 4040
failureThreshold: 10
initialDelaySeconds: 30
timeoutSeconds: 5
- image: ghcr.io/qlik-download/chronos:0.14.0
name: chronos
imagePullPolicy: IfNotPresent
args:
- server
- --environment=k8s
- --disableapi=false
- --listenport=8585
- --svc=qliksense-chronos
- --nojwtvalidation=false
- --jwksuri=http://qliksense-keys:8080/v1/keys/qlik.api.internal
- --jwtaud=qlik.api.internal
- --jwtiss=qlik.api.internal
- --loglevel=info
#resources:
# limits: {}
# requests: {}
ports:
- containerPort: 8585
env:
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
- name: REDIS_URI
valueFrom:
secretKeyRef:
name: qliksense-redis-secret
key: redis-addr
#- name: REDIS_PASSWORD
# valueFrom:
# secretKeyRef:
# name: qliksense-redis-secret
# key: redis-password
readinessProbe:
httpGet:
path: /ready
port: 8585
failureThreshold: 10
initialDelaySeconds: 30
timeoutSeconds: 5
livenessProbe:
httpGet:
path: /health
port: 8585
failureThreshold: 10
initialDelaySeconds: 30
timeoutSeconds: 5
---
# Source: qliksense/charts/collections/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-collections
labels:
app: collections
chart: collections-2.8.55
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: collections
chart: collections-2.8.55
release: qliksense
heritage: Tiller
qliksense-nats-client: "true"
spec:
containers:
- name: collections
image: ghcr.io/qlik-download/collections:1.6.6
imagePullPolicy:
ports:
- containerPort: 8080
#resources:
# limits: {}
#requests: {}
env:
- name: TERMINATION_GRACE_PERIOD_SECONDS
value: "30"
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
- name: PDS_URI
value: "http://qliksense-policy-decisions:5080"
- name: ACCESS_CONTROL_ENABLED
value: "true"
- name: AUTH_ENABLED
value: "true"
- name: AUTH_JWKS_URI
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: LEGACY_ROUTER_ENABLED
value: "false"
- name: AUTH_JWT_AUD
value: "qlik.api.internal"
- name: AUTH_JWT_ISS
value: "qlik.api.internal"
- name: ROLLBAR_ENABLED
value: "false"
- name: MESSAGING_ENABLED
value: "true"
- name: NATS_ADDR
value: "nats://qliksense-nats-client:4222"
- name: NATS_CONNECT_WAIT_SECONDS
value:
- name: NATS_STREAMING_CLUSTER_ID
value: "qliksense-nats-streaming-cluster"
- name: NATS_STREAMING_CHANNEL
value: "system-events.engine.app,system-events.generic-links"
- name: NATS_TOKEN_AUTH_ENABLED
value: "true"
- name: NATS_TOKEN_AUTH_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: qliksense-collections-tokenconfig
key: token-privateKey
- name: NATS_TOKEN_AUTH_KID
valueFrom:
secretKeyRef:
name: qliksense-collections-tokenconfig
key: token-kid
- name: NATS_TOKEN_AUTH_URL
value: "http://qliksense-edge-auth:8080/v1/internal-tokens"
- name: ACCESS_CONTROL_QUERY_TIMEOUT
value: "30"
- name: ACCESS_CONTROL_EVALUATE_TIMEOUT
value: "30"
- name: ENV
value:
livenessProbe:
httpGet:
path: /health
port: 8080
readinessProbe:
httpGet:
path: /ready
port: 8080
imagePullSecrets:
- name: artifactory-docker-secret
terminationGracePeriodSeconds: 30
selector:
matchLabels:
app: collections
release: qliksense
---
# Source: qliksense/charts/data-connections/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-data-connections
labels:
app: data-connections
chart: data-connections-1.7.4
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: data-connections
release: qliksense
template:
metadata:
labels:
app: data-connections
release: qliksense
qliksense-nats-client: "true"
spec:
containers:
- name: data-connections
image: ghcr.io/qlik-download/data-connections:0.5.0
imagePullPolicy:
volumeMounts:
- name: dc-storage
mountPath: "/mnt/key"
readOnly: true
env:
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
- name: BYPASS_QUERY
value: "Qlik123456"
- name: ENABLE_CRYPTO
value: "false"
- name: ENABLE_JWT_AUTH
value: "true"
- name: ENABLE_INDEX_BUILD
value: "dataconnections:true,datacredentials:true,credmapping:true"
- name: JWKS_URI
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: E2S_ADDR
value: "http://qliksense-encryption:8080"
- name: DATAFILES_URI
value: "http://qliksense-qix-datafiles:8080"
- name: NFS_ADDR
value: "qliksense-data-connector-nfs:50051"
- name: SPACE_URI
value: "http://qliksense-spaces:6080"
- name: AUTH_URI
value: "http://qliksense-edge-auth:8080"
- name: FEATURE_FLAG_ADDR
value: "http://qliksense-feature-flags:8080"
- name: PDS_ADDR
value: "http://qliksense-policy-decisions:5080"
- name: PRIVATE_KEY
value: /mnt/key/jwtPrivateKey
- name: KEY_ID
valueFrom:
secretKeyRef:
name: qliksense-keysconfig
key: jwksKeyID
- name: LOG_LEVEL
value: "info"
- name: NATS_ENABLED
value: "true"
- name: NATS_ADDR
value: "nats://qliksense-nats-client:4222"
- name: NATS_CLUSTER_ID
value: "qliksense-nats-streaming-cluster"
- name: REDIS_ADDR
valueFrom:
secretKeyRef:
name: qliksense-dcaas-redis-secret
key: redis-addr
#- name: REDIS_PASSWORD
# valueFrom:
# secretKeyRef:
# name: qliksense-dcaas-redis-secret
# key: redis-password
- name: REDIS_ENCRYPTION_KEY
valueFrom:
secretKeyRef:
name: qliksense-encryptionconfig
key: redisEncryptionKey
ports:
- name: http
containerPort: 9011
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 9011
#resources: {}
volumes:
- name: dc-storage
secret:
secretName: qliksense-keysconfig
imagePullSecrets:
- name: artifactory-docker-secret
---
# Source: qliksense/charts/data-connector-odbc/templates/deployment-cmd.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-data-connector-odbc-cmd
labels:
app: data-connector-odbc
chart: data-connector-odbc-1.4.10
action: "command"
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: data-connector-odbc
release: qliksense
template:
metadata:
labels:
app: data-connector-odbc
release: qliksense
action: "command"
spec:
containers:
- name: data-connector-odbc
image: ghcr.io/qlik-download/data-connector-odbc:6.54.0
imagePullPolicy:
env:
- name: STANDALONE
value: "false"
- name: DATA_HOST
value: 0.0.0.0
- name: DATA_PORT_RANGE_START
value: "50060"
- name: DATA_PORT_RANGE_END
value: "50060"
- name: CONFIG
value: /opt/runner/Odbc_dotnetcore.json
- name: LOG_LEVEL
value: "INFO"
- name: SERVICE_MODE
value: "true"
- name: QS_ENVIRONMENT
value: "QLIKSENSE"
ports:
- name: grpc
containerPort: 50060
protocol: TCP
- name: http
containerPort: 3005
protocol: TCP
volumeMounts:
livenessProbe:
httpGet:
path: /health
port: 3005
# resources: {}
imagePullSecrets:
- name: artifactory-docker-secret
securityContext:
supplementalGroups:
- 13000
volumes:
# selector:
# matchLabels:
# app: data-connector-odbc
# release: qliksense
# action: "command"
---
# Source: qliksense/charts/data-connector-odbc/templates/deployment-rld.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-data-connector-odbc-rld
labels:
app: data-connector-odbc
chart: data-connector-odbc-1.4.10
action: "reload"
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: data-connector-odbc
release: qliksense
template:
metadata:
labels:
app: data-connector-odbc
release: qliksense
action: "reload"
spec:
containers:
- name: data-connector-odbc
image: ghcr.io/qlik-download/data-connector-odbc:6.54.0
imagePullPolicy:
env:
- name: STANDALONE
value: "false"
- name: DATA_HOST
value: 0.0.0.0
- name: DATA_PORT_RANGE_START
value: "50060"
- name: DATA_PORT_RANGE_END
value: "50060"
- name: CONFIG
value: /opt/runner/Odbc_dotnetcore.json
- name: LOG_LEVEL
value: "INFO"
- name: SERVICE_MODE
value: "true"
- name: QS_ENVIRONMENT
value: "QLIKSENSE"
- name: ENABLE_SHUTDOWN_DRAIN
value: "false"
- name: SHUTDOWN_TIMEOUT
value: "30"
#volumeMounts:
ports:
- name: grpc
containerPort: 50060
protocol: TCP
- name: http
containerPort: 3005
protocol: TCP
volumeMounts:
livenessProbe:
httpGet:
path: /health
port: 3005
#resources: {}
imagePullSecrets:
- name: artifactory-docker-secret
securityContext:
supplementalGroups:
- 13000
terminationGracePeriodSeconds: 30
volumes:
selector:
matchLabels:
app: data-connector-odbc
release: qliksense
action: "reload"
---
# Source: qliksense/charts/data-connector-qwc/templates/deployment-cmd.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-data-connector-qwc-cmd
labels:
app: data-connector-qwc
chart: data-connector-qwc-3.0.3
action: "command"
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: data-connector-qwc
release: qliksense
template:
metadata:
labels:
app: data-connector-qwc
release: qliksense
action: "command"
spec:
volumes:
containers:
- name: data-connector-qwc
image: ghcr.io/qlik-download/data-connector-qwc:0.80.0
imagePullPolicy:
volumeMounts:
env:
- name: DATA_HOST
value: 0.0.0.0
- name: DATA_PORT_RANGE_START
value: "50060"
- name: DATA_PORT_RANGE_END
value: "50060"
- name: QWC_REDIS_CONFIG_STRING
valueFrom:
secretKeyRef:
name: qliksense-dcaas-redis-secret
key: redis-addr
- name: QWC_REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: qliksense-dcaas-redis-secret
key: redis-password
- name: QWC_LOG_LEVEL
value: "INFO"
- name: QWC_ALLOW_REFERENCE_CONNECTOR
value: "true"
ports:
- name: grpc
containerPort: 50060
protocol: TCP
- name: http
containerPort: 3005
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 3005
imagePullSecrets:
- name: artifactory-docker-secret
#selector:
# matchLabels:
# app: data-connector-qwc
# release: qliksense
# action: "command"
---
# Source: qliksense/charts/data-connector-qwc/templates/deployment-rld.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-data-connector-qwc-rld
labels:
app: data-connector-qwc
chart: data-connector-qwc-3.0.3
action: "reload"
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: data-connector-qwc
release: qliksense
template:
metadata:
labels:
app: data-connector-qwc
release: qliksense
action: "reload"
spec:
volumes:
containers:
- name: data-connector-qwc
image: ghcr.io/qlik-download/data-connector-qwc:0.80.0
imagePullPolicy:
volumeMounts:
env:
- name: DATA_HOST
value: 0.0.0.0
- name: DATA_PORT_RANGE_START
value: "50060"
- name: DATA_PORT_RANGE_END
value: "50060"
- name: MAX_ACTIVE_RELOADS
value: "3"
- name: FILE_TRANSFER_ABOVE_MAX_ALLOWANCE
value: "2"
- name: QWC_REDIS_CONFIG_STRING
valueFrom:
secretKeyRef:
name: qliksense-dcaas-redis-secret
key: redis-addr
- name: QWC_REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: qliksense-dcaas-redis-secret
key: redis-password
- name: QWC_LOG_LEVEL
value: "INFO"
- name: QWC_ALLOW_REFERENCE_CONNECTOR
value: "true"
- name: ENABLE_SHUTDOWN_DRAIN
value: "false"
- name: SHUTDOWN_TIMEOUT
value: "30"
ports:
- name: grpc
containerPort: 50060
protocol: TCP
- name: http
containerPort: 3005
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 3005
readinessProbe:
httpGet:
path: /readiness
port: 3005
initialDelaySeconds: 2
periodSeconds: 10
imagePullSecrets:
- name: artifactory-docker-secret
terminationGracePeriodSeconds: 30
#selector:
## matchLabels:
# app: data-connector-qwc
# release: qliksense
# action: "reload"
---
# Source: qliksense/charts/data-connector-qwc/templates/deployment-web.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-data-connector-qwc-web
labels:
app: data-connector-qwc
chart: data-connector-qwc-3.0.3
action: "web"
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: data-connector-qwc
release: qliksense
template:
metadata:
labels:
app: data-connector-qwc
release: qliksense
action: "web"
spec:
containers:
- name: data-connector-qwc
image: ghcr.io/qlik-download/data-connector-qwc-web:0.80.0
imagePullPolicy:
ports:
- name: http
containerPort: 6384
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 6384
imagePullSecrets:
- name: artifactory-docker-secret
# selector:
# matchLabels:
# app: data-connector-qwc
# release: qliksense
# action: "web"
---
# Source: qliksense/charts/data-connector-rest/templates/deployment-cmd.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-data-connector-rest-cmd
labels:
app: data-connector-rest
chart: data-connector-rest-1.2.9
action: "command"
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: data-connector-rest
release: qliksense
action: "command"
spec:
containers:
- name: data-connector-rest
image: ghcr.io/qlik-download/data-connector-rest:2.39.0
imagePullPolicy:
env:
- name: STANDALONE
value: "false"
- name: DATA_HOST
value: 0.0.0.0
- name: DATA_PORT_RANGE_START
value: "50060"
- name: DATA_PORT_RANGE_END
value: "50060"
- name: CONFIG
value: /opt/runner/Rest_dotnetcore.json
- name: LOG_LEVEL
value: "INFO"
- name: SERVICE_MODE
value: "true"
- name: QS_ENVIRONMENT
value: "QLIKSENSE"
volumeMounts:
ports:
- name: grpc
containerPort: 50060
protocol: TCP
- name: http
containerPort: 3005
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 3005
# resources: {}
imagePullSecrets:
- name: artifactory-docker-secret
securityContext:
supplementalGroups:
- 13100
volumes:
selector:
matchLabels:
app: data-connector-rest
release: qliksense
action: "command"
---
# Source: qliksense/charts/data-connector-rest/templates/deployment-rld.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-data-connector-rest-rld
labels:
app: data-connector-rest
chart: data-connector-rest-1.2.9
action: "reload"
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: data-connector-rest
release: qliksense
action: "reload"
spec:
containers:
- name: data-connector-rest
image: ghcr.io/qlik-download/data-connector-rest:2.39.0
imagePullPolicy:
env:
- name: STANDALONE
value: "false"
- name: DATA_HOST
value: 0.0.0.0
- name: DATA_PORT_RANGE_START
value: "50060"
- name: DATA_PORT_RANGE_END
value: "50060"
- name: CONFIG
value: /opt/runner/Rest_dotnetcore.json
- name: LOG_LEVEL
value: "INFO"
- name: SERVICE_MODE
value: "true"
- name: MAX_ACTIVE_RELOADS
value: "3"
- name: QS_ENVIRONMENT
value: "QLIKSENSE"
- name: ENABLE_SHUTDOWN_DRAIN
value: "false"
- name: SHUTDOWN_TIMEOUT
value: "30"
volumeMounts:
ports:
- name: grpc
containerPort: 50060
protocol: TCP
- name: http
containerPort: 3005
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 3005
readinessProbe:
httpGet:
path: /readiness
port: 3005
initialDelaySeconds: 2
periodSeconds: 10
# resources: {}
imagePullSecrets:
- name: artifactory-docker-secret
securityContext:
supplementalGroups:
- 13100
terminationGracePeriodSeconds: 30
volumes:
selector:
matchLabels:
app: data-connector-rest
release: qliksense
action: "reload"
---
# Source: qliksense/charts/data-connector-sap-sql/templates/deployment-cmd.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-data-connector-sap-sql-cmd
labels:
app: data-connector-sap-sql
chart: data-connector-sap-sql-1.1.18
action: "command"
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: data-connector-sap-sql
release: qliksense
action: "command"
spec:
containers:
- name: data-connector-sap-sql
image: ghcr.io/qlik-download/data-connector-sap-sql:7.0.18
imagePullPolicy: IfNotPresent
env:
- name: STANDALONE
value: "false"
- name: LICENSES_URL
value: "http://qliksense-licenses:9200"
- name: DATA_HOST
value: 0.0.0.0
- name: DATA_PORT_RANGE_START
value: "50060"
- name: DATA_PORT_RANGE_END
value: "50060"
- name: CONFIG
value: /opt/runner/SAP-sql_dotnetcore.json
- name: LOG_LEVEL
value: "INFO"
- name: SERVICE_MODE
value: "true"
volumeMounts:
ports:
- name: grpc
containerPort: 50060
protocol: TCP
- name: http
containerPort: 3005
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 3005
# resources: {}
imagePullSecrets:
- name: artifactory-docker-secret
volumes:
selector:
matchLabels:
app: data-connector-sap-sql
release: qliksense
action: "command"
---
# Source: qliksense/charts/data-connector-sap-sql/templates/deployment-rld.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-data-connector-sap-sql-rld
labels:
app: data-connector-sap-sql
chart: data-connector-sap-sql-1.1.18
action: "reload"
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: data-connector-sap-sql
release: qliksense
action: "reload"
spec:
containers:
- name: data-connector-sap-sql
image: ghcr.io/qlik-download/data-connector-sap-sql:7.0.18
imagePullPolicy: IfNotPresent
env:
- name: STANDALONE
value: "false"
- name: LICENSES_URL
value: "http://qliksense-licenses:9200"
- name: DATA_HOST
value: 0.0.0.0
- name: DATA_PORT_RANGE_START
value: "50060"
- name: DATA_PORT_RANGE_END
value: "50060"
- name: CONFIG
value: /opt/runner/SAP-sql_dotnetcore.json
- name: LOG_LEVEL
value: "INFO"
- name: SERVICE_MODE
value: "true"
- name: MAX_ACTIVE_RELOADS
value: "3"
volumeMounts:
ports:
- name: grpc
containerPort: 50060
protocol: TCP
- name: http
containerPort: 3005
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 3005
readinessProbe:
httpGet:
path: /readiness
port: 3005
initialDelaySeconds: 2
periodSeconds: 10
# resources: {}
imagePullSecrets:
- name: artifactory-docker-secret
volumes:
selector:
matchLabels:
app: data-connector-sap-sql
release: qliksense
action: "reload"
---
# Source: qliksense/charts/data-connector-sfdc/templates/deployment-cmd.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-data-connector-sfdc-cmd
labels:
app: data-connector-sfdc
chart: data-connector-sfdc-1.6.3
action: "command"
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: data-connector-sfdc
release: qliksense
action: "command"
spec:
containers:
- name: data-connector-sfdc
image: ghcr.io/qlik-download/data-connector-sfdc:15.24.0
imagePullPolicy:
env:
- name: STANDALONE
value: "false"
- name: DATA_HOST
value: 0.0.0.0
- name: DATA_PORT_RANGE_START
value: "50060"
- name: DATA_PORT_RANGE_END
value: "50060"
- name: CONFIG
value: /opt/runner/Sfdc_dotnetcore.json
- name: LOG_LEVEL
value: "INFO"
- name: SERVICE_MODE
value: "true"
- name: QS_ENVIRONMENT
value: "QLIKSENSE"
volumeMounts:
ports:
- name: grpc
containerPort: 50060
protocol: TCP
- name: http
containerPort: 3005
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 3005
# resources: {}
imagePullSecrets:
- name: artifactory-docker-secret
securityContext:
supplementalGroups:
- 13200
volumes:
selector:
matchLabels:
app: data-connector-sfdc
release: qliksense
action: "command"
---
# Source: qliksense/charts/data-connector-sfdc/templates/deployment-rld.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-data-connector-sfdc-rld
labels:
app: data-connector-sfdc
chart: data-connector-sfdc-1.6.3
action: "reload"
release: qliksense
heritage: Tiller
spec:
# selector:
# matchLabels:
# app: data-connector-sfdc
# action: "reload"
# release: qliksense
replicas: 1
template:
metadata:
labels:
app: data-connector-sfdc
release: qliksense
action: "reload"
spec:
containers:
- name: data-connector-sfdc
image: ghcr.io/qlik-download/data-connector-sfdc:15.24.0
imagePullPolicy:
env:
- name: STANDALONE
value: "false"
- name: DATA_HOST
value: 0.0.0.0
- name: DATA_PORT_RANGE_START
value: "50060"
- name: DATA_PORT_RANGE_END
value: "50060"
- name: CONFIG
value: /opt/runner/Sfdc_dotnetcore.json
- name: LOG_LEVEL
value: "INFO"
- name: SERVICE_MODE
value: "true"
- name: MAX_ACTIVE_RELOADS
value: "3"
- name: QS_ENVIRONMENT
value: "QLIKSENSE"
- name: ENABLE_SHUTDOWN_DRAIN
value: "false"
- name: SHUTDOWN_TIMEOUT
value: ""
volumeMounts:
ports:
- name: grpc
containerPort: 50060
protocol: TCP
- name: http
containerPort: 3005
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 3005
readinessProbe:
httpGet:
path: /readiness
port: 3005
initialDelaySeconds: 2
periodSeconds: 10
# resources: {}
imagePullSecrets:
- name: artifactory-docker-secret
securityContext:
supplementalGroups:
- 13200
terminationGracePeriodSeconds:
volumes:
selector:
matchLabels:
app: data-connector-sfdc
release: qliksense
action: "reload"
---
# Source: qliksense/charts/data-prep/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-data-prep
labels:
app: data-prep
chart: data-prep-2.0.7
release: qliksense
heritage: Tiller
spec:
selector:
matchLabels:
app: data-prep
release: qliksense
replicas: 1
template:
metadata:
labels:
app: data-prep
release: qliksense
spec:
imagePullSecrets:
- name: artifactory-docker-secret
containers:
- name: data-prep
image: ghcr.io/qlik-download/data-prep-service:2.194.0
imagePullPolicy:
env:
- name: PORT
value: "9072"
- name: BINDADDRESS
value: "::"
- name: ENGINEPORT
value: "8080"
- name: TTL
value: "10000"
- name: KEEPALIVE
value: "30000"
- name: DATAFILESHOST
value: "qliksense-datafiles"
- name: DATAFILESPORT
value: "8080"
- name: QIXDATAFILESHOST
value: "qliksense-qix-datafiles"
- name: QIXDATAFILESPORT
value: "8080"
- name: PRECEDENTSHOST
value: "qliksense-precedents"
- name: PRECEDENTSPORT
value: "9054"
- name: LOGICALAPPSFOLDER
value: /qlik/apps
- name: LOGICALGEOFOLDER
value: /geo
- name: ENGINEADDRESS
value: "qliksense-qix-sessions"
- name: LOGPATH
value: /logs
- name: DATAPATH
value: /
- name: LOGLEVEL
value: verbose
- name: MODE
value: elastic
- name: AUTH_JWKS_URI
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: FEATURE_FLAG_URL
value: "http://qliksense-feature-flags.qlik:8080/v1/features"
- name: DPS_REDIS_URL
valueFrom:
secretKeyRef:
name: qliksense-redis-secret
key: redis-addr
- name: DPS_REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: qliksense-redis-secret
key: redis-password
- name: SPACES_URI
value: "http://qliksense-spaces:6080"
ports:
- containerPort: 9072
volumeMounts:
- mountPath: /qlik/apps
name: apps-storage
- mountPath: /Apps
name: apps-storage
livenessProbe:
httpGet:
path: /health
port: 9072
failureThreshold:
periodSeconds:
# resources: {}
volumes:
- name: apps-storage
emptyDir: {}
---
# Source: qliksense/charts/data-rest-source/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-data-rest-source
labels:
app: data-rest-source
chart: data-rest-source-1.2.1
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: data-rest-source
release: qliksense
template:
metadata:
labels:
app: data-rest-source
release: qliksense
spec:
containers:
- name: data-rest-source
image: ghcr.io/qlik-download/data-rest-source:1.0.6
imagePullPolicy:
env:
- name: HOST_PORT
value: "8080"
- name: PROMETHEUS_PORT
value: "8080"
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 8080
# resources: {}
volumeMounts:
volumes:
- name: data-rest-source-prestop-hook
configMap:
name: qliksense-data-rest-source-prestop-hook
defaultMode: 0755
optional: true
terminationGracePeriodSeconds: 30
imagePullSecrets:
- name: artifactory-docker-secret
---
# Source: qliksense/charts/dcaas-web/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-dcaas-web
labels:
app: dcaas-web
chart: dcaas-web-1.1.92
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: dcaas-web
release: qliksense
template:
metadata:
labels:
app: dcaas-web
release: qliksense
spec:
containers:
- name: dcaas-web
image: ghcr.io/qlik-download/dcaas-web:1.1.88
imagePullPolicy:
ports:
- name: http
containerPort: 6384
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 6384
# resources: {}
imagePullSecrets:
- name: artifactory-docker-secret
---
# Source: qliksense/charts/dcaas/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-dcaas
labels:
app: dcaas
chart: dcaas-1.7.4
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: dcaas
release: qliksense
spec:
dnsConfig:
options:
- name: timeout
value: "1"
containers:
- name: dcaas
image: ghcr.io/qlik-download/dcaas:1.8.3
imagePullPolicy:
env:
- name: NODE_ENV
value: enterprise
- name: LOG_LEVEL
value: info
- name: CONNECTOR_SERVICE
value: "qliksense-data-connector-rest-rld:qliksense-data-connector-rest-cmd:50060 qliksense-data-connector-qwc-rld:qliksense-data-connector-qwc-cmd:50060 qliksense-data-connector-odbc-rld:qliksense-data-connector-odbc-cmd:50060 qliksense-data-connector-sap-sql-rld:qliksense-data-connector-sap-sql-cmd:50060 qliksense-data-connector-sap-bw-rld:qliksense-data-connector-sap-bw-cmd:50060 qliksense-qix-datafiles:50051"
- name: DATA_CONNECTION_SERVICE
value: "http://qliksense-qix-data-connection:9011"
- name: NEW_DATA_CONNECTION_SERVICE
value: "http://qliksense-data-connections:9011"
- name: SPACE_SERVICE
value: "http://qliksense-spaces:6080"
- name: EMULATE_STORAGE_PROVIDER
value: "true"
- name: ENABLE_JWT_AUTH
value: "true"
- name: ENABLE_POD_LOADBALANCING
value: "false"
- name: JWKS_ENDPOINT
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: ENABLE_FEATUREFLAG_FILTERING
value: "true"
- name: FEATUREFLAG_URL
value: "http://qliksense-feature-flags:8080"
ports:
- name: http
containerPort: 9026
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 9026
# resources: {}
imagePullSecrets:
- name: artifactory-docker-secret
selector:
matchLabels:
app: dcaas
release: qliksense
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/controller-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx-ingress
chart: nginx-ingress-1.36.2
heritage: Tiller
release: qliksense
app.kubernetes.io/component: controller
name: qliksense-nginx-ingress-controller
annotations:
{}
spec:
selector:
matchLabels:
app: nginx-ingress
release: qliksense
replicas: 1
revisionHistoryLimit: 10
strategy:
{}
minReadySeconds: 0
template:
metadata:
labels:
app: nginx-ingress
release: qliksense
component: "controller"
app.kubernetes.io/component: controller
spec:
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: artifactory-docker-secret
containers:
- name: nginx-ingress-controller
image: ghcr.io/qlik-download/nginx-ingress-controller:2.1.1
imagePullPolicy: "IfNotPresent"
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
args:
- /nginx-ingress-controller
- --election-id=ingress-controller-leader
- --ingress-class=qlik-nginx
- --configmap=qliksense/qliksense-nginx-ingress-controller
- --watch-namespace=qliksense
- --update-status=false
- --default-ssl-certificate=default/elastic-infra-elastic-infra-tls-secret
- --metrics-per-host=false
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
runAsUser: 101
allowPrivilegeEscalation: true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: JAEGER_AGENT_HOST
valueFrom:
fieldRef:
fieldPath: status.hostIP
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
- name: metrics
containerPort: 10254
protocol: TCP
readinessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
# resources: {}
hostNetwork: false
serviceAccountName: qliksense-nginx-ingress
terminationGracePeriodSeconds: 300
---
# Source: qliksense/charts/eventing/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-eventing
labels:
app: eventing
chart: eventing-1.3.3
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: eventing
release: qliksense
template:
metadata:
labels:
app: eventing
release: qliksense
qliksense-nats-client: "true"
spec:
imagePullSecrets:
- name: artifactory-docker-secret
containers:
- name: eventing
image: ghcr.io/qlik-download/eventing:0.0.19
imagePullPolicy:
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: http
readinessProbe:
httpGet:
path: /ready
port: http
env:
- name: LOG_LEVEL
value: "debug"
- name: JWKS_ENDPOINT
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: KEY_ID
value: "_a9lgpnajgIAPxZIrOfyJ2O_xFyEP0QyywWewyYNoWo"
- name: PRIVATE_KEY_FILE
value: "/run/secret/eventing/jwtPrivateKey"
- name: INTERNAL_TOKENS_RESOURCE
value: "http://qliksense-edge-auth:8080/v1"
- name: FEATURE_FLAGS_RESOURCE
value: "http://qliksense-feature-flags:8080/v1"
- name: SUBSCRIPTIONS_RESOURCE
value: "http://qliksense-subscriptions:8080/v1"
- name: USERS_RESOURCE
value: "http://qliksense-users:8080/v1"
- name: SPACES_RESOURCE
value: "http://qliksense-spaces:6080/v1"
- name: ROLLBAR_ENABLED
value: "false"
- name: NATS_ENABLED
value: "true"
- name: NATS_URL
value: "http://qliksense-nats-client:4222"
- name: NATS_CLUSTER_ID
value: qliksense-nats-streaming-cluster
- name: NATS_CLIENT_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
volumeMounts:
- name: qliksense-eventing-secret
mountPath: "/run/secret/eventing"
readOnly: true
# resources: {}
volumes:
- name: qliksense-eventing-secret
secret:
secretName: qliksense-eventing-secret
---
# Source: qliksense/charts/feature-flags/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-feature-flags
labels:
app: feature-flags
chart: feature-flags-2.0.8
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: feature-flags
release: qliksense
template:
metadata:
labels:
app: feature-flags
release: qliksense
spec:
imagePullSecrets:
- name: artifactory-docker-secret
dnsConfig:
options:
- name: timeout
value: "1"
containers:
- name: feature-flags
image: ghcr.io/qlik-download/feature-flags:2.0.1
imagePullPolicy:
env:
- name: FEATURES_FILE_PATH
value: "/etc/config/feature-flags/featuresConfig"
- name: FEATURES_POLL_INTERVAL
value: "120000"
- name: JWKS_ENDPOINT
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: ENVIRONMENT
value: "example"
- name: REGION
value: "example"
- name: ROLLBAR_ENABLED
value: "false"
- name: LOG_LEVEL
value: verbose
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: http
readinessProbe:
httpGet:
path: /health
port: http
volumeMounts:
- name: qliksense-feature-flags
mountPath: "/etc/config/feature-flags"
readOnly: true
# resources: {}
volumes:
- name: qliksense-feature-flags
configMap:
# Provide the name of the ConfigMap containing the files you want
# to add to the container
name: qliksense-feature-flags-configmap
---
# Source: qliksense/charts/generic-links/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-generic-links
labels:
app: generic-links
chart: generic-links-1.1.18
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: generic-links
release: qliksense
qliksense-nats-client: "true"
spec:
containers:
- name: generic-links
image: ghcr.io/qlik-download/generic-links:1.0.1
imagePullPolicy:
ports:
- containerPort: 6080
# resources: {}
env:
- name: TERMINATION_GRACE_PERIOD
value: "30"
- name: LOG_LEVEL
value: "info"
- name: AUTH_ENABLED
value: "true"
- name: AUTH_JWKS_URI
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: AUTH_JWT_AUD
value: "qlik.api.internal"
- name: AUTH_JWT_ISS
value: "qlik.api.internal"
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
- name: MESSAGING_ENABLED
value: "true"
- name: MESSAGING_AUTH_ENABLED
value: "true"
- name: MESSAGING_NATS_ADDR
value: "nats://qliksense-nats-client:4222"
- name: MESSAGING_STAN_CLUSTER_ID
value: "qliksense-nats-streaming-cluster"
- name: TOKEN_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: qliksense-generic-links-tokenconfig
key: token-privateKey
- name: TOKEN_KID
valueFrom:
secretKeyRef:
name: qliksense-generic-links-tokenconfig
key: token-kid
- name: TOKEN_URI
value: "http://qliksense-edge-auth:8080/v1/internal-tokens"
- name: WEB_RISK_ENABLED
value: "false"
- name: ITEMS_ENABLED
value: "true"
- name: ITEMS_URI
value: "http://qliksense-collections:8080"
- name: ACCESS_CONTROL_ENABLED
value: "true"
- name: PDS_URL
value: "http://qliksense-policy-decisions:5080"
livenessProbe:
httpGet:
path: /health
port: 6080
readinessProbe:
httpGet:
path: /ready
port: 6080
imagePullSecrets:
- name: artifactory-docker-secret
dnsConfig:
options:
- name: timeout
value: "1"
terminationGracePeriodSeconds: 30
selector:
matchLabels:
app: generic-links
release: qliksense
---
# Source: qliksense/charts/geo-operations/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-geo-operations
labels:
app: qliksense-geo-operations
chart: geo-operations-1.1.4
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: qliksense-geo-operations
release: qliksense
template:
metadata:
labels:
app: qliksense-geo-operations
release: qliksense
spec:
containers:
- name: qliksense-geo-operations
image: ghcr.io/qlik-download/geo-operations-service:1.3.0
imagePullPolicy: IfNotPresent
ports:
- name: grpc
containerPort: 50072
protocol: TCP
- name: http
containerPort: 40072
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 40072
readinessProbe:
httpGet:
path: /readiness
port: 40072
# resources: {}
env:
- name: LOG_LEVEL
value: "debug"
- name: SERVER_URL
value: "https://ga.qlikcloud.com"
- name: SERVER_KEY
value: ""
- name: FEATUREFLAG_URL
value: "http://qliksense-feature-flags:8080"
- name: LICENSES_URL
value: "http://qliksense-licenses:9200"
- name: EDGEAUTH_URL
value: "http://qliksense-edge-auth:8080"
- name: MAX_DATASET_ROWS
value: ""
- name: MAX_DATASET_BYTES
value: ""
- name: THROTTLING_MAX_CONCURRENT
value: "3"
- name: THROTTLING_MAX_QUEUE
value: "5"
- name: THROTTLING_TIMEOUT
value: "180000"
- name: JWT_KEY_ID
value: "N0I3roEVoh1utSb1JFkqklahRXmGikq8FIkxLLuEpcU"
- name: JWT_PRIVATE_KEY
value: "-----BEGIN PRIVATE KEY-----\nMIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDt5IxHuof7bdi4TT3/\nx1KC2tPJPHQl3m+Sqnl4S3HumVtfrHPpMUYDO/9e6afgayuhZANiAATKltb0ARl1\ng484UmGtRTNYZMS4+pPSs5jNI/ZtJrb4hIq4l6fblwIxDZvMlM5akycb7gNo5Zcw\nozpZb+5+CeF/5wMalyK0a+VZOGCZ80tSxuA7cB6rwAOaO3Yhmolkv4Y=\n-----END PRIVATE KEY-----\n"
imagePullSecrets:
- name: artifactory-docker-secret
---
# Source: qliksense/charts/hub/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-hub
labels:
app: hub
chart: hub-1.3.109
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: hub
release: qliksense
spec:
containers:
- name: hub
image: ghcr.io/qlik-download/hub:1.0.185
imagePullPolicy:
ports:
- containerPort: 3023
# resources: {}
volumeMounts:
imagePullSecrets:
- name: artifactory-docker-secret
volumes:
selector:
matchLabels:
app: hub
release: qliksense
---
# Source: qliksense/charts/identity-providers/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-identity-providers
labels:
app: identity-providers
chart: identity-providers-1.8.32
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: identity-providers
release: qliksense
template:
metadata:
labels:
app: identity-providers
release: qliksense
qliksense-nats-client: "true"
spec:
imagePullSecrets:
- name: artifactory-docker-secret
dnsConfig:
options:
- name: timeout
value: "1"
containers:
- name: identity-providers
image: ghcr.io/qlik-download/identity-providers:0.3.1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: http
readinessProbe:
httpGet:
path: /ready
port: http
env:
- name: LOG_LEVEL
value: verbose
- name: JWKS_ENDPOINT
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: IDP_CONFIGS_FILE
value: "/run/secret/identity-providers/idpConfigs"
- name: ACCOUNT
value:
- name: ENVIRONMENT
value: example
- name: REGION
value: example
- name: ROLLBAR_ENABLED
value: "false"
- name: KEY_ID
value: "JYJ4SoPYPN8JWQR7UBuE2orr1rZEFSc53ARC0e1ldVo"
- name: PRIVATE_KEY_FILE
value: "/run/secret/identity-providers/jwtPrivateKey"
- name: NATS_ENABLED
value: "true"
- name: NATS_URL
value: "http://qliksense-nats-client:4222"
- name: NATS_CLUSTER_ID
value: qliksense-nats-streaming-cluster
- name: NATS_CLIENT_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: INTERNAL_TOKENS_RESOURCE
value: "http://qliksense-edge-auth:8080/v1"
volumeMounts:
- name: qliksense-identity-providers
mountPath: "/run/secret/identity-providers"
readOnly: true
# resources: {}
volumes:
- name: qliksense-identity-providers
secret:
secretName: qliksense-identity-providers
---
# Source: qliksense/charts/insights/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-insights
labels:
app: insights
chart: insights-1.9.1
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: insights
chart: insights-1.9.1
release: qliksense
heritage: Tiller
spec:
containers:
- image: ghcr.io/qlik-download/insights:2.0.11
name: insights
resources:
limits:
cpu: 400m
memory: 600Mi
requests:
cpu: 250m
memory: 300Mi
ports:
- containerPort: 9292
env:
- name: ENVIRONMENT
value: "k8s"
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
- name: NO_JWT_VALIDATION
value: "false"
- name: AUTH_JWKS_URI
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: AUTH_JWT_AUD
value: "qlik.api.internal"
- name: AUTH_JWT_ISS
value: "qlik.api.internal"
- name: REPORTING_URL
value: "http://qliksense-reporting:8282"
- name: PDS_URL
value: "http://qliksense-policy-decisions:5080"
- name: COLLECTIONS_URL
value: "http://qliksense-collections:8080"
- name: REPORTING_SERVICE_DISABLED
value:
- name: JWT_AUTH_URL
value: "http://edge-auth:8080/v1/internal-tokens"
- name: JWT_PRIVATE_KEY
value:
- name: JWT_KID
value:
- name: ENCRYPTION_URL
value: "http://qliksense-encryption:8080"
- name: FEATURE_FLAGS_URL
value: "http://qliksense-feature-flags:8080"
- name: TENANTS_URL
value: "http://qliksense-tenants:8080"
- name: ENGINE_URL
value: "http://qliksense-engine:9076"
readinessProbe:
httpGet:
path: /health
port: 9292
failureThreshold: 10
initialDelaySeconds: 30
timeoutSeconds: 5
livenessProbe:
httpGet:
path: /health
port: 9292
failureThreshold: 10
initialDelaySeconds: 30
timeoutSeconds: 5
imagePullPolicy:
imagePullSecrets:
- name: artifactory-docker-secret
selector:
matchLabels:
app: insights
---
# Source: qliksense/charts/keys/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-keys
labels:
app: keys
chart: keys-1.5.11
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: keys
release: qliksense
template:
metadata:
labels:
app: keys
release: qliksense
annotations:
checksum/config: 3d405ffc62ab108a155264854dc86861dce25b23d17a0184d9d8bf4b466b1349
spec:
imagePullSecrets:
- name: artifactory-docker-secret
dnsConfig:
options:
- name: timeout
value: "1"
containers:
- name: keys
image: ghcr.io/qlik-download/keys:1.0.7
imagePullPolicy:
env:
- name: KEY_FILES_PATH
value: "/etc/config/keys"
- name: AUTH_JWKS_URI
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: ENVIRONMENT
value: "example"
- name: REGION
value: "example"
- name: ROLLBAR_ENABLED
value: "false"
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: http
readinessProbe:
httpGet:
path: /health
port: http
volumeMounts:
- name: qliksense-keys
mountPath: "/etc/config/keys"
readOnly: true
# resources: {}
volumes:
- name: qliksense-keys
configMap:
# Provide the name of the ConfigMap containing the files you want
# to add to the container
name: qliksense-keys-configmap
items:
- key: qlik.api.internal-api-keys
path: qlik.api.internal/api-keys
- key: qlik.api.internal-audit
path: qlik.api.internal/audit
- key: qlik.api.internal-chronos-worker
path: qlik.api.internal/chronos-worker
- key: qlik.api.internal-collections
path: qlik.api.internal/collections
- key: qlik.api.internal-data-connections
path: qlik.api.internal/data-connections
- key: qlik.api.internal-data-engineering-exporter
path: qlik.api.internal/data-engineering-exporter
- key: qlik.api.internal-edge-auth
path: qlik.api.internal/edge-auth
- key: qlik.api.internal-engine
path: qlik.api.internal/engine
- key: qlik.api.internal-eventing
path: qlik.api.internal/eventing
- key: qlik.api.internal-generic-links
path: qlik.api.internal/generic-links
- key: qlik.api.internal-geo-operations
path: qlik.api.internal/geo-operations
- key: qlik.api.internal-groups
path: qlik.api.internal/groups
- key: qlik.api.internal-identity-providers
path: qlik.api.internal/identity-providers
- key: qlik.api.internal-insights
path: qlik.api.internal/insights
- key: qlik.api.internal-invite
path: qlik.api.internal/invite
- key: qlik.api.internal-licenses
path: qlik.api.internal/licenses
- key: qlik.api.internal-nl-app-search
path: qlik.api.internal/nl-app-search
- key: qlik.api.internal-nl-parser
path: qlik.api.internal/nl-parser
- key: qlik.api.internal-notification-prep
path: qlik.api.internal/notification-prep
- key: qlik.api.internal-odag
path: qlik.api.internal/odag
- key: qlik.api.internal-onboarding
path: qlik.api.internal/onboarding
- key: qlik.api.internal-policy-decisions
path: qlik.api.internal/policy-decisions
- key: qlik.api.internal-precedents
path: qlik.api.internal/precedents
- key: qlik.api.internal-qix-data-connection
path: qlik.api.internal/qix-data-connection
- key: qlik.api.internal-qix-data-reload
path: qlik.api.internal/qix-data-reload
- key: qlik.api.internal-qix-datafiles
path: qlik.api.internal/qix-datafiles
- key: qlik.api.internal-qix-sessions
path: qlik.api.internal/qix-sessions
- key: qlik.api.internal-quotas
path: qlik.api.internal/quotas
- key: qlik.api.internal-reload-tasks
path: qlik.api.internal/reload-tasks
- key: qlik.api.internal-reporting
path: qlik.api.internal/reporting
- key: qlik.api.internal-resource-library
path: qlik.api.internal/resource-library
- key: qlik.api.internal-sharing
path: qlik.api.internal/sharing
- key: qlik.api.internal-spaces
path: qlik.api.internal/spaces
- key: qlik.api.internal-subscriptions
path: qlik.api.internal/subscriptions
- key: qlik.api.internal-temporary-contents
path: qlik.api.internal/temporary-contents
- key: qlik.api.internal-tenants
path: qlik.api.internal/tenants
- key: qlik.api.internal-transport
path: qlik.api.internal/transport
- key: qlik.api.internal-users
path: qlik.api.internal/users
- key: qlik.api.internal-web-notifications
path: qlik.api.internal/web-notifications
- key: qlik.api.internal-web-security
path: qlik.api.internal/web-security
---
# Source: qliksense/charts/licenses/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-licenses
labels:
app: licenses
chart: licenses-1.21.0
release: qliksense
heritage: Tiller
annotations:
spec:
replicas: 1
template:
metadata:
labels:
app: licenses
release: qliksense
qliksense-nats-client: "true"
spec:
serviceAccountName: qliksense-licenses
containers:
- name: "election"
image: ghcr.io/qlik-download/leader-elector:1.8.0
args:
- --election=qliksense-licenses
- --election-namespace=qliksense
- --http=0.0.0.0:4040
ports:
- containerPort: 4040
livenessProbe:
httpGet:
path: /health
port: 4040
resources:
{}
- name: licenses
image: ghcr.io/qlik-download/licenses:3.20.0
imagePullPolicy:
ports:
- containerPort: 9200
livenessProbe:
httpGet:
path: /health
port: 9200
readinessProbe:
httpGet:
path: /ready
port: 9200
# resources: {}
env:
- name: ENVIRONMENT
value: ""
- name: LICENSES_SERIAL_NBR
value: ""
- name: LICENSES_CONTROL_NBR
value: ""
- name: LICENSE_KEY
value: ""
- name: TENANT_ID
value:
- name: LICENSES_LOG_LEVEL
value:
- name: LICENSES_TRACING_ENABLED
value: "false"
- name: LICENSES_TEST_MODE
value: ""
- name: IS_QCS
value: ""
- name: JWKS_ENDPOINT
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: PDS_URI
value: "http://qliksense-policy-decisions:5080"
- name: LICENSES_FEATURES_URI
value: "http://qliksense-feature-flags:8080/v1/features"
- name: LICENSES_FEATURES_CACHE
value: "false"
- name: LICENSES_MONGODB_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
- name: ASS_SYNC_ENABLED
value: "true"
- name: EXCESS_ENABLED
value: "true"
- name: NATS_ENABLED
value: "true"
- name: NATS_SERVERS
value: "nats://qliksense-nats-client:4222"
- name: NATS_CLUSTER
value: "qliksense-nats-streaming-cluster"
- name: NATS_CONNECT_ATTEMPTS
value: "3"
- name: TOKEN_AUTH_ENABLED
value: "true"
- name: TOKEN_AUTH_PRIVATE_KEY
value: "-----BEGIN EC PRIVATE KEY-----\nMIGkAgEBBDD5BGFKQX981pUj+dwaJqn3TlMeSfPQxHVCKJlfKwBnhr6xjWaEH0ej\npS3nTQwNmUSgBwYFK4EEACKhZANiAAS2IWhY4cJjhKv/rCVq64ORQ01Y56PvoCO3\nVg23AduOLe/N0IKPedki7uWX73onXZz5yIS2GiTAWKkapoA2QLnHWOrC3wckz7AW\nAjJtggeoCvTUhJmG6LY9SCJAwEO8xuM=\n-----END EC PRIVATE KEY-----\n"
- name: TOKEN_AUTH_KID
value: "_WChJV76hqP6rsnPFV44TNYUR1l4jweS612XuTMopz0"
- name: TOKEN_AUTH_URL
value: "http://qliksense-edge-auth:8080/v1/internal-tokens"
- name: SQS_ENABLED
value: "false"
- name: SQS_QUEUE_URI
value:
- name: AWS_REGION
value:
imagePullSecrets:
- name: artifactory-docker-secret
dnsConfig:
options:
- name: timeout
value: "1"
selector:
matchLabels:
app: licenses
release: qliksense
---
# Source: qliksense/charts/locale/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-locale
labels:
app: locale
chart: locale-1.3.6
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: locale
release: qliksense
spec:
containers:
- name: locale
image: ghcr.io/qlik-download/locale:1.0.9
imagePullPolicy:
# resources: {}
ports:
- containerPort: 8080
imagePullSecrets:
- name: artifactory-docker-secret
selector:
matchLabels:
app: locale
release: qliksense
---
# Source: qliksense/charts/management-console/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-management-console
labels:
app: management-console
chart: management-console-1.6.295
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: management-console
release: qliksense
spec:
containers:
- name: management-console
image: ghcr.io/qlik-download/management-console:2.409.1
imagePullPolicy:
env:
- name: PRODUCT_INFO
value: "{ \"composition\": { \"deploymentEnvironment\": \"qsefe\" } }"
ports:
- containerPort: 3024
readinessProbe:
httpGet:
path: /health
port: 3024
initialDelaySeconds: 15
periodSeconds: 15
livenessProbe:
httpGet:
path: /health
port: 3024
initialDelaySeconds: 15
periodSeconds: 15
# resources: {}
imagePullSecrets:
- name: artifactory-docker-secret
selector:
matchLabels:
app: management-console
release: qliksense
---
# Source: qliksense/charts/nl-broker/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-nl-broker
labels:
app: nl-broker
chart: nl-broker-1.2.3
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: nl-broker
release: qliksense
spec:
containers:
- name: nl-broker
image: ghcr.io/qlik-download/nl-broker:1.14.0
imagePullPolicy:
ports:
- containerPort: 30301
# resources: {}
env:
- name: AUTH_JWKS_URI
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: AUTH_JWT_AUD
value: "qlik.api.internal"
- name: AUTH_JWT_ISS
value: "qlik.api.internal"
- name: PARSER_URI
value: "http://qliksense-nl-parser:30302"
- name: DPS_URI
value: "http://qliksense-data-prep:9072"
- name: DPS_ROUTING
value: "true"
- name: REPORTING_URI
value: "http://qliksense-reporting:8282"
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
volumeMounts:
livenessProbe:
httpGet:
path: /health
port: 30301
failureThreshold: 3
periodSeconds: 10
readinessProbe:
httpGet:
path: /ready
port: 30301
failureThreshold: 3
periodSeconds: 10
imagePullSecrets:
- name: artifactory-docker-secret
volumes:
selector:
matchLabels:
app: nl-broker
release: qliksense
---
# Source: qliksense/charts/nl-parser/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-nl-parser
labels:
app: nl-parser
chart: nl-parser-1.3.1
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: nl-parser
release: qliksense
spec:
containers:
- name: nl-parser
image: ghcr.io/qlik-download/nl-parser:0.59.0
imagePullPolicy:
ports:
- containerPort: 30302
# resources: {}
env:
- name: LOG_LEVEL
value:
- name: DPS_URI
value: "http://qliksense-data-prep:9072"
- name: DPS_ROUTING_ENABLED
value: "true"
- name: NLU_MULTI_LINGUAL
value: "false"
- name: NL_APP_SEARCH_URI
value: "http://qliksense-nl-app-search:9085"
livenessProbe:
httpGet:
path: /health
port: 30302
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
imagePullSecrets:
- name: artifactory-docker-secret
selector:
matchLabels:
app: nl-parser
release: qliksense
---
# Source: qliksense/charts/notification-prep/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-notification-prep
labels:
app: notification-prep
chart: notification-prep-1.0.10
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: notification-prep
release: qliksense
qliksense-nats-client: "true"
spec:
containers:
- name: notification-prep
image: ghcr.io/qlik-download/notification-prep:1.0.9
imagePullPolicy:
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: http
readinessProbe:
httpGet:
path: /ready
port: http
env:
- name: USERS_SERVICE_URL
value: "http://qliksense-users:8080"
- name: INTERNAL_TOKENS_RESOURCE
value: "http://qliksense-edge-auth:8080"
- name: JWKS_ENDPOINT
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: PRIVATE_KEY
value: "-----BEGIN EC PRIVATE KEY-----\nMIGkAgEBBDAqcwIMWYkjCAmoLFZOvhmMtMWS51FoEOUcQmW/NN7cfWiX9hqL52cK\nxk1ZMbTSQhigBwYFK4EEACKhZANiAAQ4nElftpap9KecGyIt41b9BM0HUrCzUhhO\nhK/Dt8D+ktsH0TOpt+t7uZog4ugzWlymS1LEVBthqoWQ0OSoKzqI44ClktTSnPGJ\npChrR6caNmcGOZvel8ooqgNwlkT2S88=\n-----END EC PRIVATE KEY-----\n"
- name: KEY_ID
value: oy6oficqj3Os7ZLLNKIDeKPOzQDoKdhGQa-w0e6YQvI
- name: NATS_ENABLED
value: "true"
- name: NATS_URL
value: "http://qliksense-nats-client:4222"
- name: NATS_CLUSTER_ID
value: qliksense-nats-streaming-cluster
- name: NATS_TOKEN_AUTH_ENABLED
value: "true"
- name: NATS_CLIENT_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: ROLLBAR_ENABLED
value: "false"
- name: ROLLBAR_ENV
value: "dev"
- name: ROLLBAR_REGION
value: "local"
volumeMounts:
resources:
limits: {}
requests: {}
imagePullSecrets:
- name: artifactory-docker-secret
volumes:
selector:
matchLabels:
app: notification-prep
release: qliksense
---
# Source: qliksense/charts/odag/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-odag
labels:
app: odag
chart: odag-1.9.4
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: odag
release: qliksense
template:
metadata:
labels:
app: odag
release: qliksense
qliksense-nats-client: "true"
spec:
imagePullSecrets:
- name: artifactory-docker-secret
serviceAccountName: qliksense-odag
containers:
- name: "election"
image: ghcr.io/qlik-download/leader-elector:1.8.0
args:
- --election=qliksense-odag
- --election-namespace=qliksense
- --http=0.0.0.0:4040
ports:
- containerPort: 4040
livenessProbe:
httpGet:
path: /health
port: 4040
- name: odag
image: ghcr.io/qlik-download/odag:1.31.0
imagePullPolicy:
ports:
- name: http
containerPort: 9098
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: http
readinessProbe:
httpGet:
path: /ready
port: http
env:
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
- name: AUTH_ENABLED
value: "true"
- name: AUTH_JWKS_URI
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: AUTH_JWT_AUD
value: "qlik.api.internal"
- name: AUTH_JWT_ISS
value: "qlik.api.internal"
- name: SELF_SIGNING_PRIVATE_KEY
value: "-----BEGIN EC PRIVATE KEY-----\nMIGkAgEBBDDvsPODgxQg8clxdqlvPsIbwvNuBaCGbkaPjafU4IwVsW3r5fy4LsEI\nfK1YwpXah0KgBwYFK4EEACKhZANiAAS5oTJjOOhEpiqEs7CXBY5dHgoOTrAwCWGU\n4FvOLQdll67bmNOG/VXe4R1eEgUfzt52ShUrf7MUDcE5gMcCnbb/Wh6PBRGNRHkG\nkdsC5ehTvAauo+NyHw+x3uCkXlYfxc4=\n-----END EC PRIVATE KEY-----\n"
- name: KEY_IDENTIFIER
value: J-QC62aBDJrkbJXxEiZixY1wlPwAjJDeZHIgE_DjnXw
- name: EDGE_AUTH_URL
value: "http://qliksense-edge-auth:8080"
- name: ENGINE_URL
value: "http://qliksense-engine:9076"
- name: QIX_SESSION_URL
value: "http://qliksense-qix-sessions:8080"
- name: RELOAD_SERVICE_URL
value: "http://qliksense-reloads:8080"
- name: USER_SERVICE_URL
value: "http://qliksense-users:8080"
- name: COLLECTIONS_URL
value: "http://qliksense-collections:8080"
- name: FEATURE_FLAG_URL
value: "http://qliksense-feature-flags:8080"
- name: ENCRYPTION_URL
value: "http://qliksense-encryption:8080"
- name: NATS_ENABLED
value: "true"
- name: NATS_URL
value: nats://qliksense-nats-client:4222
- name: NATS_CLUSTER_ID
value: qliksense-nats-streaming-cluster
- name: NATS_CLIENT_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NATS_AUTH_ENABLED
value: "true"
- name: USE_INTERNAL_RELOAD
value: "true"
- name: RELOAD_WORKLOAD_TYPE
value: "odag"
# resources: {}
---
# Source: qliksense/charts/policy-decisions/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-policy-decisions
labels:
app: policy-decisions
chart: policy-decisions-2.0.0
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: policy-decisions
release: qliksense
qliksense-nats-client: "true"
spec:
containers:
- name: policy-decisions
image: ghcr.io/qlik-download/policy-decision-service:1.74.0
imagePullPolicy:
ports:
- containerPort: 5080
resources: {}
env:
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
- name: RULESENGINE__ENABLE
value: "true"
- name: AUTHORIZATION__ENABLE
value: "true"
- name: SWAGGER__ENABLE
value: "false"
- name: JWTAUTHENTICATION__ENABLE
value: "true"
- name: JWKS_ENDPOINT
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: LICENSES__URL
value: "http://qliksense-licenses:9200/"
- name: TOKEN_URI
value: "http://qliksense-edge-auth:8080/v1/internal-tokens"
- name: NATSSTREAMING__ENABLED
value: "true"
- name: NATSSTREAMING__URL
value: "nats://qliksense-nats-client:4222"
- name: NATSSTREAMING__CLUSTERID
value: "qliksense-nats-streaming-cluster"
- name: NATSSTREAMING__HANDLEEVENTS
value: "true"
- name: JWTPROVIDER__PRIVATEKEY
valueFrom:
secretKeyRef:
name: qliksense-policy-decisions-tokenconfig
key: token-privateKey
- name: JWTPROVIDER__KID
valueFrom:
secretKeyRef:
name: qliksense-policy-decisions-tokenconfig
key: token-kid
- name: SPACES__ENABLED
value: "true"
- name: SPACES__URL
value: "http://qliksense-spaces:6080/"
- name: REDIS__ENABLED
value: "false"
- name: RULESFROMFILE__ENABLED
value: "false"
- name: GROUPS__URL
value: "http://qliksense-groups:8080/"
- name: GROUPS__ENABLED
value: "true"
volumeMounts:
livenessProbe:
httpGet:
path: /health
port: 5080
readinessProbe:
httpGet:
path: /ready
port: 5080
imagePullSecrets:
- name: artifactory-docker-secret
dnsConfig:
options:
- name: timeout
value: "1"
- name: single-request-reopen
volumes:
selector:
matchLabels:
app: policy-decisions
release: qliksense
---
# Source: qliksense/charts/precedents/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-precedents
labels:
app: precedents
chart: precedents-1.1.32
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: precedents
template:
metadata:
labels:
app: precedents
release: qliksense
qliksense-nats-client: "true"
spec:
imagePullSecrets:
- name: artifactory-docker-secret
containers:
- name: precedents
image: ghcr.io/qlik-download/precedents:0.81.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9054
volumeMounts:
livenessProbe:
httpGet:
path: /health
port: 9054
failureThreshold:
periodSeconds:
readinessProbe:
httpGet:
path: /ready
port: 9054
failureThreshold:
periodSeconds:
env:
- name: PORT
value: "9054"
- name: MODE
value: "elastic"
- name: ENGINEADDRESS
value: "http://qliksense-qix-sessions"
- name: ENGINEPORT
value: "8080"
- name: PROTOCOL
value: "http"
- name: SINGLE_PROCESS
value: "true"
- name: LOGLEVEL
value: ""
- name: GRPC
value: "true"
- name: CAYLEYSTART
value: "true"
- name: CAYLEYPORT
value: "50051"
- name: CAYLEYHTTPPORT
value: "50052"
- name: CAYLEYSTORE
value: "mongo"
- name: AUTH_JWKS_URI
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: FEATURE_FLAG_URL
value: "http://qliksense-feature-flags.qliksense:8080/v1/features"
- name: EDGE_AUTH_URI
value: "http://qliksense-edge-auth:8080"
# NATS configuration
- name: NATS_URL
value: nats://qliksense-nats-client:4222
- name: NATS_CLUSTER_ID
value: qliksense-nats-streaming-cluster
- name: NATS_CLIENT_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
# SPACES configuration
- name: SPACES_URI
value: "http://qliksense-spaces:6080"
# Set the mongo environment variable using the secret
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
# Private Signing Key
- name: SELF_SIGNING_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: qliksense-precedents-secret
key: privatekey
- name: KEY_IDENTIFIER
value: GrvbBlHIXFBB7vrpoOl4VyrGIYl_1kUgKSfNqBoh0ds
# resources: {}
# volumes:
---
# Source: qliksense/charts/qix-data-connection/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-qix-data-connection
labels:
app: qix-data-connection
chart: qix-data-connection-1.8.9
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: qix-data-connection
#release: qliksense
template:
metadata:
labels:
app: qix-data-connection
release: qliksense
spec:
dnsConfig:
options:
- name: timeout
value: "1"
containers:
- name: qix-data-connection
image: ghcr.io/qlik-download/qix-data-connection:1.12.29
imagePullPolicy:
volumeMounts:
- name: qdc-storage
mountPath: "/mnt/key"
readOnly: true
env:
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
- name: MONGO_ENABLE_SSL_VALIDATE
value: "true"
- name: GET_USER_CONNECTIONS
value: "true"
- name: USER_ACCESS_CONTROL
value: "true"
- name: LOG_LEVEL
value: "info"
- name: ENABLE_JWT_AUTH
value: "true"
- name: JWKS_ENDPOINT
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: E2S_ADDR
value: "http://qliksense-encryption:8080"
- name: ENABLE_CRYPTO
value: "false"
- name: ENABLE_DATAFILES
value: "true"
- name: QIX_DATAFILES_URI
value: "http://qliksense-qix-datafiles:8080"
- name: ENABLE_GLOBAL_CONNECTIONS
value: "false"
- name: ENABLED_SPACE_CHECK
value: "true"
- name: SPACE_URI
value: "http://qliksense-spaces:6080"
- name: ENABLE_SERVICEJWT
value: "true"
- name: AUTH_URI
value: "http://qliksense-edge-auth:8080"
- name: KEY_ID
valueFrom:
secretKeyRef:
name: qliksense-qdc-keysconfig
key: jwksKeyID
- name: PRIVATE_KEY
value: /mnt/key/jwtPrivateKey
- name: ENABLE_PROXY
value: "false"
- name: DATA_CONNECTIONS_URI
value: "http://qliksense-data-connections:9011"
- name: FEATURE_FLAGS_URI
value: "http://qliksense-feature-flags:8080"
- name: BYPASS_TOKEN
value: "Qlik123456"
ports:
- name: http
containerPort: 9011
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 9011
# resources: {}
volumes:
- name: qdc-storage
secret:
secretName: qliksense-qdc-keysconfig
imagePullSecrets:
- name: artifactory-docker-secret
---
# Source: qliksense/charts/qix-datafiles/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-qix-datafiles
labels:
app: qix-datafiles
chart: qix-datafiles-1.10.42
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: qix-datafiles
# release: qliksense
template:
metadata:
labels:
app: qix-datafiles
release: qliksense
qliksense-nats-client: "true"
spec:
imagePullSecrets:
- name: artifactory-docker-secret
containers:
- name: qix-datafiles
image: ghcr.io/qlik-download/qix-datafiles:2.0.18
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
protocol: TCP
- name: grpc
containerPort: 50051
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: http
env:
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
- name: JWTAUTHENTICATION_ENABLE
value: "true"
- name: JWTAUTHENTICATION_JWKS_URI
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: DATA_DIRECTORY
value: /qlik/qix-datafiles
- name: USERS_URI
value: "http://qliksense-users:8080"
- name: SPACES_URI
value: "http://qliksense-spaces:6080"
- name: FEATUREFLAGS_URI
value: "http://qliksense-feature-flags:8080"
- name: POLICYDECISIONS_URI
value: "http://qliksense-policy-decisions:5080"
- name: ENCRYPTION_URI
value: "http://qliksense-encryption:8080"
- name: EDGEAUTH_TOKEN_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: qliksense-qix-datafiles-tokenconfig
key: token-privateKey
- name: EDGEAUTH_TOKEN_KID
valueFrom:
secretKeyRef:
name: qliksense-qix-datafiles-tokenconfig
key: token-kid
- name: EDGEAUTH_TOKEN_URI
value: "http://qliksense-edge-auth:8080"
- name: NATS_ENABLED
value: "true"
- name: NATS_SPACEEVENTSENABLED
value: "true"
- name: NATS_URI
value: nats://qliksense-nats-client:4222
- name: NATS_CLUSTERID
value: qliksense-nats-streaming-cluster
- name: NATS_CLIENTID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NATS_AUTHENABLED
value: "true"
volumeMounts:
- mountPath: /qlik/qix-datafiles
name: qix-datafiles-storage
- name: tmpdir
mountPath: /tmp
# resources: {}
volumes:
- name: qix-datafiles-storage
persistentVolumeClaim:
claimName: qliksense-qix-datafiles
- name: tmpdir
emptyDir: {}
---
# Source: qliksense/charts/qix-sessions/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-qix-sessions
labels:
app: qix-sessions
chart: qix-sessions-6.4.1
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: qix-sessions
release: qliksense
spec:
serviceAccountName: qliksense-qix-sessions
containers:
- name: qix-sessions
image: ghcr.io/qlik-download/qix-sessions:5.7.4
imagePullPolicy:
ports:
- containerPort: 8080
command:
- "/qix-sessions"
- "--logtostderr"
env:
- name: TERMINATION_GRACE_PERIOD_SECONDS
value: "30"
- name: AUTH_ENABLED
value: "true"
- name: AUTH_JWKS_URI
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: AUTH_JWT_AUD
value: "qlik.api.internal"
- name: AUTH_JWT_ISS
value: "qlik.api.internal"
- name: ENGINE_PORT
value: "9076"
- name: DYNAMIC_RELOAD_ENABLED
value: "true"
- name: RELOAD_ENGINE_GLOBAL_QUOTA
value: "10"
- name: RELOAD_ENGINE_TENANT_QUOTA
value: "2"
- name: ENABLE_PER_TENANT_DYNAMIC_POD_METRICS
value: "false"
- name: CLEAN_UP_INTERVAL_SECONDS
value: "60"
- name: CLEAN_UP_GRACE_PERIOD_SECONDS
value: "120"
- name: CLEAN_UP_SCHEDULING_GRACE_PERIOD_SECONDS
value: "300"
- name: CLEAN_UP_TIMEOUT_SECONDS
value: "3600"
- name: CLEAN_UP_ORPHAN_REPLICA_SETS
value: "true"
- name: RELOAD_ENGINE_RESOURCE
value: "qliksense-engine-reload"
- name: REGISTER_DYNAMIC_ENGINE
value:
- name: QLIK_MANAGER_CONTROLLER_ENABLED
value: "true"
- name: KUBERNETES_CONTROLLER_ENABLED
value: "true"
- name: PROXY_ENABLED
value: "true"
- name: APP_SERVICE_URI
value: "http://qliksense-engine:9076"
- name: FEATURE_FLAGS_URI
value: "http://qliksense-feature-flags:8080"
- name: SELECTOR_TYPE
value: "deterministic"
- name: APP_SERVICE_READINESS_CHECK_ENABLED
value: "true"
- name: DEBUG_ENDPOINT_ENABLED
value: "false"
- name: DEPENDENCIES_HEALTHCHECK_TIMEOUT
value: "5000"
- name: MONITOR_UPDATE_FREQUENCY
value: "30"
- name: MONITOR_RETRIEVE_TIMEOUT
value: "20"
- name: MONITOR_ENGINE_ENTRY_EXPIRATION
value: "60"
- name: GET_ENGINE_HEALTH_TIMEOUT
value: "10"
- name: GET_ENGINE_HEALTH_RETRY_TIMEOUT
value: "30"
- name: GET_ENGINE_SESSIONS_TIMEOUT_SECONDS
value: "20"
- name: REDIS_ADDR
valueFrom:
secretKeyRef:
name: qliksense-redis-secret
key: redis-addr
#- name: REDIS_PASSWORD
# valueFrom:
# secretKeyRef:
# name: qliksense-redis-secret
# key: redis-password
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
- name: LOCK_MAX_RETRIES
value: "25"
- name: LOCK_RETRY_INTERVAL
value: "50"
- name: MESSAGING_ENABLED
value: "false"
- name: NATS_SERVER_ADDRESS
value: "nats://qliksense-nats-client:4222"
- name: NATS_TOKEN_AUTH_ENABLED
value: "true"
- name: NATS_CONNECT_WAIT_SECONDS
value:
- name: STAN_CLUSTER_ID
value: "{{ .Release.Name }}-nats-streaming-cluster"
- name: STAN_ENGINE_EVENT_CHANNEL
value: "system-events.engine.app"
- name: ENGINE_SELECTOR_QUERY_RESULT_EXPIRATION
value: "30"
- name: SELECTORS_CONFIGMAP_NAME
value: qliksense-qix-sessions-configmap
- name: TENANT_QUOTAS_CONFIGMAP_NAME
value: qliksense-qix-sessions-tenant-quotas-configmap
- name: ALLOW_EDITORS_ON_MULTI_ENGINES
value: "false"
- name: REUSABLE_ENGINE_MAX_SCORE_CONSUMERS
value: "50"
- name: REUSABLE_ENGINE_MAX_SCORE_EDITORS
value: "70"
- name: ENABLE_TRACING
value: "false"
- name: ENABLE_SELECTORS_ENDPOINT
value: "false"
- name: ENABLE_ENGINES_ENDPOINT
value: "false"
- name: ENGINE_SYNCHRONIZATION_INTERVAL_SECONDS
value: "30"
livenessProbe:
httpGet:
path: /live
port: 8080
readinessProbe:
httpGet:
path: /ready
port: 8080
volumeMounts:
- name: secrets
mountPath: "/secrets"
readOnly: true
volumes:
- name: qliksense-qix-sessions-configmap
configMap:
name: qliksense-qix-sessions-configmap
- name: secrets
secret:
secretName: qliksense-qix-sessions-secrets
imagePullSecrets:
- name: artifactory-docker-secret
terminationGracePeriodSeconds: 30
selector:
matchLabels:
app: qix-sessions
#release: qliksense
---
# Source: qliksense/charts/qlikview-client/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-qlikview-client
labels:
app: qlikview-client
chart: qlikview-client-1.0.27
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: qlikview-client
release: qliksense
spec:
containers:
- name: qlikview-client
image: ghcr.io/qlik-download/qlikview-client:12.62.0
imagePullPolicy:
ports:
- containerPort: 9003
livenessProbe:
httpGet:
path: /health
port: 9003
imagePullSecrets:
- name: artifactory-docker-secret
selector:
matchLabels:
app: qlikview-client
release: qliksense
---
# Source: qliksense/charts/quotas/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-quotas
labels:
app: quotas
chart: quotas-1.0.4
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: quotas
release: qliksense
spec:
containers:
- name: quotas
image: ghcr.io/qlik-download/quotas:0.9.0
imagePullPolicy:
ports:
- containerPort: 6080
# resources: {}
env:
- name: TERMINATION_GRACE_PERIOD_SECONDS
value: "30"
- name: ENVIRONMENT
value:
- name: LOG_LEVEL
value: "debug"
- name: AUTH_ENABLED
value: "true"
- name: AUTH_JWKS_URI
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: AUTH_JWT_AUD
value: "qlik.api.internal"
- name: AUTH_JWT_ISS
value: "qlik.api.internal"
- name: SERVICE_JWT_PRIVATE_KEY
value: "-----BEGIN EC PRIVATE KEY-----\nMIGkAgEBBDDNGKGUUID0quRZwa3D+ZM1Juozl+WKTLI/2GlCjalxDBq+Y/vQW9Rx\nCEqNKwwjNCegBwYFK4EEACKhZANiAAROuUhNmMeW1uZB3XVVv2EoSyhKZiJeGF+Q\nEg9r3hyE21RvIXcIuNg6pnNSjSQIgoTvRGjz1G2dFbyIEoRUmGzc/r1pTsaHQBzq\nhFdGPR/8xVXMcFkj+kjVxoS/wx0XUfE=\n-----END EC PRIVATE KEY-----\n"
- name: SERVICE_JWT_KEY_ID
value: "1Kyk7eZuL_cTcwK-n0IgGcupF9vdQnvgeov5fpxugCY"
- name: INTERNAL_TOKENS_URI
value: http://qliksense-edge-auth:8080/v1/internal-tokens
- name: LICENSES_ENABLED
value: "false"
- name: LICENSES_URI
value: http://qliksense-licenses:9200
- name: SPACES_ENABLED
value: "false"
- name: SPACES_URI
value: http://qliksense-spaces:6080
livenessProbe:
httpGet:
path: /health
port: 6080
readinessProbe:
httpGet:
path: /ready
port: 6080
imagePullSecrets:
- name: artifactory-docker-secret
terminationGracePeriodSeconds: 30
selector:
matchLabels:
app: quotas
release: qliksense
---
# Source: qliksense/charts/reload-tasks/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-reload-tasks
labels:
app: reload-tasks
chart: reload-tasks-1.6.5
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: reload-tasks
release: qliksense
qliksense-nats-client: "true"
spec:
containers:
- name: reload-tasks
image: ghcr.io/qlik-download/reload-tasks:1.1.2
imagePullPolicy:
env:
- name: AUTH_ENABLED
value: "true"
- name: AUTH_JWKS_URI
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: SELF_SIGNING_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: qliksense-reload-tasks-privatekey
key: privatekey
- name: KEY_IDENTIFIER
value: tGqCjbBab4T5LCzwDKkOsYUtTDanLJrFrtoQm9PRSxE
- name: SINGING_ALGORITHM
value: ES384
- name: MESSAGING_ENABLED
value: "false"
- name: NATS_CLIENT_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: STAN_CLUSTER_ID
value: "{{ .Release.Name }}-nats-streaming-cluster"
- name: CHRONOS_URI
value: "http://qliksense-chronos:8585"
- name: CHRONOS_ACTION_URI
value: "http://qliksense-reloads:8080/v1/scheduledreloads"
- name: AUTH_JWT_AUD
value: "qlik.api.internal"
- name: CHRONOS_AUTH_JWT_AUD
value: "qlik.api.internal/qix-data-reload"
- name: AUTH_JWT_ISS
value: "qlik.api.internal"
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
- name: MAX_CONSECUTIVE_FAILURES
value: "5"
- name: EXCLUDED_TENANTS
value:
ports:
- containerPort: 8080
volumeMounts:
livenessProbe:
httpGet:
path: /health
port: 8080
# resources: {}
imagePullSecrets:
- name: artifactory-docker-secret
volumes:
selector:
matchLabels:
app: reload-tasks
release: qliksense
---
# Source: qliksense/charts/reloads/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-reloads
labels:
app: reloads
chart: reloads-1.7.10
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: reloads
release: qliksense
qliksense-nats-client: "true"
spec:
containers:
- name: reloads
image: ghcr.io/qlik-download/qix-data-reload:1.4.6
imagePullPolicy:
env:
- name: LOG_LEVEL
value: "debug"
- name: MAX_SIMULTANEOUS_RELOADS
value: "100"
- name: AUTH_ENABLED
value: "true"
- name: AUTH_JWKS_URI
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: AUTH_JWT_AUD
value: "qlik.api.internal"
- name: AUTH_JWT_ISS
value: "qlik.api.internal"
- name: QIX_SESSION_URL
value: "http://qliksense-qix-sessions:8080"
- name: RELOAD_TASKS_URL
value: "http://qliksense-reload-tasks:8080"
# NATS
- name: NATS_SERVICE_NAME
value: qliksense-nats-client
- name: NATS_CLUSTER_ID
value: qliksense-nats-streaming-cluster
- name: NATS_CLIENT_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NATS_AUTH_ENABLED
value: "true"
# MONGO
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
# METRICS
- name: PROMETHEUS_PORT
value: "8080"
# PRIVATE SIGNING KEY
- name: SELF_SIGNING_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: qliksense-reloads-privatekey
key: privatekey
- name: KEY_IDENTIFIER
value: QtiFtx-5MCcsnHb-xmWGgjwoJuEZYYkYHblN2I_Bibo
- name: ENGINE_URL
value: "http://qliksense-engine:9076"
- name: USERS_URL
value: "http://qliksense-users:8080"
- name: EDGE_AUTH_URL
value: "http://qliksense-edge-auth:8080"
ports:
- containerPort: 8080
volumeMounts:
livenessProbe:
httpGet:
path: /health
port: 8080
readinessProbe:
httpGet:
path: /ready
port: 8080
# resources: {}
imagePullSecrets:
- name: artifactory-docker-secret
terminationGracePeriodSeconds: 30
volumes:
- name: reloads-prestop-hook
configMap:
name: qliksense-reloads-prestop-hook
defaultMode: 0755
optional: true
selector:
matchLabels:
app: reloads
release: qliksense
---
# Source: qliksense/charts/reporting/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-reporting
labels:
app: reporting
chart: reporting-1.18.25
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: reporting
chart: reporting-1.18.25
release: qliksense
heritage: Tiller
qliksense-nats-client: "true"
spec:
containers:
- image: ghcr.io/qlik-download/reporting-proxy:2.2.0
name: "rpr"
livenessProbe:
httpGet:
path: /health
port: 8484
ports:
- containerPort: 8001
env:
- name: PROXY_HOST
value: "127.0.0.1"
- name: PROXY_PORT
value: "8001"
- name: PROXY_METRICS_PORT
value: "8484"
- name: ENGINE_HOST
value: "qliksense-engine"
- name: ENGINE_PORT
value: "9076"
- name: CLIENT_HOST
value: "qliksense-sense-client"
- name: CLIENT_PORT
value: "9050"
- name: FEATUREFLAGS_HOST
value: "qliksense-feature-flags"
- name: FEATUREFLAGS_PORT
value: "8080"
- name: RESOURCELIBRARY_HOST
value: "qliksense-resource-library"
- name: RESOURCELIBRARY_PORT
value: "21068"
- name: TEMPCONTENTS_HOST
value: "qliksense-temporary-contents"
- name: TEMPCONTENTS_PORT
value: "6080"
- name: LOCALE_HOST
value: "qliksense-locale"
- name: LOCALE_PORT
value: "8080"
- image: ghcr.io/qlik-download/reporting-web-renderer:2.22.4
name: "rwr"
args: [ -l=DEBUG , -http-server-enable=true , -http-server-host=0.0.0.0 , -http-server-port=9288]
livenessProbe:
httpGet:
path: /health
port: 9288
- image: ghcr.io/qlik-download/reporting-composer:3.4.3
name: "cmp"
args: [ -l debug]
readinessProbe:
exec:
command: ["/bin/grpc_health_probe", "-addr=:52052" , "-service=cmp"]
initialDelaySeconds: 5
livenessProbe:
exec:
command: ["/bin/grpc_health_probe", "-addr=:52052" , "-service=cmp"]
initialDelaySeconds: 10
- image: ghcr.io/qlik-download/reporting-service:9.3.6
name: "rep"
ports:
- containerPort: 8282
env:
- name: NO_JWT_VALIDATION
value: "false"
- name: AUTH_JWKS_URI
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: AUTH_JWT_AUD
value: "qlik.api.internal"
- name: AUTH_JWT_ISS
value: "qlik.api.internal"
- name: SESSION_SERVICE_URL
value: "http://qliksense-qix-sessions:8080"
- name: ENGINE_PROXY_URL
value: "http://127.0.0.1:8001"
- name: CLIENT_URL
value: "http://127.0.0.1:8001"
- name: TEMP_CONTENTS_URL
value: "http://qliksense-temporary-contents:6080"
- name: FEATURE_FLAGS_URL
value: "http://qliksense-feature-flags:8080"
- name: REDIS_URL
valueFrom:
secretKeyRef:
name: qliksense-redis-secret
key: redis-addr
- name: REDIS_AUTH_TOKEN
valueFrom:
secretKeyRef:
name: qliksense-redis-secret
key: redis-password
- name: REDIS_ENCRYPTION
value: "false"
- name: RENDERER_QUERY_STRING
value: ""
- name: TOKEN_AUTH_ENABLED
value: "true"
- name: TOKEN_AUTH_PRIVATE_KEY
value: "-----BEGIN EC PRIVATE KEY-----\nMIGkAgEBBDCmcxTS498lVlRKI+xGoyOalMcOLe2TtLxeOMrsNNxxgPgNDCjuRM3M\n6kyxm2NBQb6gBwYFK4EEACKhZANiAAQ6WOMCyqQxPEGI2vobHBujbuAI/Q21o4T5\nn4AR50hj3uc51xZpUjEEQ8kr/q5t9xinjZADUWwAq03vpNAXe85rSGoy5p/Sx4Fi\nivKFvwJANtugvEoLUfgzTu9Z1inApEA=\n-----END EC PRIVATE KEY-----\n"
- name: TOKEN_AUTH_KID
value: "7nHZ6rfrzzjxuhqByuIrLTWg4HnNzgMMQdURgUQKOvg"
- name: TOKEN_AUTH_URL
value: "http://qliksense-edge-auth:8080/v1/internal-tokens"
- name: NATS_URI
value: nats://qliksense-nats-client:4222
- name: NATS_CLUSTER_ID
value: qliksense-nats-streaming-cluster
- name: MEM_LIMIT_MIBS
value:
readinessProbe:
httpGet:
path: /health
port: 8282
failureThreshold: 10
initialDelaySeconds: 15
timeoutSeconds: 5
livenessProbe:
httpGet:
path: /health
port: 8282
failureThreshold: 10
initialDelaySeconds: 15
timeoutSeconds: 5
imagePullPolicy:
imagePullSecrets:
- name: artifactory-docker-secret
selector:
matchLabels:
app: reporting
---
# Source: qliksense/charts/resource-library/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-resource-library
labels:
app: resource-library
chart: resource-library-1.10.11
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: resource-library
release: qliksense
template:
metadata:
labels:
app: resource-library
release: qliksense
qliksense-nats-client: "true"
spec:
imagePullSecrets:
- name: artifactory-docker-secret
containers:
- name: resource-library
image: ghcr.io/qlik-download/resource-library:4.0.0
imagePullPolicy:
ports:
- name: http
containerPort: 21068
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: http
readinessProbe:
httpGet:
path: /ready
port: http
env:
- name: LOG_LEVEL
value: verbose
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
- name: MONGO_SSL
value:
- name: MONGO_SSL_VALIDATE
value:
- name: MONGO_CHECK_SERVER_IDENTITY
value:
- name: PDS_URI
value: "http://qliksense-policy-decisions:5080"
- name: RESOURCE_VOLUME
value: /qlik/resources
- name: QCS
value: "false"
- name: AUTH_JWKS_URI
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: AUTH_JWT_AUD
value: "qlik.api.internal"
- name: AUTH_JWT_ISS
value: "qlik.api.internal"
- name: KEY_ID
value: "m_1HJQ4CKk1CGdjahppB9TE-ijXzfeZbPyEaPdrZ7q0"
- name: PRIVATE_KEY_FILE
value: "/run/secret/resource-library/jwtPrivateKey"
- name: INTERNAL_TOKENS_RESOURCE
value: "http://qliksense-edge-auth:8080/v1"
- name: NATS_ENABLED
value: "false"
- name: NATS_URL
value: nats://qliksense-nats-client:4222
- name: NATS_CLUSTER_ID
value: qliksense-nats-streaming-cluster
- name: NATS_CLIENT_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: DISABLE_OCTET_STREAM_CHECK
value: "false"
volumeMounts:
- mountPath: /qlik/resources
name: resource-storage
- mountPath: "/run/secret/resource-library"
name: qliksense-resource-library-secret
readOnly: true
- mountPath: "/usr/src/app/webroot"
name: webroot-path
- mountPath: "/usr/src/app/resources"
name: resources-path
resources:
limits:
cpu: 0.25
memory: 512Mi
requests:
cpu: 0.1
memory: 128Mi
volumes:
- name: qliksense-resource-library-secret
secret:
secretName: qliksense-resource-library-secret
- name: resource-storage
persistentVolumeClaim:
claimName: qliksense-resource-library
- name: webroot-path
emptyDir: {}
- name: resources-path
emptyDir: {}
---
# Source: qliksense/charts/sense-client/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-sense-client
labels:
app: sense-client
chart: sense-client-1.7.112
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: sense-client
release: qliksense
template:
metadata:
labels:
app: sense-client
release: qliksense
spec:
containers:
- name: sense-client
image: ghcr.io/qlik-download/sense-client:6.394.0
imagePullPolicy: IfNotPresent
env:
- name: PRODUCT_INFO
value: "{ \"composition\": { \"productName\": \"Qlik Cloud Services\", \"senseId\": \"QlikCloudServices\", \"releaseLabel\": \"-\", \"deploymentEnvironment\": \"qsefe\" }, \"components\": [{ \"component\": \"Client\", \"version\": \"6.394.0\" }], \"externalUrls\": { \"serverHelpBaseUrl\": \"http://help.qlik.com/en-US/cloud-services/csh/\", \"personalHelpBaseUrl\": \"http://help.qlik.com/en-US/cloud-services/csh/\", \"cloudBaseUrl\": \"https://qlikcloud.com/\", \"cloudUploadUrl\": \"https://qlikcloud.com/upload?\", \"personalUpgradeBase\": \"qlik.com/QlikSenseDesktopUpgrade\", \"personalUpgradeUrl\": \"http://qlik.com/QlikSenseDesktopUpgrade\", \"qlikWebPageUrl\": \"https://www.qlik.com/\" } }"
- name: CSP_FALLBACK
valueFrom:
configMapKeyRef:
name: csp-configmap
key: csp
- name: CSP_ENABLED
value: "true"
- name: CSP_FETCH_URL
value: http://qliksense-web-security:6263/v1/csp-header
- name: ASSETS_URL
value: "../resources/"
ports:
- name: http
containerPort: 9050
protocol: TCP
# resources: {}
imagePullSecrets:
- name: artifactory-docker-secret
---
# Source: qliksense/charts/sharing/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-sharing
labels:
app: sharing
chart: sharing-1.4.7
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: sharing
release: qliksense
template:
metadata:
labels:
app: sharing
chart: sharing-1.4.7
release: qliksense
qliksense-nats-client: "true"
heritage: Tiller
spec:
imagePullSecrets:
- name: artifactory-docker-secret
containers:
- image: ghcr.io/qlik-download/sharing:3.0.63
name: sharing
imagePullPolicy: IfNotPresent
args:
- server
- --environment=k8s
- --disableapi=false
- --listenport=8787
- --svc=qliksense-sharing
- --nojwtvalidation=false
- --jwksuri=http://qliksense-keys:8080/v1/keys/qlik.api.internal
- --jwtaud=qlik.api.internal
- --jwtiss=qlik.api.internal
# resources: {}
ports:
- containerPort: 8787
env:
- name: ENVIRONMENT
value:
- name: MAX_RECIPIENTS
value: "25"
- name: MIN_RECIPIENTS
value: "0"
- name: LOG_LEVEL
value: debug
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
- name: NATS_ENABLED
value: "true"
- name: NATS_URL
value: nats://qliksense-nats-client:4222
- name: NATS_CLUSTER_ID
value: qliksense-nats-streaming-cluster
- name: SELF_SIGNING_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: qliksense-sharing-tokenconfig
key: privateKey
- name: KEY_IDENTIFIER
valueFrom:
secretKeyRef:
name: qliksense-sharing-tokenconfig
key: kid
- name: EDGE_AUTH_URL
value: http://qliksense-edge-auth:8080/v1/internal-tokens
- name: FEATURE_FLAGS_URL
value: "http://qliksense-feature-flags:8080"
- name: REPORTING_URL
value: "http://qliksense-reporting:8282"
- name: PDS_URL
value: "http://qliksense-policy-decisions:5080"
- name: INSIGHTS_URL
value: "http://qliksense-insights:9292"
- name: TEMP_CONTENT_URL
value: "http://qliksense-temporary-contents:6080"
- name: ENCRYPTION_URL
value: "http://qliksense-encryption:8080"
- name: TENANTS_URL
value: "http://qliksense-tenants:8080"
- name: STORAGE_PATH
value: "/qlik/sharingsvc-storage"
volumeMounts:
- mountPath: /qlik/sharingsvc-storage
name: sharing-files
readOnly: false
readinessProbe:
httpGet:
path: /ready
port: 8787
failureThreshold: 10
initialDelaySeconds: 30
timeoutSeconds: 5
livenessProbe:
httpGet:
path: /health
port: 8787
failureThreshold: 10
initialDelaySeconds: 30
timeoutSeconds: 5
volumes:
- name: sharing-files
persistentVolumeClaim:
claimName: qliksense-sharing
---
# Source: qliksense/charts/spaces/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-spaces
labels:
app: spaces
chart: spaces-2.8.32
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: spaces
release: qliksense
qliksense-nats-client: "true"
spec:
containers:
- name: spaces
image: ghcr.io/qlik-download/spaces:1.13.5
imagePullPolicy:
ports:
- containerPort: 6080
# resources: {}
env:
- name: TERMINATION_GRACE_PERIOD_SECONDS
value: "30"
- name: ENVIRONMENT
value:
- name: LOG_LEVEL
value: "info"
- name: ROLLBAR_ENABLED
value: "false"
- name: MESSAGING_ENABLED
value: "true"
- name: MESSAGING_NATS_ADDR
value: "nats://qliksense-nats-client:4222"
- name: MESSAGING_STAN_CLUSTER_ID
value: "qliksense-nats-streaming-cluster"
- name: AUTH_ENABLED
value: "true"
- name: AUTH_JWKS_URI
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: AUTH_JWT_AUD
value: "qlik.api.internal"
- name: AUTH_JWT_ISS
value: "qlik.api.internal"
- name: TOKEN_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: qliksense-spaces-tokenconfig
key: token-privateKey
- name: TOKEN_KID
valueFrom:
secretKeyRef:
name: qliksense-spaces-tokenconfig
key: token-kid
- name: TOKEN_URI
value: "http://qliksense-edge-auth:8080/v1/internal-tokens"
- name: ACCESS_CONTROL_ENABLED
value: "true"
- name: ACCESS_CONTROL_PDS_URI
value: "http://qliksense-policy-decisions:5080"
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
- name: GROUPS_ENABLED
value: "true"
- name: GROUPS_CLIENT_URI
value: "http://qliksense-groups:8080"
- name: QUOTAS_ENABLED
value: "false"
- name: QUOTAS_URI
value: "http://qliksense-quotas:6080"
- name: FEATURE_FLAGS_ENABLED
value: "true"
- name: FEATURE_FLAGS_URI
value: "http://qliksense-feature-flags:8080"
- name: JAEGER_DISABLED
value: "true"
- name: RAW_SPACES_LIMIT
value: "700"
livenessProbe:
httpGet:
path: /health
port: 6080
readinessProbe:
httpGet:
path: /ready
port: 6080
imagePullSecrets:
- name: artifactory-docker-secret
dnsConfig:
options:
- name: timeout
value: "1"
terminationGracePeriodSeconds: 30
selector:
matchLabels:
app: spaces
release: qliksense
---
# Source: qliksense/charts/subscriptions/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-subscriptions
labels:
app: subscriptions
chart: subscriptions-1.0.3
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: subscriptions
release: qliksense
template:
metadata:
labels:
app: subscriptions
release: qliksense
qliksense-nats-client: "true"
spec:
imagePullSecrets:
- name: artifactory-docker-secret
containers:
- name: subscriptions
image: ghcr.io/qlik-download/subscriptions:0.0.7
imagePullPolicy:
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: http
readinessProbe:
httpGet:
path: /ready
port: http
env:
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
- name: MONGO_SSL
value:
- name: MONGO_SSL_VALIDATE
value:
- name: MONGO_CHECK_SERVER_IDENTITY
value:
- name: LOG_LEVEL
value: "debug"
- name: JWKS_ENDPOINT
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: KEY_ID
value: "iUsv5s2Q5CXHPTFn-mHEnr5CIPrW5-KUrfuJPKlpyCE"
- name: PRIVATE_KEY_FILE
value: "/run/secret/subscriptions/jwtPrivateKey"
- name: INTERNAL_TOKENS_RESOURCE
value: "http://qliksense-edge-auth:8080/v1"
- name: ROLLBAR_ENABLED
value: "false"
- name: NATS_ENABLED
value: "true"
- name: NATS_URL
value: "http://qliksense-nats-client:4222"
- name: NATS_CLUSTER_ID
value: qliksense-nats-streaming-cluster
- name: NATS_CLIENT_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
volumeMounts:
- name: qliksense-subscriptions-secret
mountPath: "/run/secret/subscriptions"
readOnly: true
# resources: {}
volumes:
- name: qliksense-subscriptions-secret
secret:
secretName: qliksense-subscriptions-secret
---
# Source: qliksense/charts/temporary-contents/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-temporary-contents
labels:
app: temporary-contents
chart: temporary-contents-1.3.15
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: temporary-contents
release: qliksense
spec:
containers:
- name: temporary-contents
image: ghcr.io/qlik-download/temporary-contents:1.4.6
imagePullPolicy:
ports:
- containerPort: 6080
env:
- name: TERMINATION_GRACE_PERIOD_SECONDS
value: "30"
- name: CONTENT_TIME_TO_LIVE
value: "10000"
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
- name: LOG_LEVEL
value: "info"
- name: FEATURE_FLAGS_URI
value: "http://qliksense-feature-flags:8080"
- name: AUTH_ENABLED
value: "true"
- name: AUTH_JWKS_URI
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: AUTH_JWT_AUD
value: "qlik.api.internal"
- name: AUTH_JWT_ISS
value: "qlik.api.internal"
- name: TOKEN_AUTH_ENABLED
value: "true"
- name: TOKEN_AUTH_PRIVATE_KEY
value: "-----BEGIN EC PRIVATE KEY-----\nMIGkAgEBBDACC8nAwmWgM7ozTUo3Kjsl6O5qbEj3OuXvF7BMbPirgevah1fuUs2l\n9xxOoQIMolugBwYFK4EEACKhZANiAAQOvV5QDwOi+osbqHWvOQTK5ShTaee5A/qm\nhKDg8pjHtKQLbCBaneu7YE4asIUYur47b17pkpTG9Xn9s4JMvzO685cKS90D4MiA\ntneIX5FJz3VRnGdTih0yMPC9fAqdsrI=\n-----END EC PRIVATE KEY-----\n"
- name: TOKEN_AUTH_KID
value: "ckZJbjOzS1zWHMV8XqX5Q_YKWx2A4FIuGM-Ac8PF4aA"
- name: TOKEN_AUTH_URL
value: "http://qliksense-edge-auth:8080/v1/internal-tokens"
- name: ENCRYPTION_CLIENT
value: "encryption"
- name: ENCRYPTION_URI
value: "http://qliksense-encryption:8080"
- name: ACCESS_CONTROL_ENABLED
value: "true"
- name: PDS_URI
value: "http://qliksense-policy-decisions:5080"
- name: STORAGE_PATH
value: "/qlik/temp-contents"
livenessProbe:
httpGet:
path: /health
port: 6080
readinessProbe:
httpGet:
path: /ready
port: 6080
volumeMounts:
- mountPath: /qlik/temp-contents
name: temp-files
readOnly: false
volumes:
- name: temp-files
persistentVolumeClaim:
claimName: qliksense-temporary-contents
imagePullSecrets:
- name: artifactory-docker-secret
terminationGracePeriodSeconds: 30
selector:
matchLabels:
app: temporary-contents
release: qliksense
---
# Source: qliksense/charts/transport/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-transport
labels:
app: transport
chart: transport-1.4.0
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: transport
release: qliksense
qliksense-nats-client: "true"
spec:
containers:
- name: transport
image: ghcr.io/qlik-download/transport:1.0.10
imagePullPolicy:
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 8080
readinessProbe:
httpGet:
path: /ready
port: 8080
env:
- name: JWKS_ENDPOINT
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
- name: MONGO_SSL
value:
- name: MONGO_SSL_VALIDATE
value:
- name: MONGO_CHECK_SERVER_IDENTITY
value:
- name: PDS_URI
value: "http://qliksense-policy-decisions:5080"
- name: FEATURES_URI
value: "http://qliksense-feature-flags:8080/v1/features"
- name: ROLLBAR_ENABLED
value: "false"
- name: TEMPORARY_CONTENTS_RESOURCE
value: "http://qliksense-temporary-contents:6080"
- name: NATS_ENABLED
value: "true"
- name: NATS_URL
value: "http://qliksense-nats-client:4222"
- name: NATS_CLUSTER_ID
value: qliksense-nats-streaming-cluster
- name: NATS_TOKEN_AUTH_ENABLED
value: "true"
- name: NATS_CLIENT_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: PRIVATE_KEY
value: "-----BEGIN EC PRIVATE KEY-----\nMIGkAgEBBDBnMMxxpupXyydYYjRpx0tRqnzwBhgThG01M+0WY22ooo9cU0/znZwf\nBjDPJjQpNTCgBwYFK4EEACKhZANiAAQG6+XLMYHrEq1mUiC7fhA/vtpVhbxe3nRi\nupN8sJ/03w009TXjR6ODrOUmCJkpNornR2B3wnONOScx7dgaAb4L6aUCgdjqkaSk\n6sTjYzME35T6nmoY7F91iHLg2QTfGgw=\n-----END EC PRIVATE KEY-----\n"
- name: KEY_ID
value: hPe8ng6iIeKvQFVtzehbgjGKH4uFu9uKyCgGQ1SjjCU
- name: INTERNAL_TOKENS_RESOURCE
value: "http://qliksense-edge-auth:8080"
- name: E2S_ADDR
value: "http://qliksense-encryption:8080"
resources:
limits: {}
requests: {}
imagePullSecrets:
- name: artifactory-docker-secret
selector:
matchLabels:
app: transport
release: qliksense
---
# Source: qliksense/charts/web-notifications/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-web-notifications
labels:
app: web-notifications
chart: web-notifications-1.5.13
release: qliksense
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: web-notifications
release: qliksense
template:
metadata:
labels:
app: web-notifications
release: qliksense
qliksense-nats-client: "true"
spec:
imagePullSecrets:
- name: artifactory-docker-secret
containers:
- name: web-notifications
image: ghcr.io/qlik-download/web-notifications:0.0.22
imagePullPolicy:
ports:
- containerPort: 8080
livenessProbe:
httpGet:
path: /live
port: 8080
readinessProbe:
httpGet:
path: /ready
port: 8080
env:
- name: LOG_LEVEL
value: "debug"
- name: JWKS_ENDPOINT
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: KEY_ID
value: "YUiIenAWJzwQHexnMp5gqMm7-JzlAx5JhnoeqLHLvmo"
- name: PRIVATE_KEY_FILE
value: "/run/secret/web-notifications/jwtPrivateKey"
- name: INTERNAL_TOKENS_RESOURCE
value: "http://qliksense-edge-auth:8080/v1"
- name: ROLLBAR_ENABLED
value: "false"
- name: MONGODB_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
- name: MONGODB_SSL
value:
- name: MONGODB_SSL_VALIDATE
value:
- name: MONGODB_CHECK_SERVER_IDENTITY
value:
- name: NATS_ENABLED
value: "true"
- name: NATS_URL
value: "http://qliksense-nats-client:4222"
- name: NATS_CLUSTER_ID
value: qliksense-nats-streaming-cluster
- name: NATS_CLIENT_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
volumeMounts:
- name: qliksense-web-notifications-secret
mountPath: "/run/secret/web-notifications"
readOnly: true
# resources: {}
volumes:
- name: qliksense-web-notifications-secret
secret:
secretName: qliksense-web-notifications-secret
---
# Source: qliksense/charts/web-security/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: qliksense-web-security
labels:
app: web-security
chart: web-security-1.4.18
release: qliksense
heritage: Tiller
spec:
replicas: 1
template:
metadata:
labels:
app: web-security
release: qliksense
qliksense-nats-client: "true"
spec:
containers:
- name: web-security
image: ghcr.io/qlik-download/web-security:1.7.0
imagePullPolicy:
ports:
- containerPort: 6263
# resources: {}
env:
- name: ENVIRONMENT
value:
- name: TERMINATION_GRACE_PERIOD
value: "30"
- name: CSP_MAX_HEADER_LENGTH
value:
- name: CSP_MAX_ENTRIES_PER_TENANT
value:
- name: LOG_LEVEL
value: "info"
- name: AUTH_ENABLED
value: "true"
- name: AUTH_JWKS_URI
value: "http://qliksense-keys:8080/v1/keys/qlik.api.internal"
- name: AUTH_JWT_AUD
value: "qlik.api.internal"
- name: AUTH_JWT_ISS
value: "qlik.api.internal"
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
- name: MESSAGING_ENABLED
value: "true"
- name: MESSAGING_AUTH_ENABLED
value: "true"
- name: MESSAGING_NATS_ADDR
value: "nats://qliksense-nats-client:4222"
- name: MESSAGING_STAN_CLUSTER_ID
value: "qliksense-nats-streaming-cluster"
- name: TOKEN_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: qliksense-web-security-tokenconfig
key: token-privateKey
- name: TOKEN_KID
valueFrom:
secretKeyRef:
name: qliksense-web-security-tokenconfig
key: token-kid
- name: TOKEN_URI
value: "http://qliksense-edge-auth:8080/v1/internal-tokens"
volumeMounts:
- mountPath: /etc/config
name: csp-volume
livenessProbe:
httpGet:
path: /live
port: 6263
readinessProbe:
httpGet:
path: /ready
port: 6263
imagePullSecrets:
- name: artifactory-docker-secret
dnsConfig:
options:
- name: timeout
value: "1"
volumes:
- name: csp-volume
configMap:
name: csp-configmap
items:
- key: csp
path: csp
terminationGracePeriodSeconds: 30
selector:
matchLabels:
app: web-security
release: qliksense
---
# Source: qliksense/charts/dcaas/charts/dcaas-redis/templates/redis-master-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: qliksense-dcaas-redis-master
labels:
app: dcaas-redis
chart: dcaas-redis-10.5.6
release: qliksense
heritage: Tiller
spec:
selector:
matchLabels:
app: dcaas-redis
release: qliksense
role: master
serviceName: qliksense-dcaas-redis-headless
template:
metadata:
labels:
app: dcaas-redis
chart: dcaas-redis-10.5.6
release: qliksense
role: master
annotations:
checksum/health: c2d78ec595d935b414e71602fa4ade6562af3e5f7af9c11213faabe6dc7d8bd8
checksum/configmap: 281de8a922852a97ac24df4b05b943b6c4a1b125b6087adc0d330eff1f338aaa
checksum/secret: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
spec:
securityContext:
fsGroup: 1001
serviceAccountName: "default"
containers:
- name: qliksense-dcaas-redis
image: "docker.io/bitnami/redis:5.0.7-debian-10-r32"
imagePullPolicy: "IfNotPresent"
securityContext:
runAsUser: 1001
command:
- /bin/bash
- -c
- |
if [[ -n $REDIS_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDIS_PASSWORD=$password_aux
fi
if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
ARGS=("--port" "${REDIS_PORT}")
ARGS+=("--protected-mode" "no")
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
/run.sh ${ARGS[@]}
env:
- name: REDIS_REPLICATION_MODE
value: master
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
- name: REDIS_PORT
value: "6379"
ports:
- name: redis
containerPort: 6379
livenessProbe:
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_liveness_local.sh 5
readinessProbe:
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_readiness_local.sh 5
resources:
null
volumeMounts:
- name: health
mountPath: /health
- name: redis-data
mountPath: /data
subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc/
volumes:
- name: health
configMap:
name: qliksense-dcaas-redis-health
defaultMode: 0755
- name: config
configMap:
name: qliksense-dcaas-redis
- name: redis-tmp-conf
emptyDir: {}
volumeClaimTemplates:
- metadata:
name: redis-data
labels:
app: dcaas-redis
release: qliksense
heritage: Tiller
component: master
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "8Gi"
selector:
updateStrategy:
type: RollingUpdate
---
# Source: qliksense/charts/engine/charts/redis-user-state/templates/redis-master-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: qliksense-redis-user-state-master
labels:
app: redis-user-state
chart: redis-user-state-10.5.6
release: qliksense
heritage: Tiller
spec:
selector:
matchLabels:
app: redis-user-state
release: qliksense
role: master
serviceName: qliksense-redis-user-state-headless
template:
metadata:
labels:
app: redis-user-state
chart: redis-user-state-10.5.6
release: qliksense
role: master
annotations:
checksum/health: 5fc6e78178edeb014376fa425688b5a4e33ce35cf8d8bb300f01c9ddde5e78ba
checksum/configmap: 47b27d12b793e79ba194a080104d864799e61005d3b3294a68a7c9baa0b6d468
checksum/secret: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
spec:
serviceAccountName: "default"
containers:
- name: qliksense-redis-user-state
image: "docker.io/bitnami/redis:5.0.7-debian-10-r32"
imagePullPolicy: "IfNotPresent"
command:
- /bin/bash
- -c
- |
if [[ -n $REDIS_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDIS_PASSWORD=$password_aux
fi
if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
ARGS=("--port" "${REDIS_PORT}")
ARGS+=("--protected-mode" "no")
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
/run.sh ${ARGS[@]}
env:
- name: REDIS_REPLICATION_MODE
value: master
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
- name: REDIS_PORT
value: "6379"
ports:
- name: redis
containerPort: 6379
livenessProbe:
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_liveness_local.sh 5
readinessProbe:
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_readiness_local.sh 5
resources:
null
volumeMounts:
- name: health
mountPath: /health
- name: redis-data
mountPath: /data
subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc/
- name: sentinel
image: "docker.io/bitnami/redis-sentinel:5.0.7-debian-10-r27"
imagePullPolicy: "IfNotPresent"
command:
- /bin/bash
- -c
- |
if [[ -n $REDIS_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDIS_PASSWORD=$password_aux
fi
if [[ ! -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]];then
cp /opt/bitnami/redis-sentinel/mounted-etc/sentinel.conf /opt/bitnami/redis-sentinel/etc/sentinel.conf
fi
echo "Getting information about current running sentinels"
# Get information from existing sentinels
existing_sentinels=$(timeout -s 9 5 redis-cli --raw -h qliksense-redis-user-state -a "$REDIS_PASSWORD" -p 26379 SENTINEL sentinels engine-redis-user-state)
echo "$existing_sentinels" | awk -f /health/parse_sentinels.awk | tee -a /opt/bitnami/redis-sentinel/etc/sentinel.conf
redis-server /opt/bitnami/redis-sentinel/etc/sentinel.conf --sentinel
env:
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
- name: REDIS_SENTINEL_PORT
value: "26379"
ports:
- name: redis-sentinel
containerPort: 26379
livenessProbe:
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_sentinel.sh 5
readinessProbe:
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_sentinel.sh 5
resources:
null
volumeMounts:
- name: health
mountPath: /health
- name: redis-data
mountPath: /data
subPath:
- name: config
mountPath: /opt/bitnami/redis-sentinel/mounted-etc
- name: sentinel-tmp-conf
mountPath: /opt/bitnami/redis-sentinel/etc/
volumes:
- name: health
configMap:
name: qliksense-redis-user-state-health
defaultMode: 0755
- name: config
configMap:
name: qliksense-redis-user-state
- name: redis-tmp-conf
emptyDir: {}
- name: sentinel-tmp-conf
emptyDir: {}
volumeClaimTemplates:
- metadata:
name: redis-data
labels:
app: redis-user-state
release: qliksense
heritage: Tiller
component: master
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "8Gi"
selector:
updateStrategy:
type: RollingUpdate
---
# Source: qliksense/charts/engine/charts/redis-user-state/templates/redis-slave-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: qliksense-redis-user-state-slave
labels:
app: redis-user-state
chart: redis-user-state-10.5.6
release: qliksense
heritage: Tiller
spec:
replicas: 2
serviceName: qliksense-redis-user-state-headless
selector:
matchLabels:
app: redis-user-state
release: qliksense
role: slave
template:
metadata:
labels:
app: redis-user-state
release: qliksense
chart: redis-user-state-10.5.6
role: slave
annotations:
checksum/health: 5fc6e78178edeb014376fa425688b5a4e33ce35cf8d8bb300f01c9ddde5e78ba
checksum/configmap: 47b27d12b793e79ba194a080104d864799e61005d3b3294a68a7c9baa0b6d468
checksum/secret: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
spec:
serviceAccountName: "default"
containers:
- name: qliksense-redis-user-state
image: docker.io/bitnami/redis:5.0.7-debian-10-r32
imagePullPolicy: "IfNotPresent"
command:
- /bin/bash
- -c
- |
if [[ -n $REDIS_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDIS_PASSWORD=$password_aux
fi
if [[ -n $REDIS_MASTER_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
export REDIS_MASTER_PASSWORD=$password_aux
fi
if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
ARGS=("--port" "${REDIS_PORT}")
ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
ARGS+=("--protected-mode" "no")
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
/run.sh "${ARGS[@]}"
env:
- name: REDIS_REPLICATION_MODE
value: slave
- name: REDIS_MASTER_HOST
value: qliksense-redis-user-state-master-0.qliksense-redis-user-state-headless.qliksense.svc.cluster.local
- name: REDIS_PORT
value: "6379"
- name: REDIS_MASTER_PORT_NUMBER
value: "6379"
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
ports:
- name: redis
containerPort: 6379
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_liveness_local.sh 5
readinessProbe:
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_readiness_local.sh 5
resources:
null
volumeMounts:
- name: health
mountPath: /health
- name: redis-data
mountPath: /data
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc
- name: sentinel
image: "docker.io/bitnami/redis-sentinel:5.0.7-debian-10-r27"
imagePullPolicy: "IfNotPresent"
command:
- /bin/bash
- -c
- |
if [[ -n $REDIS_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDIS_PASSWORD=$password_aux
fi
if [[ ! -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]];then
cp /opt/bitnami/redis-sentinel/mounted-etc/sentinel.conf /opt/bitnami/redis-sentinel/etc/sentinel.conf
fi
redis-server /opt/bitnami/redis-sentinel/etc/sentinel.conf --sentinel
env:
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
- name: REDIS_SENTINEL_PORT
value: "26379"
ports:
- name: redis-sentinel
containerPort: 26379
livenessProbe:
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_sentinel.sh 5
readinessProbe:
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_sentinel.sh 5
resources:
null
volumeMounts:
- name: health
mountPath: /health
- name: redis-data
mountPath: /data
subPath:
- name: config
mountPath: /opt/bitnami/redis-sentinel/mounted-etc
- name: sentinel-tmp-conf
mountPath: /opt/bitnami/redis-sentinel/etc
volumes:
- name: health
configMap:
name: qliksense-redis-user-state-health
defaultMode: 0755
- name: config
configMap:
name: qliksense-redis-user-state
- name: sentinel-tmp-conf
emptyDir: {}
- name: redis-tmp-conf
emptyDir: {}
volumeClaimTemplates:
- metadata:
name: redis-data
labels:
app: redis-user-state
release: qliksense
heritage: Tiller
component: slave
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "8Gi"
selector:
updateStrategy:
type: RollingUpdate
---
# Source: qliksense/charts/messaging/charts/nats-streaming/templates/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: qliksense-nats-streaming
labels:
app: "nats-streaming"
chart: "nats-streaming-1.0.2"
release: "qliksense"
heritage: "Tiller"
spec:
serviceName: nats-streaming
replicas: 3
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: nats-streaming
release: "qliksense"
template:
metadata:
labels:
app: "nats-streaming"
chart: "nats-streaming-1.0.2"
release: qliksense
annotations:
spec:
imagePullSecrets:
- name: artifactory-docker-secret
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
app: "nats-streaming"
release: "qliksense"
containers:
- name: nats-streaming
image: ghcr.io/qlik-download/nats-streaming:0.14.2
imagePullPolicy: IfNotPresent
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: USER
valueFrom:
secretKeyRef:
name: qliksense-nats-secret
key: client-user
- name: PASSWORD
valueFrom:
secretKeyRef:
name: qliksense-nats-secret
key: client-password
args: [
"-cid", "qliksense-nats-streaming-cluster",
"-m", "8222",
"-ns", "nats://qliksense-nats-client:4222",
"-mc", "100",
"-msu", "1000",
"-mm", "1000000",
"-mb", "900mb",
"-ma", "2h",
"-hbi", "10s",
"-hbt", "10s",
"-hbf", "5",
"-clustered",
"--cluster_node_id", "$(POD_NAME)",
"--cluster_peers", "qliksense-nats-streaming-0,qliksense-nats-streaming-1,qliksense-nats-streaming-2",
"--cluster_log_path", "/nats/qliksense-nats-streaming-cluster/$(POD_NAME)/raft",
"--store", "file",
"--dir", "/nats/qliksense-nats-streaming-cluster/$(POD_NAME)/data",
"--file_compact_enabled",
"--file_compact_frag", "50",
"--file_compact_interval", "300",
"--file_compact_min_size", "1048576",
"--file_buffer_size", "2097152",
"--file_crc",
"--file_crc_poly", "3988292384",
"--file_sync",
"--file_slice_max_msgs", "0",
"--file_slice_max_bytes", "67108931",
"--file_slice_max_age", "0",
"--file_fds_limit", "0",
"--file_parallel_recovery", "1",
"--user", "$(USER)",
"--pass", "$(PASSWORD)",
"-SD",
]
ports:
- name: monitoring
containerPort: 8222
volumeMounts:
- name: datadir
mountPath: /nats
livenessProbe:
httpGet:
path: /
port: monitoring
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
readinessProbe:
httpGet:
path: /
port: monitoring
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
#resources: {}
volumes:
- name: datadir
emptyDir: {}
---
# Source: qliksense/charts/messaging/charts/nats/templates/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: qliksense-nats
labels:
app: "nats"
chart: "nats-1.0.6"
release: "qliksense"
heritage: "Tiller"
spec:
serviceName: qliksense-nats-headless
replicas: 1
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: "nats"
release: "qliksense"
template:
metadata:
labels:
app: "nats"
chart: "nats-1.0.6"
release: "qliksense"
spec:
imagePullSecrets:
- name: artifactory-docker-secret
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
app: "nats"
release: "qliksense"
containers:
- name: nats
image: ghcr.io/qlik-download/qnatsd:0.3.3
imagePullPolicy: IfNotPresent
command:
- qnatsd
args:
- -c
- /opt/bitnami/nats/gnatsd.conf
- --jwt_users_file=/opt/bitnami/nats/users.json
- --jwt_auth_url=http://qliksense-keys:8080/v1/keys/qlik.api.internal
ports:
- name: client
containerPort: 4222
- name: cluster
containerPort: 6222
- name: monitoring
containerPort: 8222
livenessProbe:
httpGet:
path: /
port: monitoring
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
readinessProbe:
httpGet:
path: /
port: monitoring
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
# resources: {}
volumeMounts:
- name: config
mountPath: /opt/bitnami/nats
volumes:
- name: config
configMap:
name: qliksense-nats
---
# Source: qliksense/charts/redis/templates/redis-master-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: qliksense-redis-master
labels:
app: redis
chart: redis-10.5.6
release: qliksense
heritage: Tiller
spec:
selector:
matchLabels:
app: redis
release: qliksense
role: master
serviceName: qliksense-redis-headless
template:
metadata:
labels:
app: redis
chart: redis-10.5.6
release: qliksense
role: master
annotations:
checksum/health: 32cb8dbe139502874598d9bd5e699c524a30b84163b03d8a9e8a77a6da37dfc9
checksum/configmap: ab70fdea6b0006ade0fa9fb00cf049bb0dbf60cea383901fcf7237494e92248e
checksum/secret: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
spec:
securityContext:
fsGroup: 1001
serviceAccountName: "default"
containers:
- name: qliksense-redis
image: "docker.io/bitnami/redis:5.0.7-debian-10-r32"
imagePullPolicy: "IfNotPresent"
securityContext:
runAsUser: 1001
command:
- /bin/bash
- -c
- |
if [[ -n $REDIS_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDIS_PASSWORD=$password_aux
fi
if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
ARGS=("--port" "${REDIS_PORT}")
ARGS+=("--protected-mode" "no")
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
/run.sh ${ARGS[@]}
env:
- name: REDIS_REPLICATION_MODE
value: master
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
- name: REDIS_PORT
value: "6379"
#- name: REDIS_PASSWORD
# value: ""
ports:
- name: redis
containerPort: 6379
livenessProbe:
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_liveness_local.sh 5
readinessProbe:
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_readiness_local.sh 5
resources:
null
volumeMounts:
- name: health
mountPath: /health
- name: redis-data
mountPath: /data
subPath:
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc/
volumes:
- name: health
configMap:
name: qliksense-redis-health
defaultMode: 0755
- name: config
configMap:
name: qliksense-redis
- name: redis-tmp-conf
emptyDir: {}
volumeClaimTemplates:
- metadata:
name: redis-data
labels:
app: redis
release: qliksense
heritage: Tiller
component: master
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "8Gi"
selector:
updateStrategy:
type: RollingUpdate
---
# Source: qliksense/charts/redis/templates/redis-slave-statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: qliksense-redis-slave
labels:
app: redis
chart: redis-10.5.6
release: qliksense
heritage: Tiller
spec:
replicas: 2
serviceName: qliksense-redis-headless
selector:
matchLabels:
app: redis
release: qliksense
role: slave
template:
metadata:
labels:
app: redis
release: qliksense
chart: redis-10.5.6
role: slave
annotations:
checksum/health: 32cb8dbe139502874598d9bd5e699c524a30b84163b03d8a9e8a77a6da37dfc9
checksum/configmap: ab70fdea6b0006ade0fa9fb00cf049bb0dbf60cea383901fcf7237494e92248e
checksum/secret: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
spec:
securityContext:
fsGroup: 1001
serviceAccountName: "default"
containers:
- name: qliksense-redis
image: docker.io/bitnami/redis:5.0.7-debian-10-r32
imagePullPolicy: "IfNotPresent"
securityContext:
runAsUser: 1001
command:
- /bin/bash
- -c
- |
if [[ -n $REDIS_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_PASSWORD_FILE}`
export REDIS_PASSWORD=$password_aux
fi
if [[ -n $REDIS_MASTER_PASSWORD_FILE ]]; then
password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
export REDIS_MASTER_PASSWORD=$password_aux
fi
if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
fi
if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
ARGS=("--port" "${REDIS_PORT}")
ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
ARGS+=("--protected-mode" "no")
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
/run.sh "${ARGS[@]}"
env:
- name: REDIS_REPLICATION_MODE
value: slave
- name: REDIS_MASTER_HOST
value: qliksense-redis-master-0.qliksense-redis-headless.qliksense.svc.cluster.local
- name: REDIS_PORT
value: "6379"
- name: REDIS_MASTER_PORT_NUMBER
value: "6379"
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
ports:
- name: redis
containerPort: 6379
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_liveness_local_and_master.sh 5
readinessProbe:
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 5
exec:
command:
- sh
- -c
- /health/ping_readiness_local_and_master.sh 5
resources:
null
volumeMounts:
- name: health
mountPath: /health
- name: redis-data
mountPath: /data
- name: config
mountPath: /opt/bitnami/redis/mounted-etc
- name: redis-tmp-conf
mountPath: /opt/bitnami/redis/etc
volumes:
- name: health
configMap:
name: qliksense-redis-health
defaultMode: 0755
- name: config
configMap:
name: qliksense-redis
- name: sentinel-tmp-conf
emptyDir: {}
- name: redis-tmp-conf
emptyDir: {}
volumeClaimTemplates:
- metadata:
name: redis-data
labels:
app: redis
release: qliksense
heritage: Tiller
component: slave
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "8Gi"
selector:
updateStrategy:
type: RollingUpdate
---
# Source: qliksense/charts/insights/templates/prune-graph-cronjob.yaml
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: qliksense-insights-pruning
spec:
schedule: "0 0 * * *"
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
jobTemplate:
spec:
template:
spec:
imagePullSecrets:
- name: artifactory-docker-secret
containers:
- name: insights-pruning
image: ghcr.io/qlik-download/insights:2.0.11
imagePullPolicy: IfNotPresent
env:
- name: PRUNE_ONLY
value: "true"
- name: ENVIRONMENT
value: "k8s"
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
restartPolicy: Never
---
# Source: qliksense/charts/precedents/templates/prune-graph-cronjob.yaml
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: qliksense-precedents-pruning
spec:
schedule: "0 0 * * *"
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
jobTemplate:
spec:
template:
spec:
imagePullSecrets:
- name: artifactory-docker-secret
containers:
- name: precedents-pruning
image: ghcr.io/qlik-download/precedents:0.81.0
imagePullPolicy: IfNotPresent
env:
- name: PRUNE_ONLY
value: "true"
- name: MODE
value: "elastic"
- name: LOGLEVEL
value: ""
- name: PRUNE_URL
value: "http://qliksense-precedents:9054/v1/graph/prune"
- name: EDGE_AUTH_URI
value: "http://qliksense-edge-auth:8080"
# Private Signing Key
- name: SELF_SIGNING_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: qliksense-precedents-secret
key: privatekey
- name: KEY_IDENTIFIER
value: GrvbBlHIXFBB7vrpoOl4VyrGIYl_1kUgKSfNqBoh0ds
restartPolicy: Never
---
# Source: qliksense/charts/sharing/templates/prune-graph-cronjob.yaml
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: qliksense-sharing-pruning
spec:
schedule: "0 0 * * *"
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
jobTemplate:
spec:
template:
spec:
imagePullSecrets:
- name: artifactory-docker-secret
containers:
- name: sharing-pruning
image: ghcr.io/qlik-download/sharing:3.0.63
imagePullPolicy: IfNotPresent
env:
- name: PRUNE_ONLY
value: "true"
- name: ENVIRONMENT
value: "k8s"
- name: NATS_ENABLED
value: "false"
- name: MONGO_URI
valueFrom:
secretKeyRef:
name: qliksense-mongoconfig
key: mongodb-uri
restartPolicy: Never
---
# Source: qliksense/charts/collections/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-collections
labels:
app: collections
chart: collections-2.8.55
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/v1/(.*) /v1/$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/collections
backend:
serviceName: qliksense-collections
servicePort: 8080
- path: /api/v1/items
backend:
serviceName: qliksense-collections
servicePort: 8080
---
# Source: qliksense/charts/data-connections/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-data-connections
labels:
app: data-connections
chart: data-connections-1.7.4
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/(v[0-9])/dc-(.*) /$1/$2 break;
spec:
rules:
- http:
paths:
- path: /api/v1/dc-dataconnections
backend:
serviceName: qliksense-data-connections
servicePort: 9011
- path: /api/v1/dc-datacredentials
backend:
serviceName: qliksense-data-connections
servicePort: 9011
---
# Source: qliksense/charts/data-connector-qwc/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-data-connector-qwc-web
labels:
app: data-connector-qwc
chart: data-connector-qwc-3.0.3
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-signin: https://$host/login?returnto=$escaped_request_uri
nginx.ingress.kubernetes.io/rewrite-target: "/$1/$2"
spec:
rules:
- http:
paths:
- path: /customdata/64/(QvWebConnectorPackage)/(.+)
backend:
serviceName: qliksense-data-connector-qwc-web
servicePort: 6384
- path: /customdata/64/(QvWebStorageProviderConnectorPackage)/(.+)
backend:
serviceName: qliksense-data-connector-qwc-web
servicePort: 6384
---
# Source: qliksense/charts/data-prep/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-data-prep
labels:
app: data-prep
chart: data-prep-2.0.7
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-response-headers: "Authorization"
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/dataprepservice/(.*) /$1 break;
rewrite (?i)/dataprepservice/(.*) /$1 break;
spec:
rules:
- http:
paths:
- path: /api/dataprepservice/v1/openapi
backend:
serviceName: qliksense-data-prep
servicePort: 9072
---
# Source: qliksense/charts/dcaas-web/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-dcaas-web
labels:
app: dcaas-web
chart: dcaas-web-1.1.92
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-signin: https://$host/login?returnto=$escaped_request_uri
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/customdata/64/?(.*) /$1 break;
nginx.ingress.kubernetes.io/rewrite-target: "/"
spec:
rules:
- http:
paths:
- path: /customdata/64
backend:
serviceName: qliksense-dcaas-web
servicePort: 6384
---
# Source: qliksense/charts/dcaas/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-dcaas
labels:
app: dcaas
chart: dcaas-1.7.4
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-response-headers: "Authorization"
nginx.ingress.kubernetes.io/auth-signin: "https://$host/login?returnto=$escaped_request_uri"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/dcaas/(.*) /$1 break;
rewrite (?i)/dcaas/(.*) /$1 break;
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
spec:
rules:
- http:
paths:
- path: /dcaas
backend:
serviceName: qliksense-dcaas
servicePort: 9026
- path: /api/dcaas
backend:
serviceName: qliksense-dcaas
servicePort: 9026
---
# Source: qliksense/charts/elastic-infra/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-elastic-infra-api-404
labels:
app: elastic-infra
chart: elastic-infra-3.0.5
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers 'Access-Control-Allow-Origin: $http_origin';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
return 404;
nginx.ingress.kubernetes.io/server-snippet: |
opentracing on;
gzip on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/json application/xml;
gzip_disable msie6;
server_tokens off;
# Do not store anything in cache unless specific location overrides
more_set_headers "Cache-Control: no-store" "Pragma: no-cache";
# Enforce HSTS
more_set_headers "Strict-Transport-Security: max-age=15724800; includeSubDomains";
# The following custom auth block is required so we can have a reliable auth path for engine load balancing (below)
location = /_external-auth-engine {
internal;
proxy_pass_request_body off;
proxy_set_header X-Forwarded-Proto "";
proxy_set_header Host edge-auth.default.svc.cluster.local;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Original-Method $request_method;
proxy_set_header X-Sent-From "nginx-ingress-controller";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Auth-Request-Redirect $request_uri;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 4k;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_ssl_server_name on;
proxy_pass_request_headers on;
client_max_body_size "1m";
# Pass the extracted client certificate to the auth provider
set $target http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth;
opentracing_propagate_context;
proxy_pass $target;
}
# The following is for dataprepservice as a load balancer
location = /_dataprepservice_special {
internal;
proxy_set_header Content-Type "application/json";
set $target http://qliksense-data-prep.qliksense.svc.cluster.local:9072/session/route;
opentracing_propagate_context;
proxy_pass $target;
}
# This block is for app open websocket upgrade requests. It calls qix-sessions to get an engine
# session and then proxies the websocket upgrade to the returned engine.
#
# Here are some example paths that would match this location.
# /app/%3Ftransient%3D
# /app/a774322d-8230-4688-b459-3e037d53a560
# /app/a774322d-8230-4688-b459-3e037d53a560/identity/36fec6a7-61c5-41ba-b9f5-76997a53a82c
# /app/SessionApp_a774322d-8230-4688-b459-3e037d53a560
# /app/SessionApp_a774322d-8230-4688-b459-3e037d53a560/identity/36fec6a7-61c5-41ba-b9f5-76997a53a82c
# /qvapp/a774322d-8230-4688-b459-3e037d53a560
# /qvapp/a774322d-8230-4688-b459-3e037d53a560/identity/36fec6a7-61c5-41ba-b9f5-76997a53a82c
#
# Note that location does not contain the query string (e.g. ?example1=true&example2=yes).
# This golang regex tester is good for testing changes to the localtion regex: https://regex101.com/.
#
# ^/app/(SessionApp_)?([a-zA-Z0-9\-]+|%3Ftransient%3D)(/identity/)?([a-zA-Z0-9\-]+)?.*|^/(qv)app/([a-zA-Z0-9\-])(/identity/)?([a-zA-Z0-9\-]+)?.*
#
location ~ ^/(qv)?app/(SessionApp_)?([a-zA-Z0-9\-]+|%3Ftransient%3D)(/identity/)?([a-zA-Z0-9\-]+)?.* {
set $engine_path '';
set $app_path $1;
set $session_app $2;
set $app_id $3;
set $session_id $5;
set $auth_path http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth;
set $qix_session_path http://qliksense-qix-sessions.qliksense.svc.cluster.local:8080/v1/engine-sessions;
access_by_lua_block {
local bridge_tracer = require("opentracing_bridge_tracer")
local tracer = bridge_tracer.new_from_global()
local parent_context = tracer:binary_extract(ngx.var.opentracing_binary_context)
local span = tracer:start_span("qix_sessions_lua_ws", {["references"] = { {"child_of", parent_context} } })
local http = require "resty.http"
local httpc = http.new()
local headers = {}
-- Copy incoming headers
for h,v in pairs(ngx.req.get_headers()) do
headers[h] = v
end
-- Set specific headers
headers["X-Forwarded-Proto"] = ""
headers["X-Original-URL"] = string.format("%s://%s%s", ngx.var.scheme, ngx.var.http_host, ngx.var.request_uri)
headers["X-Original-Method"] = ngx.var.request_method
headers["X-Original-Origin"] = ngx.var.http_origin
headers["X-Sent-From"] = "nginx-ingress-controller"
headers["X-Real-IP"] = ngx.var.the_real_ip
headers["X-Forwarded-For"] = ngx.var.the_real_ip
headers["X-Auth-Request-Redirect"] = ngx.var.request_uri
headers["Host"] = "edge-auth.default.svc.cluster.local"
headers["qlik-web-integration-id"] = ngx.req.get_uri_args()["qlik-web-integration-id"]
tracer:http_headers_inject(span:context(), headers)
-- Authenticate
local authres, err = httpc:request_uri(ngx.var.auth_path, { headers = headers })
if err then
ngx.log(ngx.ERR, "error calling edge_auth: " .. tostring(err))
span:set_tag("error", true)
span:finish()
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
return
end
span:set_tag("auth.status", authres.status)
if authres.status ~= ngx.HTTP_OK then
ngx.log(ngx.ERR, authres.status .. " received from edge_auth")
span:set_tag("error", true)
span:finish()
if authres.status == ngx.HTTP_UNAUTHORIZED or authres.status == ngx.HTTP_FORBIDDEN then
ngx.exit(authres.status)
return
else
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
return
end
end
-- Set upstream Authorization header
ngx.req.set_header("Authorization", authres.headers["Authorization"])
-- Find upstream engine
local engReqBody = "{\"appId\":\"" .. ngx.var.app_id .. "\","
if string.len(ngx.var.session_id) > 0 then
engReqBody = engReqBody .. "\"id\":\"" .. ngx.var.session_id .. "\","
end
if "SessionApp_" == ngx.var.session_app then
engReqBody = engReqBody .. "\"workloadType\":\"sessionapp\"}"
else
engReqBody = engReqBody .. "\"workloadType\":\"analyse\"}"
end
local reqHeaders = {}
reqHeaders["Content-Type"] = "application/json"
reqHeaders["Authorization"] = authres.headers["Authorization"]
tracer:http_headers_inject(span:context(), reqHeaders)
local qix_session_res, qix_session_err = httpc:request_uri(ngx.var.qix_session_path, {
method = "POST",
headers = reqHeaders,
body = engReqBody
})
if qix_session_err then
ngx.log(ngx.ERR, "error calling qix-sessions: " .. tostring(qix_session_err))
span:set_tag("error", true)
span:finish()
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
return
end
span:set_tag("qix.sessions.status", qix_session_res.status)
if qix_session_res.status ~= ngx.HTTP_CREATED then
ngx.log(ngx.ERR, qix_session_res.status .. " received from qix-sessions")
span:set_tag("error", true)
span:finish()
ngx.exit(qix_session_res.status)
return
end
local cjson = require "cjson";
local qix_sessions_route_data = cjson.decode(qix_session_res.body);
local engine_path = ""
if qix_sessions_route_data.links.engineUrl.href then
engine_path = qix_sessions_route_data.links.engineUrl.href .. "/TTL/120"
else
ngx.log(ngx.ERR, "invalid or empty engine path received from qix-sessions")
span:set_tag("error", true)
span:finish()
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
return
end
local app_placement_type = qix_sessions_route_data.placementDetails.appPlacementType
local selectors = qix_sessions_route_data.placementDetails.selectors
local selector_used = qix_sessions_route_data.placementDetails.selectorUsed
local from_cache = tostring(qix_sessions_route_data.fromCache)
local resp_value = ""
local parsed_selectors = "[";
if (type(selectors)) == "table" then
for i,selector in ipairs(selectors) do
parsed_selectors = parsed_selectors .. "\"" .. selector .. "\","
end
parsed_selectors = parsed_selectors:sub(1, -2)
end
parsed_selectors = parsed_selectors .. "]"
if app_placement_type and parsed_selectors and selector_used then
resp_value = "{\"appPlacementType\":\"" .. app_placement_type .. "\"," .. "\"selectors\":" .. parsed_selectors .. "," .. "\"selectorUsed\":\"" .. selector_used .. "\"," .. "\"fromCache\":\"" .. from_cache .. "\"}"
ngx.header["Placement-Details"] = resp_value
end
ngx.var.engine_path = engine_path
ngx.log(ngx.NOTICE, "forwarding request to url " .. engine_path)
-- Some of these span tags should be logs but as soon as span:log_kv is called the qix_sessions_lua_ws span
-- does not show up in jeager.
-- Some of these span tags shoulg be set much earlier but if we do that, unsuccessful spans to edge auth or
-- qix-sessions do not show up in jaeger.
span:set_tag("engine.path", engine_path)
span:set_tag("response.sessionId", qix_sessions_route_data.id)
span:set_tag("selector", selector_used)
span:set_tag("from.cache", from_cache)
if "qv" == ngx.var.app_path then
span:set_tag("resource.type", "qvapp")
else
span:set_tag("resource.type", "app")
end
span:set_tag("appId", ngx.var.app_id)
span:set_tag("request.sessionId", ngx.var.session_id)
if "SessionApp_" == ngx.var.session_app then
span:set_tag("session.app", true)
else
span:set_tag("session.app", false)
end
span:finish()
}
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
proxy_set_header X-Forwarded-Port 80;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_connect_timeout 7d;
proxy_read_timeout 7d;
proxy_send_timeout 7d;
proxy_http_version 1.1;
opentracing_propagate_context;
proxy_pass $engine_path;
}
# This block controls the data-prep websocket LB and proxying logic
location ~ ^/dataprepservice/app/(.+) {
set $dps_path '';
set $app_id $1;
access_by_lua_block {
local bridge_tracer = require("opentracing_bridge_tracer")
local tracer = bridge_tracer.new_from_global()
local parent_context = tracer:binary_extract(ngx.var.opentracing_binary_context)
local span = tracer:start_span("dataprep_lua_ws", {["references"] = { {"child_of", parent_context} } })
local headers = {}
for h,v in pairs(ngx.req.get_headers()) do
headers[h] = v
end
tracer:http_headers_inject(span:context(), headers)
local authres = ngx.location.capture("/_external-auth-engine", { headers = headers })
span:set_tag("auth.status", authres.status)
if authres.status ~= ngx.HTTP_OK then
ngx.log(ngx.ERR, authres.status .. " received from edge_auth")
span:set_tag("error", true)
span:finish()
if authres.status == ngx.HTTP_UNAUTHORIZED or authres.status == ngx.HTTP_FORBIDDEN then
ngx.exit(authres.status)
return
else
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
return
end
end
-- Set upstream Authorization header
ngx.req.set_header("Authorization", authres.header["Authorization"])
local dpsHeaders = {}
for h,v in pairs(ngx.req.get_headers()) do
dpsHeaders[h] = v
end
dpsHeaders["Authorization"] = authres.header["Authorization"]
tracer:http_headers_inject(span:context(), dpsHeaders)
local reqBody = "{\"appId\":\"" .. ngx.var.app_id .. "\"}"
local dps_res = ngx.location.capture("/_dataprepservice_special", {
method = ngx.HTTP_POST,
headers = dpsHeaders,
body = reqBody
})
span:set_tag("data.prep.status", dps_res.status)
if dps_res.status ~= ngx.HTTP_OK then
ngx.log(ngx.ERR, "error from dataprepservice route request = " .. dps_res.status)
span:set_tag("error", true)
span:finish()
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
return
end
local cjson = require "cjson";
local dps_route_data = cjson.decode(dps_res.body);
local dps_path = dps_route_data.url
if not dps_path then
ngx.log(ngx.ERR, "invalid or empty path received from dataprepservice")
span:set_tag("error", true)
span:finish()
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
return
end
ngx.var.dps_path = string.format("%s/app/%s", dps_path, ngx.var.app_id)
ngx.log(ngx.NOTICE, "forwarding dataprepservice WS request to url " .. ngx.var.dps_path)
span:set_tag("data.prep.path", ngx.var.dps_path)
span:finish()
}
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
proxy_set_header X-Forwarded-Port 80;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_connect_timeout 7d;
proxy_read_timeout 7d;
proxy_send_timeout 7d;
proxy_http_version 1.1;
opentracing_propagate_context;
proxy_pass $dps_path;
}
# This block controls the data-prep REST API LB and proxying logic
location ~ ^/api/dataprepservice/v1/apps/([^/]*)/(.*) {
set $dps_path '';
set $auth_path http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth;
set $dps_route_path http://qliksense-data-prep.qliksense.svc.cluster.local:9072/session/route;
set $app_id $1;
set $end_point $2;
set $redir https://$best_http_host$request_uri;
# enforce ssl on server side
access_by_lua_block {
local bridge_tracer = require("opentracing_bridge_tracer")
local tracer = bridge_tracer.new_from_global()
local parent_context = tracer:binary_extract(ngx.var.opentracing_binary_context)
local span = tracer:start_span("dataprep_lua_rest", {["references"] = { {"child_of", parent_context} } })
local function redirect_to_https()
return ngx.var.pass_access_scheme == "http" and (ngx.var.scheme == "http" or ngx.var.scheme == "https")
end
if redirect_to_https() then
span:finish()
ngx.redirect(ngx.var.redir, ngx.HTTP_MOVED_PERMANETLY)
return
end
local http = require "resty.http"
local httpc = http.new()
local random = math.random
local function guid()
local template ='xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'
return string.gsub(template, '[xy]', function (found)
local gen = (found == 'x') and random(0, 0xf) or random(8, 0xb)
return string.format('%x', gen)
end)
end
local headers = {}
for h,v in pairs(ngx.req.get_headers()) do
headers[h] = v
end
headers["Host"] = "edge-auth.default.svc.cluster.local"
headers["X-Original-URL"] = string.format("%s://%s%s", ngx.var.scheme, ngx.var.http_host, ngx.var.request_uri)
headers["X-Original-Method"] = ngx.var.request_method
headers["X-Sent-From"] = "nginx-ingress-controller"
headers["X-Real-IP"] = ngx.var.the_real_ip
headers["X-Forwarded-For"] = ngx.var.the_real_ip
headers["X-Auth-Request-Redirect"] = ngx.var.request_uri
headers["X-DataPrep-Lua-Request-ID"] = guid()
tracer:http_headers_inject(span:context(), headers)
local res, err = httpc:request_uri(ngx.var.auth_path, {
headers = headers,
method = "GET",
version = 1.1,
keepalive_timeout = 60,
keepalive_pool = 10 })
if err then
local hdrStr = ""
for key,value in pairs(headers) do
if string.lower(key) ~= "cookie" then
hdrStr = hdrStr .. key .. ":" .. value .. " "
end
end
ngx.log(ngx.ERR, "error calling edge_auth " .. tostring(err) .. " auth headers: " .. hdrStr .. " edge_auth URI: " .. ngx.var.auth_path)
span:set_tag("error", true)
span:finish()
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
return
end
span:set_tag("auth.status", res.status)
if res.status ~= ngx.HTTP_OK then
ngx.log(ngx.ERR, res.status .. " received from edge_auth")
span:set_tag("error", true)
span:finish()
if res.status == ngx.HTTP_UNAUTHORIZED or res.status == ngx.HTTP_FORBIDDEN then
ngx.exit(res.status)
return
else
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
return
end
end
-- Set upstream Authorization header
ngx.req.set_header("Authorization", res.headers["Authorization"])
local reqHeaders = {}
reqHeaders["Content-Type"] = "application/json"
reqHeaders["Authorization"] = res.headers["Authorization"]
tracer:http_headers_inject(span:context(), reqHeaders)
local reqBody = "{\"appId\":\"" .. ngx.var.app_id .. "\"}"
local dps_res, dps_err = httpc:request_uri(ngx.var.dps_route_path, {
method = "POST",
headers = reqHeaders,
body = reqBody
})
if dps_err then
ngx.log(ngx.ERR, "error calling dataprepservice: " .. tostring(dps_err))
span:set_tag("error", true)
span:finish()
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
return
end
span:set_tag("data.prep.status", dps_res.status)
if dps_res.status ~= ngx.HTTP_OK then
ngx.log(ngx.ERR, "error from dataprepservice route request: " .. dps_res.status)
span:set_tag("error", true)
span:finish()
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
return
end
local cjson = require "cjson";
local dps_route_data = cjson.decode(dps_res.body);
local dps_path = dps_route_data.url
if not dps_path then
ngx.log(ngx.ERR, "invalid or empty path received from dataprepservice")
span:set_tag("error", true)
span:finish()
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
return
end
local query_params = ngx.encode_args(ngx.req.get_uri_args())
if query_params then
query_params = "?" .. query_params
end
ngx.var.dps_path = string.format("%s/v1/apps/%s/%s%s", dps_path, ngx.var.app_id, ngx.var.end_point, query_params)
ngx.log(ngx.NOTICE, "forwarding dataprepservice request to url " .. ngx.var.dps_path)
span:set_tag("data.prep.path", ngx.var.dps_path)
span:finish()
}
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
proxy_set_header X-Forwarded-Port 80;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_connect_timeout 7d;
proxy_read_timeout 7d;
proxy_send_timeout 7d;
opentracing_propagate_context;
proxy_pass $dps_path;
}
nginx.ingress.kubernetes.io/proxy-body-size: 500m
nginx.org/client-max-body-size: 500m
spec:
rules:
- http:
paths: # paths are required but we override above with a return 404 so as to not hit the default backend
- path: /api
backend:
serviceName: qliksense-nginx-ingress-controller
servicePort: 80
---
# Source: qliksense/charts/engine/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-engine
labels:
app: engine
chart: engine-1.68.13
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/(.*) /$1 break;
nginx.ingress.kubernetes.io/proxy-body-size: 500m
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.org/client-max-body-size: 500m
spec:
rules:
- http:
paths:
- path: /api/v1/apps/import
backend:
serviceName: qliksense-engine
servicePort: 9076
- path: /api/v1/apps
backend:
serviceName: qliksense-engine
servicePort: 9076
- path: /api/engine/openapi
backend:
serviceName: qliksense-engine
servicePort: 9076
- path: /api/engine/openrpc
backend:
serviceName: qliksense-engine
servicePort: 9076
- path: /api/engine/asyncapi
backend:
serviceName: qliksense-engine
servicePort: 9076
---
# Source: qliksense/charts/eventing/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-eventing
labels:
app: eventing
chart: eventing-1.3.3
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/(.*) /$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/events
backend:
serviceName: qliksense-eventing
servicePort: 8080
---
# Source: qliksense/charts/feature-flags/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-feature-flags
labels:
app: feature-flags
chart: feature-flags-2.0.8
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
set $host_and_uri $http_host$request_uri;
if ( $host_and_uri ~* "^.{2049,}$" ) { return 414; }
rewrite (?i)/api/(.*) /$1 break;
more_clear_input_headers "X-Forwarded-Host" "X-Forwarded-For" "X-Forwarded-Proto" "X-Original-URI" "X-Original-URL";
spec:
rules:
- http:
paths:
- path: /api/v1/features
backend:
serviceName: qliksense-feature-flags
servicePort: 8080
---
# Source: qliksense/charts/generic-links/templates/ingress.yml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-generic-links
labels:
app: generic-links
chart: generic-links-1.1.18
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/v1/(.*) /v1/$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/generic-links
backend:
serviceName: qliksense-generic-links
servicePort: 6080
---
# Source: qliksense/charts/hub/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-hub
labels:
app: hub
chart: hub-1.3.109
release: qliksense
heritage: Tiller
annotations:
nginx.ingress.kubernetes.io/rewrite-target: "/"
nginx.ingress.kubernetes.io/configuration-snippet: |
if ( $request_method !~ ^(GET|HEAD)$ ) {
add_header Allow "GET, HEAD" always;
return 405;
}
kubernetes.io/ingress.class: qlik-nginx
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: qliksense-hub
servicePort: 3023
---
# Source: qliksense/charts/insights/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-insights-api
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/(.*) /$1 break;
labels:
app: insights
chart: insights-1.9.1
release: qliksense
heritage: Tiller
spec:
rules:
- http:
paths:
- path: /api/v1/insights
backend:
serviceName: qliksense-insights
servicePort: 9292
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-insights-insight
labels:
app: insights
chart: insights-1.9.1
release: qliksense
heritage: Tiller
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /insight
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-signin: https://$host/login?returnto=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
spec:
rules:
- http:
paths:
- path: /insight
backend:
serviceName: qliksense-insights
servicePort: 9292
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-insights-share
labels:
app: insights
chart: insights-1.9.1
release: qliksense
heritage: Tiller
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /share
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-signin: https://$host/login?returnto=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
spec:
rules:
- http:
paths:
- path: /share
backend:
serviceName: qliksense-insights
servicePort: 9292
---
# Source: qliksense/charts/licenses/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-licenses
labels:
app: licenses
chart: licenses-1.21.0
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/(.*) /$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/licenses
backend:
serviceName: qliksense-licenses
servicePort: 9200
---
# Source: qliksense/charts/locale/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-locale
labels:
app: locale
chart: locale-1.3.6
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/(.*) /$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/locale
backend:
serviceName: qliksense-locale
servicePort: 8080
---
# Source: qliksense/charts/management-console/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-management-console
labels:
app: management-console
chart: management-console-1.6.295
release: qliksense
heritage: Tiller
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite ^([^.]*[^/])$ $1/ permanent;
more_set_headers "Cache-Control" "Content-Security-Policy: frame-ancestors 'none'" "Pragma" "X-Content-Type-Options: nosniff" "X-Frame-Options: DENY" "X-XSS-Protection: 1; mode=block";
if ( $request_method !~ ^(GET|HEAD)$ ) {
add_header Allow "GET, HEAD" always;
return 405;
}
kubernetes.io/ingress.class: qlik-nginx
spec:
rules:
- http:
paths:
- path: /console
backend:
serviceName: qliksense-management-console
servicePort: 3024
---
# Source: qliksense/charts/nl-broker/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-nl-broker
labels:
app: nl-broker
chart: nl-broker-1.2.3
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/v1/(.*) /v1/$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/sentences
backend:
serviceName: qliksense-nl-broker
servicePort: 30301
---
# Source: qliksense/charts/nl-parser/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-nl-parser
labels:
app: nl-parser
chart: nl-parser-1.3.1
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/v1/(.*) /v1/$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/parse
backend:
serviceName: qliksense-nl-parser
servicePort: 30302
---
# Source: qliksense/charts/notification-prep/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-notification-prep
labels:
app: notification-prep
chart: notification-prep-1.0.10
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/(.*) /$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/notification-prep
backend:
serviceName: qliksense-notification-prep
servicePort: 8080
---
# Source: qliksense/charts/odag/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-odag
labels:
app: odag
chart: odag-1.9.4
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/odag/(.*) /$1 break;
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
spec:
rules:
- http:
paths:
- path: /api/odag/openapi
backend:
serviceName: qliksense-odag
servicePort: 9098
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-odag-api
labels:
app: odag
chart: odag-1.9.4
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/v1/(.*) /v1/$1 break;
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
spec:
rules:
- http:
paths:
- path: /api/v1/odag
backend:
serviceName: qliksense-odag
servicePort: 9098
- path: /api/v1/odaglinks
backend:
serviceName: qliksense-odag
servicePort: 9098
- path: /api/v1/odagisavailable4
backend:
serviceName: qliksense-odag
servicePort: 9098
- path: /api/v1/odagsettings
backend:
serviceName: qliksense-odag
servicePort: 9098
- path: /api/v1/odagrequests
backend:
serviceName: qliksense-odag
servicePort: 9098
---
# Source: qliksense/charts/policy-decisions/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-policy-decisions
labels:
app: policy-decisions
chart: policy-decisions-2.0.0
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/v1/(.*) /v1/$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/rules
backend:
serviceName: qliksense-policy-decisions
servicePort: 5080
- path: /api/v1/rulesets
backend:
serviceName: qliksense-policy-decisions
servicePort: 5080
- path: /api/v1/policies
backend:
serviceName: qliksense-policy-decisions
servicePort: 5080
---
# Source: qliksense/charts/precedents/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-precedents
labels:
app: precedents
chart: precedents-1.1.32
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/precedent/(.*) /$1 break;
spec:
rules:
- http:
paths:
- path: /api/precedent
backend:
serviceName: qliksense-precedents
servicePort: 9054
---
# Source: qliksense/charts/qix-data-connection/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-qix-data-connection
labels:
app: qix-data-connection
chart: qix-data-connection-1.8.9
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/(.*) /$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/dataconnections
backend:
serviceName: qliksense-qix-data-connection
servicePort: 9011
---
# Source: qliksense/charts/qix-datafiles/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-qix-datafiles
labels:
app: qix-datafiles
chart: qix-datafiles-1.10.42
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/(.*) /$1 break;
nginx.ingress.kubernetes.io/proxy-body-size: 500m
nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
nginx.org/client-max-body-size: 500m
nginx.ingress.kubernetes.io/client-body-buffer-size: 10m
spec:
rules:
- http:
paths:
- path: /api/v1/qix-datafiles
backend:
serviceName: qliksense-qix-datafiles
servicePort: 8080
---
# Source: qliksense/charts/qix-sessions/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-qix-sessions
labels:
app: qix-sessions
chart: qix-sessions-6.4.1
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/(.*) /$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/selectors
backend:
serviceName: qliksense-qix-sessions
servicePort: 8080
- path: /api/v1/engines
backend:
serviceName: qliksense-qix-sessions
servicePort: 8080
---
# Source: qliksense/charts/qlikview-client/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-qlikview-client
labels:
app: qlikview-client
chart: qlikview-client-1.0.27
release: qliksense
heritage: Tiller
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
kubernetes.io/ingress.class: qlik-nginx
spec:
rules:
- http:
paths:
- path: /qv/?(.*)
backend:
serviceName: qliksense-qlikview-client
servicePort: 9003
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-qlikview-client-ajax
labels:
app: qlikview-client
chart: qlikview-client-1.0.27
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
spec:
rules:
- http:
paths:
- path: /QvAjaxZfc
backend:
serviceName: qliksense-qlikview-client
servicePort: 9003
---
# Source: qliksense/charts/quotas/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-quotas
labels:
app: quotas
chart: quotas-1.0.4
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/v1/(.*) /v1/$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/quotas
backend:
serviceName: qliksense-quotas
servicePort: 6080
---
# Source: qliksense/charts/reload-tasks/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-reload-tasks
labels:
app: reload-tasks
chart: reload-tasks-1.6.5
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/(.*) /$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/reload-tasks
backend:
serviceName: qliksense-reload-tasks
servicePort: 8080
---
# Source: qliksense/charts/reloads/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-reloads
labels:
app: reloads
chart: reloads-1.7.10
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/(.*) /$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/reloads
backend:
serviceName: qliksense-reloads
servicePort: 8080
---
# Source: qliksense/charts/reporting/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-reporting
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/v1/(.*) /v1/$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/images
backend:
serviceName: qliksense-reporting
servicePort: 8282
- path: /api/v1/reports
backend:
serviceName: qliksense-reporting
servicePort: 8282
- path: /api/v1/files
backend:
serviceName: qliksense-reporting
servicePort: 8282
---
# Source: qliksense/charts/resource-library/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-resource-library
labels:
app: resource-library
chart: resource-library-1.10.11
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/extensions/?(.*) /v1/extensions/$1 break;
rewrite (?i)/api/(.*) /$1 break;
more_set_headers "Content-Security-Policy: default-src 'none';";
nginx.ingress.kubernetes.io/proxy-body-size: 250m
nginx.org/client-max-body-size: 250m
spec:
rules:
- http:
paths:
- path: /extensions
backend:
serviceName: qliksense-resource-library
servicePort: 21068
- path: /api/v1/extensions
backend:
serviceName: qliksense-resource-library
servicePort: 21068
- path: /api/v1/themes
backend:
serviceName: qliksense-resource-library
servicePort: 21068
---
# Source: qliksense/charts/sense-client/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-sense-client
labels:
app: sense-client
chart: sense-client-1.7.112
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-signin: https://$host/login?returnto=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "Cache-Control" "Pragma" "X-XSS-Protection: 1; mode=block" "X-Content-Type-Options: nosniff";
spec:
rules:
- http:
paths:
- path: /sense
backend:
serviceName: qliksense-sense-client
servicePort: 905
- path: /dataloadeditor
backend:
serviceName: qliksense-sense-client
servicePort: 9050
- path: /datamodelviewer
backend:
serviceName: qliksense-sense-client
servicePort: 9050
- path: /single
backend:
serviceName: qliksense-sense-client
servicePort: 9050
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-sense-client-resources
labels:
app: sense-client
chart: sense-client-1.7.112
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "Cache-Control" "Pragma" "Access-Control-Allow-Origin: *";
spec:
rules:
- http:
paths:
- path: /resources
backend:
serviceName: qliksense-sense-client
servicePort: 9050
---
# Source: qliksense/charts/sharing/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-sharing
labels:
app: sharing
chart: sharing-1.4.7
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/configuration-snippet: |
set $host_and_uri $http_host$request_uri;
if ( $host_and_uri ~* "^.{2049,}$" ) { return 414; }
if ( $request_uri ~* "^.*/files/.*$") {
more_set_headers 'Cache-Control: private, must-revalidate, max-age=0';
more_set_headers 'Expires: Mon, 01 Jan 0001 00:00:00 GMT';
more_set_headers 'Pragma: no-cache';
}
rewrite (?i)/api/v1/(.*) /v1/$1 break;
more_clear_input_headers "X-Forwarded-Host" "X-Forwarded-For" "X-Forwarded-Proto" "X-Original-URI" "X-Original-URL";
spec:
rules:
- http:
paths:
- path: /api/v1/sharing
backend:
serviceName: qliksense-sharing
servicePort: 8787
- path: /api/v1/alerting
backend:
serviceName: qliksense-sharing
servicePort: 8787
---
# Source: qliksense/charts/spaces/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-spaces
labels:
app: spaces
chart: spaces-2.8.32
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/v1/(.*) /v1/$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/spaces
backend:
serviceName: qliksense-spaces
servicePort: 6080
---
---
# Source: qliksense/charts/subscriptions/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-subscriptions
labels:
app: subscriptions
chart: subscriptions-1.0.3
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/(.*) /$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/subscriptions
backend:
serviceName: qliksense-subscriptions
servicePort: 8080
---
# Source: qliksense/charts/temporary-contents/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-temporary-contents
labels:
app: temporary-contents
chart: temporary-contents-1.3.15
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.org/client-max-body-size: "0"
nginx.ingress.kubernetes.io/client-body-buffer-size: 10m
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/proxy-read-timeout: "604800"
nginx.ingress.kubernetes.io/proxy-send-timeout: "604800"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
nginx.ingress.kubernetes.io/configuration-snippet: |
# Only set if origin is sent as header
if ( $http_origin ) {
set $origin $http_origin;
set $Access_Control_Allow_Credentials "true";
set $Access_Control_Allow_Methods "GET, HEAD, POST, PATCH, OPTIONS";
set $Access_Control_Allow_Headers "DNT,Qlik-Web-Integration-ID,Qlik-CSRF-Token,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Content-Location,Tus-Resumable,Upload-Length,Upload-Metadata,Upload-Offset";
set $Access_Control_Max_Age "1728000";
set $Access_Control_Expose_Headers "Qlik-CSRF-Token,Content-Location,Location,Upload-Length,Upload-Offset";
}
if ( $request_method = 'OPTIONS' ) {
more_set_headers 'Access-Control-Allow-Origin: $origin';
more_set_headers 'Access-Control-Allow-Credentials: $Access_Control_Allow_Credentials';
more_set_headers 'Access-Control-Allow-Methods: $Access_Control_Allow_Methods';
more_set_headers 'Access-Control-Allow-Headers: $Access_Control_Allow_Headers';
more_set_headers 'Access-Control-Expose-Headers: $Access_Control_Expose_Headers';
more_set_headers 'Access-Control-Max-Age: $Access_Control_Max_Age';
more_set_headers 'Tus-Resumable: 1.0.0';
more_set_headers 'Tus-Version: 1.0.0';
more_set_headers 'Tus-Extension: creation';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: $access_control_allow_origin';
more_set_headers 'Vary: $vary';
more_set_headers 'Access-Control-Allow-Credentials: $Access_Control_Allow_Credentials';
more_set_headers 'Access-Control-Allow-Methods: $Access_Control_Allow_Methods';
more_set_headers 'Access-Control-Allow-Headers: $Access_Control_Allow_Headers';
more_set_headers 'Access-Control-Expose-Headers: $Access_Control_Expose_Headers';
rewrite (?i)/api/(.*) /$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/temp-contents
backend:
serviceName: qliksense-temporary-contents
servicePort: 6080
---
# Source: qliksense/charts/transport/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-transport
labels:
app: transport
chart: transport-1.4.0
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/(.*) /$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/transport
backend:
serviceName: qliksense-transport
servicePort: 8080
---
# Source: qliksense/charts/web-notifications/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-web-notifications
labels:
app: web-notifications
chart: web-notifications-1.5.13
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/(.*) /$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/web-notifications
backend:
serviceName: qliksense-web-notifications
servicePort: 8080
---
# Source: qliksense/charts/web-security/templates/ingress.yml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: qliksense-web-security
labels:
app: web-security
chart: web-security-1.4.18
release: qliksense
heritage: Tiller
annotations:
kubernetes.io/ingress.class: qlik-nginx
nginx.ingress.kubernetes.io/auth-url: "http://qliksense-edge-auth.qliksense.svc.cluster.local:8080/v1/auth"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite (?i)/api/v1/(.*) /v1/$1 break;
spec:
rules:
- http:
paths:
- path: /api/v1/csp-origins
backend:
serviceName: qliksense-web-security
servicePort: 6263
- path: /api/v1/csp-header
backend:
serviceName: qliksense-web-security
servicePort: 6263
---
# Source: qliksense/charts/engine/templates/engines.yaml
apiVersion: qixengine.qlik.com/v1
kind: Engine
metadata:
name: engine-default
labels:
chart: engine-1.68.13
release: qliksense
heritage: Tiller
spec:
controller: Deployment
engineVariantName: engine-variant-qliksense
labels:
qlik.com/default: "true"
replicas: 1
---
apiVersion: qixengine.qlik.com/v1
kind: Engine
metadata:
name: engine-qlikview-default
labels:
chart: engine-1.68.13
release: qliksense
heritage: Tiller
spec:
controller: Deployment
engineVariantName: engine-variant-qlikview
labels:
qlik.com/default: "true"
replicas: 1
---
---
# Source: qliksense/charts/engine/templates/engine-template.yaml
apiVersion: qixengine.qlik.com/v1
kind: EngineTemplate
metadata:
name: engine-template-default
labels:
chart: engine-1.68.13
release: qliksense
heritage: Tiller
spec:
labels:
app: qliksense-engine
release: qliksense
qix-engine: qix-engine
qlik.com/engine-type: "qliksense"
qliksense-nats-client: "true"
qix-engine-version: 12.687.0
qlik.com/engine-deployment-name: qliksense-engine-template-default
metricsPort: "9090"
port: "9076"
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9090"
prometheus.io/job: engine
podSpec:
imagePullSecrets:
- name: artifactory-docker-secret
dnsConfig:
options:
- name: timeout
value: "1"
- name: single-request-reopen
terminationGracePeriodSeconds: 30
containers:
- name: engine
image: ghcr.io/qlik-download/engine:12.687.0
args:
- -S
- BasePathPrefix=/api
- -S
- DocumentDirectory=/qlik/apps
- -S
- EnableNumericalAbbreviation=0
- -S
- EnableQvwRestImport=1
- -S
- EnableRestartOnSessionStall=1
- -S
- EnableWebSocketIdleManagement=1
- -S
- FolderConnectionInterface=0
- -S
- ShutdownWait=1
- -S
- AcceptEULA=yes
- -S
- PrometheusServicePort=9090
- -S
- DesktopPort=9076
- -S
- AuditLogVerbosity=0
- -S
- EnableExtServiceLogs=1
- -S
- EventBusLogVerbosity=4
- -S
- ExternalServicesLogVerbosity=4
- -S
- HttpTrafficLogVerbosity=4
- -S
- PerformanceLogVerbosity=0
- -S
- QixPerformanceLogVerbosity=0
- -S
- SSEVerbosity=4
- -S
- ScriptLogVerbosity=4
- -S
- SessionLogVerbosity=4
- -S
- SmartSearchIndexLogVerbosity=3
- -S
- SmartSearchQueryLogVerbosity=3
- -S
- SystemLogVerbosity=4
- -S
- TrafficLogVerbosity=0
- -S
- RestServiceRequestNbrOfRetries=5
- -S
- Autosave=1
- -S
- AutosaveInterval=5
- -S
- JWKSServiceUrl=http://qliksense-keys:8080/v1/keys/qlik.api.internal
- -S
- ValidateJsonWebTokens=2
- -S
- EnableRenewUserToken=1
- -S
- InternalTokenServiceUrl=http://qliksense-edge-auth:8080/v1
- -S
- JWTSignPrivateKeyId=uHxp0YvnYQx-AqQgHnxgKqTk_HmZiT67B8SYOlzSgoM
- -S
- JWTSignPrivateKeyPath=/etc/secrets/jwtPrivateKey
- -S
- EnableABAC=1
- -S
- EnableAccessControlTrace=1
- -S
- EnableFilePolling=1
- -S
- Gen3=1
- -S
- PersistenceMode=2
- -S
- SystemRules=/etc/config/rules.yaml
- -S
- ConnectivityServiceUrl=http://qliksense-qix-data-connection:9011
- -S
- ConnectorGetDataRetryCount=3
- -S
- ConnectorGetDataRetryIntervalInSeconds=10
- -S
- DataConnectorServiceUrl=http://qliksense-dcaas:9026
- -S
- EnableDataConnectivityService=1
- -S
- EnableGrpcFileStreamConnector=1
- -S
- HostedFileRetryCount=3
- -S
- HostedFileRetryIntervalInSeconds=10
- -S
- SSEPlugin=GeoOperations,qliksense-geo-operations:50072
- -S
- LicenseCacheTimeoutSeconds=3600
- -S
- LicenseServiceUrl=http://qliksense-licenses:9200
- -S
- EnableSpaces=1
- -S
- SpacesServiceUrl=http://qliksense-spaces:6080
- -S
- EnableEncryptData=1
- -S
- EncryptionServiceUrl=http://qliksense-encryption:8080
- -S
- UseEncryptionService=1
- -S
- EnableFeatureFlagService=1
- -S
- FeatureFlagServiceUrl=http://qliksense-feature-flags:8080
- -S
- EnableGroupsService=1
- -S
- GroupsServiceUrl=http://qliksense-groups:8080
- -S
- EnableAppExport=1
- -S
- EnableDownloadFromTCS=1
- -S
- EnableResumableUpload=1
- -S
- EnableTempContentService=1
- -S
- TempContentServiceUrl=http://qliksense-temporary-contents:6080
- -S
- STANCluster=qliksense-nats-streaming-cluster
- -S
- STANMaxReconnect=60
- -S
- STANReconnectWait=2
- -S
- STANTimeout=10
- -S
- STANUrl=nats://qliksense-nats-client:4222
- -S
- STANUseToken=1
- -S
- StatisticsEventIntervalMs=1000
- -S
- UseEventBus=1
- -S
- UseSTAN=1
- -S
- UseStatisticsEventProducer=1
- -S
- PersistUserState=1
- -S
- PersistedUserStateTTLSeconds=1800
- -S
- RedisConnectTimeoutMs=100
- -S
- RedisHost=qliksense-redis-user-state
- -S
- RedisPort=6379
- -S
- RedisSentinelConnectTimeoutMs=100
- -S
- RedisSentinelMasterSet=engine-redis-user-state
- -S
- RedisSentinelPort=26379
- -S
- RedisSentinelRetryIntervalMs=100
- -S
- RedisSentinelSocketTimeoutMs=100
- -S
- RedisSocketTimeoutMs=100
- -S
- UseRedis=1
- -S
- UseRedisSentinel=1
- -S
- EnvironmentName="example"
- -S
- RegionName="example"
- -S
- SessionTimeoutSec=1200
env:
- name: PROMETHEUS_PORT
value: "9090"
- name: GRPC_DNS_RESOLVER
value: "native"
ports:
- containerPort: 9076
- name: metrics
containerPort: 9090
livenessProbe:
httpGet:
path: /health
port: 9076
timeoutSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health
port: 9076
volumeMounts:
- mountPath: /qlik/apps
name: apps-storage
- name: secrets
mountPath: /etc/secrets
readOnly: true
- name: rules-volume
mountPath: /etc/config
- name: storagepath
mountPath: /home/engine/Qlik/Sense
- name: tmpdir
mountPath: /tmp
resources:
limits: {}
requests: {}
volumes:
- name: apps-storage
persistentVolumeClaim:
claimName: qliksense-engine
- name: secrets
secret:
secretName: qliksense-engine-secrets
- name: engine-prestop-hook
configMap:
name: qliksense-engine-prestop-hook
defaultMode: 0755
optional: true
- name: rules-volume
configMap:
name: qliksense-engine-rules-cm
- name: storagepath
emptyDir: {}
- name: tmpdir
emptyDir: {}
---
# Source: qliksense/charts/engine/templates/engine-variants.yaml
apiVersion: qixengine.qlik.com/v1
kind: EngineVariant
metadata:
name: engine-variant-qliksense
labels:
chart: engine-1.68.13
release: qliksense
heritage: Tiller
spec:
image: ghcr.io/qlik-download/engine:12.687.0
engineTemplateName: engine-template-default
labels:
qlik.com/engine-type: qliksense
args:
- -S
- BasePathPrefix=/api
- -S
- DocumentDirectory=/qlik/apps
- -S
- EnableNumericalAbbreviation=0
- -S
- EnableQvwRestImport=1
- -S
- EnableRestartOnSessionStall=1
- -S
- EnableWebSocketIdleManagement=1
- -S
- FolderConnectionInterface=0
- -S
- ShutdownWait=1
- -S
- AcceptEULA=yes
- -S
- PrometheusServicePort=9090
- -S
- DesktopPort=9076
- -S
- AuditLogVerbosity=0
- -S
- EnableExtServiceLogs=1
- -S
- EventBusLogVerbosity=4
- -S
- ExternalServicesLogVerbosity=4
- -S
- HttpTrafficLogVerbosity=4
- -S
- PerformanceLogVerbosity=0
- -S
- QixPerformanceLogVerbosity=0
- -S
- SSEVerbosity=4
- -S
- ScriptLogVerbosity=4
- -S
- SessionLogVerbosity=4
- -S
- SmartSearchIndexLogVerbosity=3
- -S
- SmartSearchQueryLogVerbosity=3
- -S
- SystemLogVerbosity=4
- -S
- TrafficLogVerbosity=0
- -S
- RestServiceRequestNbrOfRetries=5
- -S
- Autosave=1
- -S
- AutosaveInterval=5
- -S
- JWKSServiceUrl=http://qliksense-keys:8080/v1/keys/qlik.api.internal
- -S
- ValidateJsonWebTokens=2
- -S
- EnableRenewUserToken=1
- -S
- InternalTokenServiceUrl=http://qliksense-edge-auth:8080/v1
- -S
- JWTSignPrivateKeyId=uHxp0YvnYQx-AqQgHnxgKqTk_HmZiT67B8SYOlzSgoM
- -S
- JWTSignPrivateKeyPath=/etc/secrets/jwtPrivateKey
- -S
- EnableABAC=1
- -S
- EnableAccessControlTrace=1
- -S
- EnableFilePolling=1
- -S
- Gen3=1
- -S
- PersistenceMode=2
- -S
- SystemRules=/etc/config/rules.yaml
- -S
- ConnectivityServiceUrl=http://qliksense-qix-data-connection:9011
- -S
- ConnectorGetDataRetryCount=3
- -S
- ConnectorGetDataRetryIntervalInSeconds=10
- -S
- DataConnectorServiceUrl=http://qliksense-dcaas:9026
- -S
- EnableDataConnectivityService=1
- -S
- EnableGrpcFileStreamConnector=1
- -S
- HostedFileRetryCount=3
- -S
- HostedFileRetryIntervalInSeconds=10
- -S
- SSEPlugin=GeoOperations,qliksense-geo-operations:50072
- -S
- LicenseCacheTimeoutSeconds=3600
- -S
- LicenseServiceUrl=http://qliksense-licenses:9200
- -S
- EnableSpaces=1
- -S
- SpacesServiceUrl=http://qliksense-spaces:6080
- -S
- EnableEncryptData=1
- -S
- EncryptionServiceUrl=http://qliksense-encryption:8080
- -S
- UseEncryptionService=1
- -S
- EnableFeatureFlagService=1
- -S
- FeatureFlagServiceUrl=http://qliksense-feature-flags:8080
- -S
- EnableGroupsService=1
- -S
- GroupsServiceUrl=http://qliksense-groups:8080
- -S
- EnableAppExport=1
- -S
- EnableDownloadFromTCS=1
- -S
- EnableResumableUpload=1
- -S
- EnableTempContentService=1
- -S
- TempContentServiceUrl=http://qliksense-temporary-contents:6080
- -S
- STANCluster=qliksense-nats-streaming-cluster
- -S
- STANMaxReconnect=60
- -S
- STANReconnectWait=2
- -S
- STANTimeout=10
- -S
- STANUrl=nats://qliksense-nats-client:4222
- -S
- STANUseToken=1
- -S
- StatisticsEventIntervalMs=1000
- -S
- UseEventBus=1
- -S
- UseSTAN=1
- -S
- UseStatisticsEventProducer=1
- -S
- PersistUserState=1
- -S
- PersistedUserStateTTLSeconds=1800
- -S
- RedisConnectTimeoutMs=100
- -S
- RedisHost=qliksense-redis-user-state
- -S
- RedisPort=6379
- -S
- RedisSentinelConnectTimeoutMs=100
- -S
- RedisSentinelMasterSet=engine-redis-user-state
- -S
- RedisSentinelPort=26379
- -S
- RedisSentinelRetryIntervalMs=100
- -S
- RedisSentinelSocketTimeoutMs=100
- -S
- RedisSocketTimeoutMs=100
- -S
- UseRedis=1
- -S
- UseRedisSentinel=1
- -S
- EnvironmentName="example"
- -S
- RegionName="example"
- -S
- SessionTimeoutSec=1200
---
apiVersion: qixengine.qlik.com/v1
kind: EngineVariant
metadata:
name: engine-variant-qlikview
labels:
chart: engine-1.68.13
release: qliksense
heritage: Tiller
spec:
image: ghcr.io/qlik-download/engine-qv:12.687.0
annotations:
prometheus.io/job: engine-qlikview
engineTemplateName: engine-template-default
labels:
qlik.com/engine-type: qlikview
args:
- -S
- BasePathPrefix=/api
- -S
- DocumentDirectory=/qlik/apps
- -S
- EnableNumericalAbbreviation=0
- -S
- EnableQvwRestImport=1
- -S
- EnableRestartOnSessionStall=1
- -S
- EnableWebSocketIdleManagement=1
- -S
- FolderConnectionInterface=0
- -S
- ShutdownWait=1
- -S
- AcceptEULA=yes
- -S
- PrometheusServicePort=9090
- -S
- DesktopPort=9076
- -S
- AuditLogVerbosity=0
- -S
- EnableExtServiceLogs=1
- -S
- EventBusLogVerbosity=4
- -S
- ExternalServicesLogVerbosity=4
- -S
- HttpTrafficLogVerbosity=4
- -S
- PerformanceLogVerbosity=0
- -S
- QixPerformanceLogVerbosity=0
- -S
- SSEVerbosity=4
- -S
- ScriptLogVerbosity=4
- -S
- SessionLogVerbosity=4
- -S
- SmartSearchIndexLogVerbosity=3
- -S
- SmartSearchQueryLogVerbosity=3
- -S
- SystemLogVerbosity=4
- -S
- TrafficLogVerbosity=0
- -S
- RestServiceRequestNbrOfRetries=5
- -S
- Autosave=1
- -S
- AutosaveInterval=5
- -S
- JWKSServiceUrl=http://qliksense-keys:8080/v1/keys/qlik.api.internal
- -S
- ValidateJsonWebTokens=2
- -S
- EnableRenewUserToken=1
- -S
- InternalTokenServiceUrl=http://qliksense-edge-auth:8080/v1
- -S
- JWTSignPrivateKeyId=uHxp0YvnYQx-AqQgHnxgKqTk_HmZiT67B8SYOlzSgoM
- -S
- JWTSignPrivateKeyPath=/etc/secrets/jwtPrivateKey
- -S
- EnableABAC=1
- -S
- EnableAccessControlTrace=1
- -S
- EnableFilePolling=1
- -S
- Gen3=1
- -S
- PersistenceMode=2
- -S
- SystemRules=/etc/config/rules.yaml
- -S
- ConnectivityServiceUrl=http://qliksense-qix-data-connection:9011
- -S
- ConnectorGetDataRetryCount=3
- -S
- ConnectorGetDataRetryIntervalInSeconds=10
- -S
- DataConnectorServiceUrl=http://qliksense-dcaas:9026
- -S
- EnableDataConnectivityService=1
- -S
- EnableGrpcFileStreamConnector=1
- -S
- HostedFileRetryCount=3
- -S
- HostedFileRetryIntervalInSeconds=10
- -S
- SSEPlugin=GeoOperations,qliksense-geo-operations:50072
- -S
- LicenseCacheTimeoutSeconds=3600
- -S
- LicenseServiceUrl=http://qliksense-licenses:9200
- -S
- EnableSpaces=1
- -S
- SpacesServiceUrl=http://qliksense-spaces:6080
- -S
- EnableEncryptData=1
- -S
- EncryptionServiceUrl=http://qliksense-encryption:8080
- -S
- UseEncryptionService=1
- -S
- EnableFeatureFlagService=1
- -S
- FeatureFlagServiceUrl=http://qliksense-feature-flags:8080
- -S
- EnableGroupsService=1
- -S
- GroupsServiceUrl=http://qliksense-groups:8080
- -S
- EnableAppExport=1
- -S
- EnableDownloadFromTCS=1
- -S
- EnableResumableUpload=1
- -S
- EnableTempContentService=1
- -S
- TempContentServiceUrl=http://qliksense-temporary-contents:6080
- -S
- STANCluster=qliksense-nats-streaming-cluster
- -S
- STANMaxReconnect=60
- -S
- STANReconnectWait=2
- -S
- STANTimeout=10
- -S
- STANUrl=nats://qliksense-nats-client:4222
- -S
- STANUseToken=1
- -S
- StatisticsEventIntervalMs=1000
- -S
- UseEventBus=1
- -S
- UseSTAN=1
- -S
- UseStatisticsEventProducer=1
- -S
- PersistUserState=1
- -S
- PersistedUserStateTTLSeconds=1800
- -S
- RedisConnectTimeoutMs=100
- -S
- RedisHost=qliksense-redis-user-state
- -S
- RedisPort=6379
- -S
- RedisSentinelConnectTimeoutMs=100
- -S
- RedisSentinelMasterSet=engine-redis-user-state
- -S
- RedisSentinelPort=26379
- -S
- RedisSentinelRetryIntervalMs=100
- -S
- RedisSentinelSocketTimeoutMs=100
- -S
- RedisSocketTimeoutMs=100
- -S
- UseRedis=1
- -S
- UseRedisSentinel=1
- -S
- EnvironmentName="example"
- -S
- RegionName="example"
- -S
- SessionTimeoutSec=1200
- -S
- BasicQlikviewEnabled=1
- -S
- BundledContentsRootFolder=/usr/local/share/Bundled
- -S
- SkiaFontPaths=/usr/share/fonts
---
apiVersion: qixengine.qlik.com/v1
kind: EngineVariant
metadata:
name: sense-reload-engine-variant
labels:
chart: engine-1.68.13
release: qliksense
heritage: Tiller
spec:
image: ghcr.io/qlik-download/engine:12.687.0
annotations:
prometheus.io/job: engine-reload
engineTemplateName: engine-template-default
labels:
qlik.com/engine-type: qliksense
args:
- -S
- BasePathPrefix=/api
- -S
- DocumentDirectory=/qlik/apps
- -S
- EnableNumericalAbbreviation=0
- -S
- EnableQvwRestImport=1
- -S
- EnableRestartOnSessionStall=1
- -S
- EnableWebSocketIdleManagement=1
- -S
- FolderConnectionInterface=0
- -S
- ShutdownWait=1
- -S
- AcceptEULA=yes
- -S
- PrometheusServicePort=9090
- -S
- DesktopPort=9076
- -S
- AuditLogVerbosity=0
- -S
- EnableExtServiceLogs=1
- -S
- EventBusLogVerbosity=4
- -S
- ExternalServicesLogVerbosity=4
- -S
- HttpTrafficLogVerbosity=4
- -S
- PerformanceLogVerbosity=0
- -S
- QixPerformanceLogVerbosity=0
- -S
- SSEVerbosity=4
- -S
- ScriptLogVerbosity=4
- -S
- SessionLogVerbosity=4
- -S
- SmartSearchIndexLogVerbosity=3
- -S
- SmartSearchQueryLogVerbosity=3
- -S
- SystemLogVerbosity=4
- -S
- TrafficLogVerbosity=0
- -S
- RestServiceRequestNbrOfRetries=5
- -S
- Autosave=1
- -S
- AutosaveInterval=5
- -S
- JWKSServiceUrl=http://qliksense-keys:8080/v1/keys/qlik.api.internal
- -S
- ValidateJsonWebTokens=2
- -S
- EnableRenewUserToken=1
- -S
- InternalTokenServiceUrl=http://qliksense-edge-auth:8080/v1
- -S
- JWTSignPrivateKeyId=uHxp0YvnYQx-AqQgHnxgKqTk_HmZiT67B8SYOlzSgoM
- -S
- JWTSignPrivateKeyPath=/etc/secrets/jwtPrivateKey
- -S
- EnableABAC=1
- -S
- EnableAccessControlTrace=1
- -S
- EnableFilePolling=1
- -S
- Gen3=1
- -S
- PersistenceMode=2
- -S
- SystemRules=/etc/config/rules.yaml
- -S
- ConnectivityServiceUrl=http://qliksense-qix-data-connection:9011
- -S
- ConnectorGetDataRetryCount=3
- -S
- ConnectorGetDataRetryIntervalInSeconds=10
- -S
- DataConnectorServiceUrl=http://qliksense-dcaas:9026
- -S
- EnableDataConnectivityService=1
- -S
- EnableGrpcFileStreamConnector=1
- -S
- HostedFileRetryCount=3
- -S
- HostedFileRetryIntervalInSeconds=10
- -S
- SSEPlugin=GeoOperations,qliksense-geo-operations:50072
- -S
- LicenseCacheTimeoutSeconds=3600
- -S
- LicenseServiceUrl=http://qliksense-licenses:9200
- -S
- EnableSpaces=1
- -S
- SpacesServiceUrl=http://qliksense-spaces:6080
- -S
- EnableEncryptData=1
- -S
- EncryptionServiceUrl=http://qliksense-encryption:8080
- -S
- UseEncryptionService=1
- -S
- EnableFeatureFlagService=1
- -S
- FeatureFlagServiceUrl=http://qliksense-feature-flags:8080
- -S
- EnableGroupsService=1
- -S
- GroupsServiceUrl=http://qliksense-groups:8080
- -S
- EnableAppExport=1
- -S
- EnableDownloadFromTCS=1
- -S
- EnableResumableUpload=1
- -S
- EnableTempContentService=1
- -S
- TempContentServiceUrl=http://qliksense-temporary-contents:6080
- -S
- STANCluster=qliksense-nats-streaming-cluster
- -S
- STANMaxReconnect=60
- -S
- STANReconnectWait=2
- -S
- STANTimeout=10
- -S
- STANUrl=nats://qliksense-nats-client:4222
- -S
- STANUseToken=1
- -S
- StatisticsEventIntervalMs=1000
- -S
- UseEventBus=1
- -S
- UseSTAN=1
- -S
- UseStatisticsEventProducer=1
- -S
- PersistUserState=1
- -S
- PersistedUserStateTTLSeconds=1800
- -S
- RedisConnectTimeoutMs=100
- -S
- RedisHost=qliksense-redis-user-state
- -S
- RedisPort=6379
- -S
- RedisSentinelConnectTimeoutMs=100
- -S
- RedisSentinelMasterSet=engine-redis-user-state
- -S
- RedisSentinelPort=26379
- -S
- RedisSentinelRetryIntervalMs=100
- -S
- RedisSentinelSocketTimeoutMs=100
- -S
- RedisSocketTimeoutMs=100
- -S
- UseRedis=1
- -S
- UseRedisSentinel=1
- -S
- EnvironmentName="example"
- -S
- RegionName="example"
- -S
- SessionTimeoutSec=1200
---
---
# Source: qliksense/charts/chronos-worker/templates/deny-external-egress-traffic.yaml
# This network policy prevents chronos-worker from establishing connections to the
# external networks (= anything outside the cluster)
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: qliksense-chronos-worker-deny-external-egress
labels:
app: chronos-worker
chart: chronos-worker-1.4.10
release: qliksense
heritage: Tiller
spec:
podSelector:
matchLabels:
app: chronos-worker
policyTypes:
- Egress
egress:
- ports:
- port: 53 # DNS resolution
protocol: UDP
- port: 53 # DNS resolution
protocol: TCP
- to:
- namespaceSelector: {} # Allow outbount traffic to pods inside the cluster
---
# Source: qliksense/charts/chronos-worker/templates/redis-secret.yaml
---
# Source: qliksense/charts/chronos/templates/mongo-secret.yaml
---
# Source: qliksense/charts/chronos/templates/redis-secret.yaml
---
# Source: qliksense/charts/collections/templates/hpa.yml
---
# Source: qliksense/charts/collections/templates/mongo-secret.yaml
---
# Source: qliksense/charts/data-connections/templates/mongo-secret.yaml
---
# Source: qliksense/charts/data-connector-odbc/templates/hpa-rld.yaml
---
# Source: qliksense/charts/data-connector-odbc/templates/network.yaml
---
# Source: qliksense/charts/data-connector-qwc/templates/hpa-rld.yaml
---
# Source: qliksense/charts/data-connector-qwc/templates/network.yaml
---
# Source: qliksense/charts/data-connector-qwc/templates/secrets-connector-cfg.yaml
---
# Source: qliksense/charts/data-connector-qwc/templates/secrets-keys.yaml
---
# Source: qliksense/charts/data-connector-rest/templates/hpa-rld.yaml
---
# Source: qliksense/charts/data-connector-rest/templates/network.yaml
---
# Source: qliksense/charts/data-connector-sap-sql/templates/hpa-rld.yaml
---
# Source: qliksense/charts/data-connector-sap-sql/templates/network.yaml
---
# Source: qliksense/charts/data-connector-sfdc/templates/hpa-rld.yaml
---
# Source: qliksense/charts/data-connector-sfdc/templates/network.yaml
---
# Source: qliksense/charts/data-prep/templates/hpa.yaml
---
# Source: qliksense/charts/data-prep/templates/pvc.yaml
---
# Source: qliksense/charts/data-prep/templates/redis-secret.yaml
---
# Source: qliksense/charts/data-rest-source/templates/hpa.yaml
---
# Source: qliksense/charts/data-rest-source/templates/pre-stop-hook.yaml
---
# Source: qliksense/charts/dcaas/charts/dcaas-redis/templates/metrics-prometheus.yaml
---
# Source: qliksense/charts/dcaas/charts/dcaas-redis/templates/metrics-svc.yaml
---
# Source: qliksense/charts/dcaas/charts/dcaas-redis/templates/networkpolicy.yaml
---
# Source: qliksense/charts/dcaas/charts/dcaas-redis/templates/prometheusrule.yaml
---
# Source: qliksense/charts/dcaas/charts/dcaas-redis/templates/psp.yaml
---
# Source: qliksense/charts/dcaas/charts/dcaas-redis/templates/redis-role.yaml
---
# Source: qliksense/charts/dcaas/charts/dcaas-redis/templates/redis-rolebinding.yaml
---
# Source: qliksense/charts/dcaas/charts/dcaas-redis/templates/redis-serviceaccount.yaml
---
# Source: qliksense/charts/dcaas/charts/dcaas-redis/templates/redis-slave-statefulset.yaml
---
# Source: qliksense/charts/dcaas/charts/dcaas-redis/templates/redis-slave-svc.yaml
---
# Source: qliksense/charts/dcaas/charts/dcaas-redis/templates/redis-with-sentinel-svc.yaml
---
# Source: qliksense/charts/dcaas/charts/dcaas-redis/templates/secret.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/addheaders-configmap.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrole.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-createSecret.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/admission-webhooks/job-patch/psp.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/admission-webhooks/job-patch/role.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/admission-webhooks/job-patch/rolebinding.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/admission-webhooks/job-patch/serviceaccount.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/admission-webhooks/validating-webhook.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/clusterrole.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/clusterrolebinding.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/controller-daemonset.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/controller-hpa.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/controller-poddisruptionbudget.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/controller-prometheusrules.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/controller-psp.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/controller-servicemonitor.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/controller-webhook-service.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/default-backend-deployment.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/default-backend-poddisruptionbudget.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/default-backend-psp.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/default-backend-role.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/default-backend-rolebinding.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/default-backend-service.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/default-backend-serviceaccount.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/proxyheaders-configmap.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/tcp-configmap.yaml
---
# Source: qliksense/charts/elastic-infra/charts/nginx-ingress/templates/udp-configmap.yaml
---
# Source: qliksense/charts/elastic-infra/templates/tlscert.yaml
---
# Source: qliksense/charts/engine/charts/redis-user-state/templates/metrics-prometheus.yaml
---
# Source: qliksense/charts/engine/charts/redis-user-state/templates/metrics-svc.yaml
---
# Source: qliksense/charts/engine/charts/redis-user-state/templates/networkpolicy.yaml
---
# Source: qliksense/charts/engine/charts/redis-user-state/templates/prometheusrule.yaml
---
# Source: qliksense/charts/engine/charts/redis-user-state/templates/psp.yaml
---
# Source: qliksense/charts/engine/charts/redis-user-state/templates/redis-master-svc.yaml
---
# Source: qliksense/charts/engine/charts/redis-user-state/templates/redis-role.yaml
---
# Source: qliksense/charts/engine/charts/redis-user-state/templates/redis-rolebinding.yaml
---
# Source: qliksense/charts/engine/charts/redis-user-state/templates/redis-serviceaccount.yaml
---
# Source: qliksense/charts/engine/charts/redis-user-state/templates/redis-slave-svc.yaml
---
# Source: qliksense/charts/engine/charts/redis-user-state/templates/secret.yaml
---
# Source: qliksense/charts/engine/templates/deployment-args.yaml
---
# Source: qliksense/charts/engine/templates/deployment-stateless.yaml
---
# Source: qliksense/charts/engine/templates/deployments.yaml
---
# Source: qliksense/charts/engine/templates/engine-reload.yaml
---
# Source: qliksense/charts/engine/templates/hpa-stateless.yaml
---
# Source: qliksense/charts/engine/templates/hpa.yaml
---
# Source: qliksense/charts/engine/templates/networkpolicy.yaml
---
# Source: qliksense/charts/engine/templates/pre-stop-hook-cm.yaml
---
# Source: qliksense/charts/engine/templates/sc.yaml
---
# Source: qliksense/charts/feature-flags/templates/hpa.yaml
---
# Source: qliksense/charts/generic-links/templates/mongo-secret.yaml
---
# Source: qliksense/charts/generic-links/templates/webrisk.yaml
---
# Source: qliksense/charts/geo-operations/templates/hpa.yaml
---
# Source: qliksense/charts/geo-operations/templates/network.yaml
---
# Source: qliksense/charts/identity-providers/templates/ext-deployment.yaml
---
# Source: qliksense/charts/identity-providers/templates/ext-hpa.yaml
---
# Source: qliksense/charts/identity-providers/templates/ext-ingress.yaml
---
# Source: qliksense/charts/identity-providers/templates/ext-mongo-secret.yaml
---
# Source: qliksense/charts/identity-providers/templates/ext-secret.yaml
---
# Source: qliksense/charts/identity-providers/templates/ext-service.yaml
---
# Source: qliksense/charts/identity-providers/templates/hpa.yaml
---
# Source: qliksense/charts/insights/templates/mongo-secret.yaml
---
# Source: qliksense/charts/keys/templates/hpa.yaml
---
# Source: qliksense/charts/licenses/templates/hpa.yaml
---
# Source: qliksense/charts/licenses/templates/mongo-secret.yaml
---
# Source: qliksense/charts/licenses/templates/proxy-password-secret.yaml
---
# Source: qliksense/charts/licenses/templates/rollbar-secret.yaml
---
# Source: qliksense/charts/messaging/charts/nats-streaming/templates/networkpolicy-nats-streaming.yaml
---
# Source: qliksense/charts/messaging/charts/nats-streaming/templates/pvc.yaml
---
# Source: qliksense/charts/messaging/charts/nats-streaming/templates/sc.yaml
---
# Source: qliksense/charts/messaging/charts/nats/templates/ingress.yaml
---
# Source: qliksense/charts/messaging/charts/nats/templates/networkpolicy-nats.yaml
---
# Source: qliksense/charts/messaging/charts/nats/templates/tls-secret.yaml
---
# Source: qliksense/charts/nl-broker/templates/mongo-secret.yaml
---
# Source: qliksense/charts/notification-prep/templates/hpa.yaml
---
# Source: qliksense/charts/notification-prep/templates/secret.yaml
---
# Source: qliksense/charts/odag/templates/mongo-secret.yaml
---
# Source: qliksense/charts/policy-decisions/templates/configmap.yaml
---
# Source: qliksense/charts/policy-decisions/templates/hpa.yml
---
# Source: qliksense/charts/policy-decisions/templates/mongo-secret.yaml
---
# Source: qliksense/charts/policy-decisions/templates/redis-secret.yaml
---
# Source: qliksense/charts/precedents/templates/hpa.yaml
---
# Source: qliksense/charts/precedents/templates/mongo-secret.yaml
---
# Source: qliksense/charts/qix-data-connection/templates/mongo-secret.yaml
---
# Source: qliksense/charts/qix-datafiles/templates/hpa.yaml
---
# Source: qliksense/charts/qix-datafiles/templates/mongo-secret.yaml
---
# Source: qliksense/charts/qix-datafiles/templates/sc.yaml
---
# Source: qliksense/charts/qix-sessions/templates/crd.yaml
---
# Source: qliksense/charts/qix-sessions/templates/env-variables.yaml
---
# Source: qliksense/charts/qix-sessions/templates/hpa.yaml
---
# Source: qliksense/charts/qix-sessions/templates/mongo-secret.yaml
---
# Source: qliksense/charts/qix-sessions/templates/redis-secret.yaml
---
# Source: qliksense/charts/redis/templates/metrics-prometheus.yaml
---
# Source: qliksense/charts/redis/templates/metrics-svc.yaml
---
# Source: qliksense/charts/redis/templates/networkpolicy.yaml
---
# Source: qliksense/charts/redis/templates/prometheusrule.yaml
---
# Source: qliksense/charts/redis/templates/psp.yaml
---
# Source: qliksense/charts/redis/templates/redis-role.yaml
---
# Source: qliksense/charts/redis/templates/redis-rolebinding.yaml
---
# Source: qliksense/charts/redis/templates/redis-serviceaccount.yaml
---
# Source: qliksense/charts/redis/templates/redis-with-sentinel-svc.yaml
---
# Source: qliksense/charts/redis/templates/secret.yaml
---
# Source: qliksense/charts/reload-tasks/templates/hpa.yaml
---
# Source: qliksense/charts/reload-tasks/templates/mongo-secret.yaml
---
# Source: qliksense/charts/reloads/templates/hpa.yaml
---
# Source: qliksense/charts/reloads/templates/mongo-secret.yaml
---
# Source: qliksense/charts/reloads/templates/pre-stop-hook.yaml
---
# Source: qliksense/charts/reporting/templates/hpa.yaml
---
# Source: qliksense/charts/reporting/templates/redis-network-policy.yaml
---
# Source: qliksense/charts/reporting/templates/redis-secret.yaml
---
# Source: qliksense/charts/resource-library/templates/mongo-secret.yaml
---
# Source: qliksense/charts/resource-library/templates/sc.yaml
---
# Source: qliksense/charts/sharing/templates/hpa.yaml
---
# Source: qliksense/charts/sharing/templates/mongo-secret.yaml
---
# Source: qliksense/charts/sharing/templates/redis-secret.yaml
---
# Source: qliksense/charts/sharing/templates/sc.yaml
---
# Source: qliksense/charts/spaces/templates/hpa.yaml
---
# Source: qliksense/charts/spaces/templates/mongo-secret.yaml
---
# Source: qliksense/charts/subscriptions/templates/mongo-secret.yml
---
# Source: qliksense/charts/temporary-contents/templates/mongo-secret.yaml
---
# Source: qliksense/charts/temporary-contents/templates/sc.yaml
---
# Source: qliksense/charts/transport/templates/hpa.yaml
---
# Source: qliksense/charts/transport/templates/mongo-secret.yaml
---
# Source: qliksense/charts/transport/templates/network.yaml
---
# Source: qliksense/charts/web-notifications/templates/mongo-secret.yaml
---
# Source: qliksense/charts/web-security/templates/hpa.yaml
---
# Source: qliksense/charts/web-security/templates/mongo-secret.yaml
---
# Source: qliksense/charts/web-security/templates/rollbar-secret.yaml
---
# Source: qliksense/templates/ca-cert-configmap.yaml
---
# Source: qliksense/templates/certs-job.yaml
---
# Source: qliksense/templates/certs-pvc.yaml
---
# Source: qliksense/templates/sc.yaml
Reference in New Issue View Git Blame Copy Permalink