values.yaml

## Global parameters
##
global:
  ## Global Docker image registry for Cognigy images
  ##
  imageRegistry: ""

## If neither Cognigy MongoDB Helm Chart (https://github.com/Cognigy/cognigy-mongodb-helm-chart) nor MongoDB Atlas is used
## set "mongodb.enabled": false. It will skip user initialization tasks. However, you will need to create users/passwords manually
mongodb:
  enabled: true
  ## MongoDB connection scheme, for Cognigy MongoDB Helm Chart use scheme: "mongodb", for MongoDB Atlas use scheme: "mongodb+srv"
  scheme: "mongodb"
  ## Parameters for MongoDB connection, leave empty for Cognigy MongoDB Helm Chart
  ## For MongoDB Atlas set params: "?retryWrites=true&w=majority"
  params: ""
  ## This MongoDB user and password must have the permission to create users and databases, so normally it is admin or root
  ## It does NOT have to be root user. We use these key names to be compatible with Bitnami MongoDB Helm Chert
  auth:
    rootUser: root
    rootPassword: ""
    ## Optionally provide the name of an existing secret with MongoDB credentials. Mandatory keys: `username` and `password`, that contains the value
    ## of "rootUser" and "rootPassword"
    ## NOTE: When it's set the previous parameters "rootUser" and "rootPassword" are ignored.
    ##
    existingSecret: ""
    ## MongoDB Atlas cluster parameters
    atlas:
      # Specify MongoDB Atlas projectId and clusterName
      projectId: ""
      clusterName: ""
      # Specify publicAPIKey and privateAPIKey with "Project Owner" permissions for the Project in which MongoDB Cluster is located
      ## For more information refer to MongoDB Atlas documentation: https://www.mongodb.com/docs/atlas/configure-api-access/#grant-programmatic-access-to-service
      publicAPIKey: ""
      privateAPIKey: ""
      ## Optionally provide the name of an existing secret with MongoDB Atlas credentials. Mandatory keys: `projectid`, `clustername`, `apikeypublic` and `apikeyprivate`
      ## that contains the value of MongoDB Atlas projectId, clusterName, publicAPIKey and privateAPIKey respectively.
      ## NOTE: When it's set the previous parameters "projectId", "clusterName", "publicAPIKey" and "privateAPIKey" are ignored.
      ##
      existingSecret: ""
  # Connection string for MongoDB replica set deployed with Cognigy MongoDB Helm Chart into 3 availability zones:
  # hosts: mongodb-0.mongodb-headless.mongodb.svc.cluster.local:27017,mongodb-1.mongodb-headless.mongodb.svc.cluster.local:27017,mongodb-2.mongodb-headless.mongodb.svc.cluster.local:27017
  # Connection string for development and testing with a single replica MongoDB deployed with Cognigy MongoDB Helm Chart:
  # hosts: "mongodb-0.mongodb-headless.mongodb.svc.cluster.local:27017"
  # For MongoDB Atlas use the connection string of your MongoDB Atlas Cluster
  hosts: mongodb-0.mongodb-headless.mongodb.svc.cluster.local:27017,mongodb-1.mongodb-headless.mongodb.svc.cluster.local:27017,mongodb-2.mongodb-headless.mongodb.svc.cluster.local:27017
  ## db-init generator image
  ##
  dbinit:
    image: cognigy.azurecr.io/mongodb:6.0.13-debian-11-r21
    helmHook:
      deletePolicy: "before-hook-creation,hook-succeeded"
    securityContext: {}
    affinity: {}
    nodeSelector: {}
    tolerations: []

## Generate MongoDB connection string for Cognigy services. Enabled by default.
## When enabled and the value of the "auth.password" is provided, "auth.password" will be used in MongoDB connection string.
## Defaults to a random 24 character alphanumeric string if not set.
## Alternatively provide the name of an existing secret with MongoDB connection string.
##
## Note: Only override the value of "dbCredentials.services.<serviceName>.password" or "dbCredentials.services.<serviceName>.existingSecret" if needed.
## Do not override anything else unless you know what you are doing.
##
dbConnectionString:
  enabled: true
  services:
    serviceAi:
      enabled: true
      serviceName: service-ai
      auth:
        ## Optionally provide the password for the MongoDB connection string for this Cognigy service.
        ## Defaults to a random 24 character alphanumeric string
        ##
        password: ""
        ## Optionally provide the name of an existing secret with MongoDB connection string.
        ## The secret must have the key "connection-string" containing the proper MongoDB connection string.
        ## In the connection string We recommend using service name as both "user" and "dbname".
        ##
        ## Secret data example for Cognigy MongoDB Helm Chart:
        ## connection-string: mongodb://<user>:mongodb-0.mongodb-headless.mongodb.svc.cluster.local:27017,mongodb-1.mongodb-headless.mongodb.svc.cluster.local:27017,mongodb-2.mongodb-headless.mongodb.svc.cluster.local:27017/<dbname>
        ## Secret data example for MongoDB Atlas:
        ## connection-string: mongodb+srv://<user>:foo@<mongodb_atlas_hostname>/<dbname>
        ##
        ## NOTE: When it's set the previous parameters "password" is ignored.
        ##
        existingSecret: ""
    serviceAlexaManagement:
      enabled: true
      serviceName: service-alexa-management
      auth:
        password: ""
        existingSecret: ""
    serviceAnalyticsCollector:
      enabled: true
      serviceName: service-analytics-collector
      auth:
        password: ""
        existingSecret: ""
    serviceAnalyticsConversations:
      enabled: true
      serviceName: service-analytics-conversation
      auth:
        password: ""
        existingSecret: ""
    serviceApi:
      enabled: true
      serviceName: service-api
      auth:
        password: ""
        existingSecret: ""
    serviceAppSessionManager:
      enabled: true
      serviceName: service-app-session-manager
      auth:
        password: ""
        existingSecret: ""
    serviceCollaboration:
      enabled: false
      serviceName: service-collaboration
      auth:
        password: ""
        existingSecret: ""
    serviceCustomModules:
      enabled: true
      serviceName: service-custom-modules
      auth:
        password: ""
        existingSecret: ""
    serviceFunctionScheduler:
      enabled: true
      serviceName: service-function-scheduler
      auth:
        password: ""
        existingSecret: ""
    serviceHandover:
      enabled: true
      serviceName: service-handover
      auth:
        password: ""
        existingSecret: ""
    serviceHandoverInactivity:
      enabled: true
      serviceName: service-handover-inactivity
      auth:
        password: ""
        existingSecret: ""
    serviceInsightsResources:
      enabled: false
      serviceName: service-insights-resources
      auth:
        password: ""
        existingSecret: ""
    serviceLogs:
      enabled: true
      serviceName: service-logs
      auth:
        password: ""
        existingSecret: ""
    serviceNlp:
      enabled: true
      serviceName: service-nlp
      auth:
        password: ""
        existingSecret: ""
    serviceProfiles:
      enabled: true
      serviceName: service-profiles
      auth:
        password: ""
        existingSecret: ""
    serviceResources:
      enabled: true
      serviceName: service-resources
      auth:
        password: ""
        existingSecret: ""
    serviceRuntimeFileManager:
      enabled: true
      serviceName: service-runtime-file-manager
      auth:
        password: ""
        existingSecret: ""
    serviceSecurity:
      enabled: true
      serviceName: service-security
      auth:
        password: ""
        existingSecret: ""
    serviceTaskManager:
      enabled: true
      serviceName: service-task-manager
      auth:
        password: ""
        existingSecret: ""
    serviceTrainer:
      enabled: true
      serviceName: service-trainer
      auth:
        password: ""
        existingSecret: ""
    agentAssistBackend:
      enabled: true
      serviceName: agent-assist
      auth:
        password: ""
        existingSecret: ""

## Credentials for pulling image from private image registry.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## NOTE 1: Either clear text credentials (registry, username and password) or pullSecrets must be provided.
## NOTE 2: If traefik is enabled and you provide clear text credentials, then traefik.deployment.imagePullSecrets must
## be set to "cognigy-registry-token". If you set custom pullSecrets value instead, set the same value under traefik.deployment.imagePullSecrets
imageCredentials:
  ## Alternatively specify the username, password and the url of the private registry.
  ## A kubernetes.io/dockerconfigjson type secret named "cognigy-registry-token" will be created based on these information.
  registry: "cognigy.azurecr.io"
  username: ""
  password: ""

  ## Alternatively specify an array of imagePullSecrets.
  ## Secrets must be manually created in the proper namespace beforehand.
  ## Example:
  ## pullSecrets:
  ##   - cognigyRegistrySecretName
  ##
  ## NOTE: When registry, username and password all are set, the pullSecrets are ignored.
  pullSecrets: []

# Cognigy supports 3 cloud providers:
# - aws
# - azure
# - generic for on-premises installation e.g. with OpenShift
cloud:
  provider: aws
  region: ""

## flow-modules ReadWriteMany PVC
##
flowModules:
  ## Persistence parameters
  ##
  ## Enable persistence using Persistent Volume Claims
  ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
  ##
  persistence:
    ## For AWS cloud provider only
    ##
    aws:
      ## Optionally specify the parameters of an existing Elastic File System or EFS
      ## ref: https://aws.amazon.com/efs/
      ## Note: By default this is enabled for the AWS cloud provider. When enabled, the value of the efs ID must be provided
      ##
      efs:
        enabled: true
        ## EFS File system ID
        ##
        id: ""
        ## Enable efs csi driver
        ## ref: https://github.com/kubernetes-sigs/aws-efs-csi-driver
        ## Note: By default this is disabled, if enabled then provide the directoryPerms, uid and gid. The default value of directoryPerms, uid and gid are 777, 1000 and 1000 respectively
        efs_csi:
          enabled: false
          directoryPerms: ""
          uid: ""
          gid: ""
    ## Optionally specify StorageClass for flowModules data volume
    ## If defined, storageClassName: <storageClass>
    ## If undefined or set to null, storageClassName is set according to the value defined in "cloud.provider"
    ##
    storageClass: ""
    ## PVC Storage Request for flowModules data volume.
    ## Default value for AWS is 1Mi and for Azure 100Gi
    ## Note: The storage request has no effect for NFS
    ##
    size: ""

## functions ReadWriteMany PVC
##
functions:
  ## Persistence parameters
  ##
  ## Enable persistence using Persistent Volume Claims
  ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
  ##
  persistence:
    ## For AWS cloud provider only
    ##
    aws:
      ## Optionally specify the parameters of an existing Elastic File System or EFS
      ## ref: https://aws.amazon.com/efs/
      ## Note: By default this is enabled for the AWS cloud provider. When enabled, the value of the efs ID must be provided
      ##
      efs:
        enabled: true
        ## EFS File system ID
        ##
        id: ""
        ## Enable efs csi driver
        ## ref: https://github.com/kubernetes-sigs/aws-efs-csi-driver
        ## Note: By default this is disabled, if enabled then provide the directoryPerms, uid and gid. The default value of directoryPerms, uid and gid are 777, 1000 and 1000 respectively
        efs_csi:
          enabled: false
          directoryPerms: ""
          uid: ""
          gid: ""
    ## Optionally specify StorageClass for functions data volume
    ## If defined, storageClassName: <storageClass>
    ## If undefined or set to null, storageClassName is set according to the value defined in "cloud.provider"
    ##
    storageClass: ""
    ## PVC Storage Request for functions data volume.
    ## Default value for aws is 1Mi and for azure 100Gi
    ## Note: The storage request has no effect for NFS
    ##
    size: ""

## !!! Deprecation Warning !!!
## This "efs" section will be deprecated in the future release.
## Please use/migrate to "flowModules.persistence.aws.efs.id" and "functions.persistence.aws.efs.id" instead.
##
## For AWS cloud provider only:
##
efs:
  flowModules:
    id: ""
  functions:
    id: ""

cognigyLiveAgent:
  ## Define the value of the API token. Defaults to a random 24 characters alphanumeric string
  ##
  platformToken: ""
  ## Existing secret with live-agent credentials. The secret must have the following key:
  ##   "cognigy-live-agent-platform-token": The token for cognigy live agent
  ##
  ## NOTE: When cognigyLiveAgent.existingSecret is set, clear text token passed in the previous parameter
  ## "cognigyLiveAgent.platformToken" is ignored.
  existingSecret: ""

# The API access token for Agent Assist Workspace API requests authentication
# These requests include the config and tile updates defined in the Agent Assist flows containing Agent Assist flow nodes.
cognigyAgentAssist:
  # Set to true to enable Agent Assist Workspace
  enabled: false
  # Set it to true to use the Genesys Notification Forwarder
  enableGenesysNotificationsForwarder: false
  accessToken: ""
  ## Existing secret with agent-assist credentials. The secret must have the following key:
  ##   "api-access-token": The access token for cognigy agent assist
  ##
  ## NOTE: When cognigyAgentAssist.existingSecret is set, clear text token passed in the previous parameter
  ## "cognigyAgentAssist.accessToken" is ignored.
  existingSecret: ""

# Install Management UI on the cluster.
# It is not required, since if not installed and the API endpoint is accessible from the Internet, you can still use Cognigy Management UI at https://management-ui-v4.cognigy.ai/
managementUi:
  enabled: false
  ingress:
    enabled: true
    host: ""
    tls:
      enabled: false
      existingSecret: ""
      crt: ""
      key: ""
    ipWhiteListMiddleware:
      enabled: true
      ipWhiteList:
        sourceRange:
          - 0.0.0.0/0
        ipStrategy:
          depth: 0
  image: cognigy.azurecr.io/management-ui:release-0e45409099-1736525341
  replicaCount: 1
  resources:
    limits:
      memory: "30Mi"
      cpu: "20m"
    requests:
      memory: "10Mi"
      cpu: "10m"
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""

## managementUiCredentials: '[{"username": "example_username", "password": "example_password"}]'
managementUiCredentials: "[]"
## The name of an existing secret with management UI credentials. The secret must have a
## "management-ui-creds.json" key from where the password will be extracted and the content of that key
## should be in the following format-
##    [{"username": "user", "password": "pass"}, {"username": "user2", "password": "pass2"}]
## NOTE: When this is set, clear text credentials passed in the variable "managementUiCredentials" is ignored.
managementUiCredentialsExistingSecret: ""

## SMTP server information for 'forgot password' functionality.
## Password for the SMTP server.
## A secret named "cognigy-smtp" will be created based on the information provided.
smtpPassword: ""
## The name of an existing secret with SMTP server credentials. The secret must have a
## "system-smtp-password" key from where the password will be extracted.
## NOTE: When this is set, "smtpPassword" is ignored.
smtpPasswordExistingSecret: ""

amazonCredentials:
  ## The client id from amazon.developers.com
  clientId: ""
  ## The client secret from amazon.developers.com
  clientSecret: ""
  ## Existing secret with amazon credentials. The secret must have the following two keys:
  ##   "amazon-client-id": The client id from amazon.developers.com
  ##   "amazon-client-secret": The client secret from amazon.developers.com
  ##
  ## NOTE: When amazonCredentials.existingSecret is set, clear text credentials passed in the previous parameters
  ## "amazonCredentials.clientId" and "amazonCredentials.clientSecret" are ignored.
  existingSecret: ""

smtpOAuth2:
  auth:
    ## The client id from your email client oauth2 credentials
    clientId: ""
    ## The client secret from your email client oauth2 credentials
    clientSecret: ""
    refreshToken: ""
    accessToken: ""
    ## The name of an existing secret with SMTP OAuth2 credentials.
    ## The secret must contain "smtp-oauth2-client-id", "smtp-oauth2-client-secret", "smtp-oauth2-refresh-token" and "smtp-oauth2-access-token" keys.
    ##
    ## Example secret data format:
    ##
    ## smtp-oauth2-client-id: <smtp-oauth2-client-id>
    ## smtp-oauth2-client-secret: <smtp-oauth2-client-secret>
    ## smtp-oauth2-refresh-token: <smtp-oauth2-refresh-token>
    ## smtp-oauth2-access-token: <smtp-oauth2-access-token>
    ##
    ## NOTE: When it's set, the previous "smtpOAuth2.auth.clientId, smtpOAuth2.auth.clientSecret, smtpOAuth2.auth.refreshToken, smtpOAuth2.auth.accessToken" parameters are ignored.
    ##
    existingSecret: ""

smtpEmailNotificationCredentials:
  ## The default authentication type value is set to 'basic', and depending on it credentials will be used
  ## for sending emails based on authentication succeeds or fails.
  ## The basic/oauth2 parameters can be empty, the application code handles the logic.
  authType: "basic"
  basic:
    ## The username and password for your email client basic credentials
    username: ""
    password: ""
  oauth2:
    ## The oauth2 user, for example in case of Gmail provider user is your gmail email Id.
    user: ""
    ## The client id from your email client oauth2 credentials
    clientId: ""
    ## The client secret from your email client oauth2 credentials
    clientSecret: ""
    ## This token when provided, is used to refresh or fetch the new acces token, when access token is invalid/expires
    refreshToken: ""
    ## This token is used for authorization email request and is of type 'Bearer'
    accessToken: ""
  ## The name of an existing secret with SMTP Email Notification credentials.
  ## When the authType is 'basic', secret must contain "smtp-email-basic-username" and "smtp-email-basic-password" keys.
  ## When the authType is 'oauth2', secret must contain "smtp-email-oauth2-user", "smtp-email-oauth2-client-id", "smtp-email-oauth2-client-secret", "smtp-email-oauth2-access-token" and "smtp-email-oauth2-refresh-token" keys.
  ##
  ## Example secret data format, when authType: 'basic':
  ##
  ## smtp-email-basic-username: <smtp-email-basic-username>
  ## smtp-email-basic-password: <smtp-email-basic-password>
  ##
  ## Example secret data format, when authType: 'oauth2':
  ##
  ## smtp-email-oauth2-user: <smtp-email-oauth2-user>
  ## smtp-email-oauth2-client-id: <smtp-email-oauth2-client-id>
  ## smtp-email-oauth2-client-secret: <smtp-email-oauth2-client-secret>
  ## smtp-email-oauth2-access-token: <smtp-email-oauth2-access-token>
  ## smtp-email-oauth2-refresh-token: <smtp-email-oauth2-refresh-token>
  ##
  ## NOTE: When authType is 'basic' and 'existingSecret' is set, the previous "smtpEmailNotificationCredentials.basic.username, smtpEmailNotificationCredentials.basic.password" parameters are ignored.
  ## NOTE: When authType is 'oauth2' and 'existingSecret' is set, the previous "smtpEmailNotificationCredentials.oauth2.user, smtpEmailNotificationCredentials.oauth2.clientId, smtpEmailNotificationCredentials.oauth2.clientSecret, smtpEmailNotificationCredentials.oauth2.refreshToken, smtpEmailNotificationCredentials.oauth2.accessToken" parameters are ignored.
  ##
  existingSecret: ""

commonSecrets:
  ## Additional facebook configuration. This is to verify the token in the webhook
  ##
  cognigyFacebook:
    ## Define the value of the token. Defaults to base 16 of a random 16 character alphanumeric string
    ##
    token: ""
    ## Optionally provide the name of an existing secret containing facebook verify token. The secret must contain
    ## the key "fb-verify-token" that contains the value of the token.
    ##
    ## NOTE: When it's set the previous parameter "commonSecrets.cognigyFacebook.token" is ignored.
    ##
    existingSecret: ""
  ## API key for Cognigy insights service collector
  ##
  cognigyInsightsCollectorApiKey:
    ## Define the value of the API key. Defaults to base 16 of a random 128 character alphanumeric string
    ##
    token: ""
    ## Optionally provide the name of an existing secret containing API key. The secret must contain
    ## the key "secret" that contains the value of the API key.
    ##
    ## NOTE: When it's set the previous parameter "commonSecrets.cognigyInsightsCollectorApiKey.token" is ignored.
    ##
    existingSecret: ""
  ## Cognigy Collaboration JWT token
  ##
  cognigyCollaborationJwt:
    ## Define the value of the JWT token. Defaults to base 16 of a random 128 character alphanumeric string
    ##
    token: ""
    ## Optionally provide the name of an existing secret containing JWT token. The secret must contain
    ## the key "secret" that contains the value of the JWT token.
    ##
    ## NOTE: When it's set the previous parameter "commonSecrets.cognigyCollaborationJwt.token" is ignored.
    ##
    existingSecret: ""
  ## Cognigy Insights JWT token
  ##
  cognigyInsightsJwt:
    ## Define the value of the JWT token. Defaults to base 16 of a random 128 character alphanumeric string
    ##
    token: ""
    ## Optionally provide the name of an existing secret containing JWT token. The secret must contain
    ## the key "secret" that contains the value of the JWT token.
    ##
    ## NOTE: When it's set the previous parameter "commonSecrets.cognigyInsightsJwt.token" is ignored.
    ##
    existingSecret: ""
  ## The JWT secret to sign JWT-tokens with, this is used e.g. for realtime-tokens (endpoint, backend connection)
  ##
  cognigyJwt:
    ## Define the value of the JWT token. Defaults to base 16 of a random 128 character alphanumeric string
    ##
    token: ""
    ## Optionally provide the name of an existing secret containing JWT token. The secret must contain
    ## the key "secret" that contains the value of the JWT token.
    ##
    ## NOTE: When it's set the previous parameter "commonSecrets.cognigyJwt.token" is ignored.
    ##
    existingSecret: ""
  ##  Verify token for RCE
  ##
  cognigyRceCredentials:
    ## Define the value of the JWT token. Defaults to base 16 of a random 32 character alphanumeric string
    ##
    token: ""
    ## Optionally provide the name of an existing secret containing JWT token. The secret must contain
    ## the key "rce-verify-token" that contains the value of the JWT token.
    ##
    ## NOTE: When it's set the previous parameter "commonSecrets.cognigyRceCredentials.token" is ignored.
    ##
    existingSecret: ""
  ## OData API key
  ##
  cognigyOdata:
    ## Define the value of the API key. Defaults to base 16 of a random 32 character alphanumeric string
    ##
    token: ""
    ## Optionally provide the name of an existing secret containing API key. The secret must contain
    ## the key "odata-super-api-key" that contains the value of the API key.
    ##
    ## NOTE: When it's set the previous parameter "commonSecrets.cognigyOdata.token" is ignored.
    ##
    existingSecret: ""
  ## The Cognigy Service Endpoint secret access token
  ##
  cognigyServiceEndpointApiAccessToken:
    ## Define the value of the API token. Defaults to base 16 of a random 16 character alphanumeric string
    ##
    token: ""
    ## Optionally provide the name of an existing secret containing API token. The secret must contain
    ## the key "api-access-token" that contains the value of the API token.
    ##
    ## NOTE: When it's set the previous parameter "commonSecrets.cognigyServiceEndpointApiAccessToken.token" is ignored.
    ##
    existingSecret: ""
  ## The Cognigy Service Handover secret access token
  ##
  cognigyServiceHandoverApiAccessToken:
    ## Define the value of the API token. Defaults to base 16 of a random 16 character alphanumeric string
    ##
    token: ""
    ## Optionally provide the name of an existing secret containing API token. The secret must contain
    ## the key "api-access-token" that contains the value of the API token.
    ##
    ## NOTE: When it's set the previous parameter "commonSecrets.cognigyServiceHandoverApiAccessToken.token" is ignored.
    ##
    existingSecret: ""
  cognigySearchOrchestratorApiKey:
    ## Define the value of the API token. Defaults to base 16 of a random 16 character alphanumeric string
    ##
    token: ""
    ## Optionally provide the name of an existing secret containing API token. The secret must contain
    ## the key "api-key" that contains the value of the API token.
    ##
    ## NOTE: When it's set the previous parameter "commonSecrets.cognigySearchOrchestratorApiKey.token" is ignored.
    ##
    existingSecret: ""
  cognigySecureFormsApiKey:
    ## Define the value of the API token. Defaults to empty string
    ##
    token: ""
    ## Optionally provide the name of an existing secret containing API token. The secret must contain
    ## the key "api-key" that contains the value of the API token.
    ##
    ## NOTE: When it's set the previous parameter "commonSecrets.cognigySecureFormsApiKey.token" is ignored.
    ##
    existingSecret: ""
  cognigyOauthClientSecret:
    ## Define the value of the Oauth Client Secret. Defaults to a random 64 character alphanumeric string
    ##
    token: ""
    ## Optionally provide the name of an existing secret containing the client secret. The secret must contain
    ## the key "secret" that contains the value of the secret.
    ##
    ## NOTE: When it's set the previous parameter "commonSecrets.cognigyOauthClientSecret.token" is ignored.
    ##
    existingSecret: ""
  cognigyVoicegatewayClientSecret:
    ## Define the value of the Oauth Client Secret. Defaults to a random 64 character alphanumeric string
    ## The value of this secret should be same as the client secret created in VoiceGateway Cluster
    ##
    token: ""
    ## Optionally provide the name of an existing secret containing the client secret. The secret must contain
    ## the key "secret" that contains the value of the secret.
    ##
    ## NOTE: When it's set the previous parameter "commonSecrets.cognigyVoicegatewayClientSecret.token" is ignored.
    ##
    existingSecret: ""
  vgWebappDefaultLoginCredentials:
    ## Define the value of the Voice Gateway WebApp Login Credentials. Defaults to an empty username and password in json format.
    ## The value of this secret should be same as the login credential secret created in VoiceGateway Cluster
    ## The value consists of JSON {"username": "example_username", "password": "example_password"}
    ##
    credential: '{"username": "", "password": ""}'
    ## Optionally provide the name of an existing secret containing the credential. The secret must contain
    ## the key "vg-webapp-login-creds" that contains the value in the above format
    ##
    ## NOTE: When it's set the previous parameter "commonSecrets.vgWebappDefaultLoginCredentials.vg-webapp-login-creds" is ignored.
    ##
    existingSecret: ""

## Optionally provide podAnnotations for all deployments except dependency charts.
cognigyCommonPodAnnotations: {}

# This is a temporary flag for the "Knowledge Search" feature. It be removed once
# feature development is complete. Please DO NOT use this flag for now if you are a
# customer running Cognigy.AI/Cognigy Insights using this HelmChart.
knowledgeSearch:
  enabled: false

  # System-wide Azure AI Document Intelligence configuration
  globalAzureDocumentIntelligenceConfig:
    # Enabling this will only take effect when the parent
    # 'knowledgeSearch'feature is enabled.
    enabled: false
    ## The API key for Azure AI Document Intelligence
    apiKey: ""
    ## The endpoint URL for Azure AI Document Intelligence
    endpointUrl: ""
    ## Existing secret with azureDocIntel credentials. The secret must have the following two keys:
    ##   "azureDocIntel-api-key": The API key for Azure AI Document Intelligence
    ##   "azureDocIntel-endpoint-url": The endpoint URL for Azure AI Document Intelligence
    ##
    ## NOTE: When globalAzureDocumentIntelligenceConfig.existingSecret is set, clear text credentials passed in the previous parameters
    ## "globalAzureDocumentIntelligenceConfig.api-key" and "globalAzureDocumentIntelligenceConfig.endpoint-url" are ignored.
    existingSecret: ""

## Traefik TLS certificate for the hostname defined at ingress.<service_name>.host
## NOTE: If you provide "tls.enable: true" and "traefik.enabled: true", either tls.crt and tls.key or tls.existingSecret must be provided.
tls:
  ## Enable traefik tls
  ## NOTE: If traefik is enabled ("traefik.enabled: true"), and you provide "tls.enable: false", then the auto redirection of http to https
  ## also must be disabled by setting traefik.ports.web.redirectTo.port: null
  enabled: true
  ## Add Custom CA certificate. A tls type secret named "cognigy-traefik" will be created based on the values of tls.crt and tls.key
  ## Careful with the indentation
  ## For more information, see https://helm.sh/docs/chart_template_guide/yaml_techniques/#strings-in-yaml
  ##
  ## Custom CA certificate in plaintext, not base64 encoded.
  ## Example:
  ##   crt: |
  ##     -----BEGIN CERTIFICATE-----
  ##     -----END CERTIFICATE-----
  crt: ""
  ## CA certificate private key in plaintext, not base64 encoded.
  ## Example:
  ## key: |
  ##   -----BEGIN PRIVATE KEY-----
  ##   -----END PRIVATE KEY-----
  key: ""
  ## Existing secret with TLS certificates. The secret must have the following two keys:
  ## "tls.crt": Containing the CA certificate
  ## "tls.key": Containing the certificate key
  ## NOTE: When tls.existingSecret is set, clear text certificate passed in the previous parameters "tls.crt" and "tls.key" are ignored.
  existingSecret: ""

# If ingress is not required to deploy then you can set "ingress.enabled" to false. By default it is always enabled.
# ingress:
#   enabled: false
ingress:
  enabled: true
  serviceAnalyticsOdata:
    host: ""
    ## Do not use ingress.<service>.tls.enabled parameter if you have a wildcard certificate for all ingresses (recommended), use `tls` section for a wildcard certificate instead.
    ## If you have individual certificates per ingress, set ingress.<service>.tls.enabled: "true" per individual ingress.
    ## This will create a new secret cognigy-<service-name>-tls containing the individual certificate and the ingress will be served with the individual certificate.
    ## You will need to provide the certificate either in clear text by setting `crt` and `key` fields or as existing base64-encoded kubernetes secret.
    ## For a TLS certificate in clear text set:
    ## "ingress.<service>.tls.crt": TLS certificate including full certificate chain
    ## "ingress.<service>.tls.key": TLS certificate key
    ## NOTE: When ingress.<service>.tls.existingSecret is set, certificate in clear text under `tls.crt` and `tls.key` is ignored.
    ## Please make sure the `existingSecret` is created before referencing it in the ingress specification

    ## CA certificate and certificate key in plaintext, not base64 encoded.
    ## Example:
    ## key: |
    ##   -----BEGIN PRIVATE KEY-----
    ##   -----END PRIVATE KEY-----
    tls:
      enabled: false
      existingSecret: ""
      crt: ""
      key: ""
    ## Traefik IPWhiteList middleware. IPWhitelist accepts / refuses requests based on the client IP.
    ## A sourceRange of 0.0.0.0/0 means all IPs are allowed. For more detail https://doc.traefik.io/traefik/middlewares/http/ipwhitelist/
    ipWhiteListMiddleware:
      enabled: true
      ipWhiteList:
        sourceRange:
          - 0.0.0.0/0
        ipStrategy:
          depth: 0
  serviceApi:
    host: ""
    tls:
      enabled: false
      existingSecret: ""
      crt: ""
      key: ""
    ipWhiteListMiddleware:
      enabled: true
      ipWhiteList:
        sourceRange:
          - 0.0.0.0/0
        ipStrategy:
          depth: 0
  serviceAppSessionManager:
    host: ""
    tls:
      enabled: false
      existingSecret: ""
      crt: ""
      key: ""
    ipWhiteListMiddleware:
      enabled: true
      ipWhiteList:
        sourceRange:
          - 0.0.0.0/0
        ipStrategy:
          depth: 0
  serviceCollector:
    host: ""
    tls:
      enabled: false
      existingSecret: ""
      crt: ""
      key: ""
    ipWhiteListMiddleware:
      enabled: true
      ipWhiteList:
        sourceRange:
          - 0.0.0.0/0
        ipStrategy:
          depth: 0
  serviceEndpoint:
    host: ""
    tls:
      enabled: false
      existingSecret: ""
      crt: ""
      key: ""
    ipWhiteListMiddleware:
      enabled: true
      ipWhiteList:
        sourceRange:
          - 0.0.0.0/0
        ipStrategy:
          depth: 0
  serviceInsightsApi:
    host: ""
    tls:
      enabled: false
      existingSecret: ""
      crt: ""
      key: ""
    ipWhiteListMiddleware:
      enabled: true
      ipWhiteList:
        sourceRange:
          - 0.0.0.0/0
        ipStrategy:
          depth: 0
  serviceRuntimeFileManager:
    host: ""
    tls:
      enabled: false
      existingSecret: ""
      crt: ""
      key: ""
    ipWhiteListMiddleware:
      enabled: true
      ipWhiteList:
        sourceRange:
          - 0.0.0.0/0
        ipStrategy:
          depth: 0
  serviceUi:
    host: ""
    tls:
      enabled: false
      existingSecret: ""
      crt: ""
      key: ""
    ipWhiteListMiddleware:
      enabled: true
      ipWhiteList:
        sourceRange:
          - 0.0.0.0/0
        ipStrategy:
          depth: 0
  serviceStaticFiles:
    host: ""
    tls:
      enabled: false
      existingSecret: ""
      crt: ""
      key: ""
    ipWhiteListMiddleware:
      enabled: true
      ipWhiteList:
        sourceRange:
          - 0.0.0.0/0
        ipStrategy:
          depth: 0
  serviceWebchat:
    host: ""
    tls:
      enabled: false
      existingSecret: ""
      crt: ""
      key: ""
    ipWhiteListMiddleware:
      enabled: true
      ipWhiteList:
        sourceRange:
          - 0.0.0.0/0
        ipStrategy:
          depth: 0
  agentAssistBackend:
    host: ""
    legacyHost: ""
    tls:
      enabled: false
      existingSecret: ""
      crt: ""
      key: ""
    ipWhiteListMiddleware:
      enabled: true
      ipWhiteList:
        sourceRange:
          - 0.0.0.0/0
        ipStrategy:
          depth: 0
  agentAssistFrontend:
    host: ""
    legacyHost: ""
    tls:
      enabled: false
      existingSecret: ""
      crt: ""
      key: ""
    ipWhiteListMiddleware:
      enabled: true
      ipWhiteList:
        sourceRange:
          - 0.0.0.0/0
        ipStrategy:
          depth: 0

## Kubernetes service type
##
service:
  serviceAnalyticsOdata:
    ## Optional Service annotations.
    ## Example:
    ## annotations:
    ##   service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
    ##   service.name: service-analytics-odata
    ##
    annotations: {}
  serviceApi:
    annotations: {}
  serviceAppSessionManager:
    annotations: {}
  serviceCollaboration:
    annotations: {}
  serviceEndpoint:
    annotations: {}
  serviceInsightsApi:
    annotations: {}
  serviceCollector:
    annotations: {}
  serviceHandover:
    annotations: {}
  serviceInsightsUi:
    annotations: {}
  serviceRuntimeFileManager:
    annotations: {}
  serviceStaticFiles:
    annotations: {}
  serviceUi:
    annotations: {}
  serviceWebchat:
    annotations: {}
  statefulRabbitMq:
    annotations: {}
  serviceNlpEmbeddingEn:
    annotations: {}
  serviceNlpEmbeddingXx:
    annotations: {}
  serviceNlpEmbeddingGe:
    annotations: {}
  serviceSearchOrchestrator:
    annotations: {}
  cubeApiServer:
    annotations: {}
  cubeStoreRouter:
    annotations: {}
  cubeStoreWorker:
    annotations: {}
  agentAssistBackend:
    annotations: {}
  agentAssistFrontend:
    annotations: {}
  agentAssistGenesysNotificationsForwarder:
    annotations: {}

cognigyEnv:
  NODE_ENV: production

  ## This feature flag when activated disables the "resetting of flow".
  FEATURE_DISABLE_RESET_FLOW: "true"

  OAUTH_CLIENT_ID: "cognigy-ui"
  CLIENT_ID_COGNIGY_VOICE_GATEWAY: "voicegateway"
  CLIENT_ID_COGNIGY_LIVE_AGENT: "cognigy-live-agent"

  # Enable the creation of metrics which will then get consumed
  # by our 'service-monitoring'.
  MONITOR_RPC_CALLS: "true"

  # Enable Redis Sentinel (HA mode)
  FEATURE_REDIS_SENTINEL_MODE_ENABLED: "true"
  REDIS_SENTINEL_MASTER_NAME: "mymaster"
  REDIS_SENTINEL_HOST: "redis-ha-headless"
  REDIS_SENTINEL_PORT: "26379"
  # Enable Redis Persistent Sentinel (HA mode)
  FEATURE_REDIS_PERSISTENT_SENTINEL_MODE_ENABLED: "true"
  REDIS_PERSISTENT_SENTINEL_MASTER_NAME: "mymaster"
  REDIS_PERSISTENT_SENTINEL_HOST: "redis-persistent-ha-headless"
  REDIS_PERSISTENT_SENTINEL_PORT: "26379"

  # limits (api requests, db queries, context-size)
  MESSAGE_TTL_SECONDS: "120"
  MAX_MEMORY_OBJECT_SIZE: "65536"
  HTTP_JSON_BODY_LIMIT: "65536"
  MAX_BYTE_SIZE: "524288"
  RESPONSE_BYTES_LIMIT: "524288"

  # features (enable / disable)
  FEATURE_CUSTOM_NODES: "true"

  # log cleanup
  LOG_ENTRIES_TTL_IN_MINUTES: "1440"
  LOG_ENTRIES_BUFFER_IN_SECONDS: "5"

  # SMTP server for 'forgot password' functionality
  SYSTEM_SMTP_HOST: "test"
  SYSTEM_SMTP_PORT: "test"
  SYSTEM_SMTP_USERNAME: "test"
  SYSTEM_SMTP_FROM: "test"
  SYSTEM_SMTP_CONNECTION_TYPE: "starttls"
  # SYSTEM_SMTP_PASSWORD is a secret!

  # Domains to whitelist for cors for the API (service-api)
  API_CORS_WHITELIST: ""

  # Execution relevant configuration (service-execution)
  MODULE_MAX_EVENT_EMISSIONS: "10"
  MAX_MODULE_EXECUTION_TIME_IN_SECONDS: "20"

  # Endpoint configuration for Alexa
  ALEXA_END_SESSION_AFTER_EACH_REPLY: "true"

  # Enable max contact profile TTL in minutes
  MAX_CONTACT_PROFILE_TTL_IN_MINUTES: "43200"

  # Enable max conversation TTL in minutes
  MAX_CONVERSATION_TTL_IN_MINUTES: "43200"

  # Enable max conversation TTL in minutes
  MAX_SESSION_STATE_TTL_IN_MINUTES: "10080"

  # Enable new Cognigy Insights UI
  FEATURE_USE_SERVICE_INSIGHTS_UI: "true"

  # Path to files containing pre-computed noise embeddings
  NLP_PRECOMPUTED_EMBEDDINGS_PATH: "/embedding/precomputed_embeddings"

  # limit the max amount of pre-agregations runing simultaniuosly
  # increase on environments with higher workloads
  CUBEJS_SCHEDULED_REFRESH_CONCURRENCY: "10"
  FEATURE_INSIGHTS_USE_CUBE_JS_FILTERS_PREAGGREGATIONS: "false"
  FEATURE_INSIGHTS_USE_CUBE_JS_MESSAGES_PREAGGREGATIONS: "false"

  # A link to an online instance of the adaptive cards designer
  # ADAPTIVE_CARDS_DESIGNER_URL:

  # Amazon client credetentials
  # AMAZON_CLIENT_ID:
  # AMAZON_CLIENT_SECRET:

  # Enable links to docs.cognigy.com
  # FEATURE_USE_COGNIGY_DOC_LINKS:

  ### Cognigy Live Agent Configuration ###
  # Activate Cognigy Live Agent
  # FEATURE_USE_COGNIGY_LIVE_AGENT:
  # CLIENT_SECRET_COGNIGY_LIVE_AGENT:
  # REDIRECT_URI_COGNIGY_LIVE_AGENT:
  # CLIENT_ID_COGNIGY_LIVE_AGENT:

  # Live Agent base URL
  # LIVE_AGENT_BACKEND_BASE_URL_WITH_PROTOCOL:

  # COGNIGY_LIVE_AGENT_PLATFORM_TOKEN:

  # CORS whitelist for the live-agent API
  # LIVE_AGENT_API_CORS_WHITELIST:

  # Live Agent API secret
  # LIVE_AGENT_API_SECRET:

  # The TTL of the JWT + access token in seconds
  # LIVE_AGENT_TOKEN_TTL_IN_SECONDS:

  # activate Cognigy Live Agent Dashboard
  # FEATURE_USE_COGNIGY_LIVE_AGENT_DASHBOARD:

  ### Cognigy Agent Assist setup ###
  # FEATURE_ENABLE_AGENT_ASSIST_WORKSPACE_WHITELIST:
  # FEATURE_ENABLE_AGENT_ASSIST_WORKSPACE_GENESYS_CREDENTIALS_WHITELIST:

  # Genesys Cloud handover provider feature flag
  # FEATURE_USE_GENESYS_CLOUD:

  # If set to "true", will exchange "Cognigy.AI" for a generic name and will let customer to whitelabel the platform
  # FEATURE_USE_WHITELABELING:

  # The JWT secret to sign JWT-tokens with, this is used e.g. for realtime-tokens (endpoint, backend connection, xApp submit payload with voice preview test call from interaction panel)
  # JWT_SECRET:

  # The app-id for the official workplace by facebook cognigy.AI APP
  # WORKPLACE_APP_ID:

  # defaults to 'false', needs to be set to 'true'
  # FEATURE_ALLOW_ADDITIONAL_ACTIONS_IN_CODE_NODES:

  # Disable the license-installation route. This is e.g. used
  # for our cloud installations. The same environment variable
  # needs to be set within the 'service-api' to disable the
  # api there as well. Set the env variable to 'true'
  # DISABLE_LICENSE_UPLOAD:

  # If true, service nlp matcher will be disabled, but not for the ids in FEATURE_USE_SERVICE_NLP_MATCHER_ORG_FILTER
  # FEATURE_DISABLE_SERVICE_NLP_MATCHER:

  ### Connection details for RabbitMQ ###
  # RABBITMQ_HOST:
  # RABBITMQ_PORT:
  # RABBITMQ_USER:
  # RABBITMQ_PASSWORD:

  ### Connection details for Redis self-managed configuration ###
  # REDIS_HOST:
  # REDIS_PORT:
  # REDIS_PASSWORD:
  # REDIS_USE_TLS:
  # REDIS_DEFAULT_TTL:
  # REDIS_KEEP_ALIVE_INTERVAL_IN_SECONDS:

  ### Connection details for Redis persistent self-managed configuration ###
  # REDIS_PERSISTENT_HOST:
  # REDIS_PERSISTENT_PORT:
  # REDIS_PERSISTENT_PASSWORD:
  # REDIS_PERSISTENT_USE_TLS:
  # REDIS_PERSISTENT_KEEP_ALIVE_INTERVAL_IN_SECONDS:

  # maximum number of unacknowledged messages in Events queues
  # SERVICE_EVENTS_PREFETCH:

  # Can be set to 0 to never expire contact profiles
  # MAX_CONTACT_PROFILE_TTL_IN_MINUTES: "0"

  # Can be set to 0 to never expire session states
  # MAX_SESSION_STATE_TTL_IN_MINUTES: "0"

  # Agent Bot description for Live Agent, Chatwoot, etc.
  # AGENT_BOT_DESCRIPTION:

  # Agent Bot name for Live Agent, Chatwoot, etc.
  # AGENT_BOT_NAME:

  # Additional Alexa configuration
  # ALEXA_END_SESSION_AFTER_EACH_REPLY:

  # Check availability node timeout of agent
  # CHECK_AGENT_AVAILABILITY_NODE_TIMEOUT_IN_SECONDS:

  # RPC timeout for creating runtime file in seconds. Default value is 8 secs.
  # CREATE_RUNTIME_FILE_TIMEOUT_IN_SECONDS:

  # Redis default cache TTL
  # DEFAULT_CACHE_TTL:

  # Endpoint base URL
  # ENDPOINT_BASE_URL_TUNNEL:

  # Allows our customers to specify CORS origins. If you want to specify CORS origins,
  # add all of your origins into a comma-delimited list as the following examples:
  # "http://example1.com, http://example2.com", "http://*.example3.com"
  # ENDPOINT_CORS_WHITELIST:

  # The TTL of the session storage in the endpoint transformers in seconds.
  # ENDPOINT_TRANSFORMER_SESSION_STORAGE_TTL:

  # TTL for user meta-data the system uses to keep track, such as flow changes
  # ENDPOINT_USER_METADATA_REDIS_TTL:

  # Additional facebook configuration. This is to verify the token in the webhook
  # FB_VERIFY_TOKEN:

  # Enable the "Follow Sessions" feature
  # FEATURE_ENABLE_FOLLOW_SESSION:

  # Enable detailed logs for RPC calls handling
  # FEATURE_RPC_LOGS:

  # Enable the SSO features and show the Microsoft nodes if enabled
  # FEATURE_USE_MICROSOFT_SSO:

  # Enable assured message delivery for sockentendpoint
  # FEATURE_USE_SOCKETENDPOINT_EVENTBUFFER:

  # Cleanup/remove idle socket client connection
  # GENESYS_CLOUD_SOCKET_CLIENT_CLEANUP_INTERVAL:

  # To limit the number of unacknowledged messages on a channel/connection on AMQP client
  # HANDOVER_POLLING_PREFETCH:

  # Salesforce
  # HANDOVER_POLLING_TTL:

  # The TTL for the RPC call to fetch the conversation.
  # Should be increase if the save interval for analytics is increased
  # HANDOVER_READ_CONVERSATION_TIMEOUT_IN_SECONDS:

  # Handover TTL for persisting agent bot id into redis
  # HANDOVER_TTL:

  # Register a route for loader.io verification
  # LOADER_IO_TOKEN:

  # The TTL of messages in the endpoint-session-queues in seconds.
  # MESSAGE_TTL_SECONDS:120

  # Redis key TTL which stores inject/notify meta data
  # NOTIFY_INJECT_EXPIRATION_IN_SECONDS:

  # To reference assets in the `public` folder
  # PUBLIC_URL:

  # Verify token for RCE
  # RCE_VERIFY_TOKEN:

  # A comma-separated list of Snapshots that are deployed as Snapshot Executors
  # SNAPSHOTS_USING_SNAPSHOT_EXECUTOR:

  # TTL for the Redis key used to handle client instances
  # SOCKET_ENDPOINT_REDIS_CLIENT_TTL:

  # TTL for the Redis key used to handle buffer events
  # SOCKET_ENDPOINT_REDIS_CONNECTION_STATUS_TTL:

  # TTL for the Redis key used to handle sockets
  # SOCKET_ENDPOINT_REDIS_SOCKET_TTL:

  # Temporary workaround for a customer:
  # Wait for n seconds before we actually try to read the conversation history
  # as it seems that the history is not complete and
  # that 'waitForPossibleInput' does not work properly
  # TEMP_FIX_WAIT_FOR_CONVERSATION_HISTORY:

  # TWITTER configuration
  # TWITTER_ACCESS_TOKEN:
  # TWITTER_ACCESS_TOKEN_SECRET:
  # TWITTER_APIKEY:
  # TWITTER_CONSUMER_KEY:
  # TWITTER_CONSUMER_SECRET:
  # TWITTER_FLOWNAME:
  # TWITTER_USERNAME:

  # Comma-separated list of origin URIs that are allowed to embed the webchat page as an iframe
  # You can use * in URLs to define subdomains or just * to allow any source
  # Example: WEBCHAT_EMBEDDER_WHITELIST:mywebsite.com,myotherwebsite.com
  # Example: WEBCHAT_EMBEDDER_WHITELIST:*.mywebsite.com
  # Example: WEBCHAT_EMBEDDER_WHITELIST:*
  # WEBCHAT_EMBEDDER_WHITELIST:

  # Prevent websocket connections from switching to long polling if set to true.
  # WEBCHAT_FORCE_WEBSOCKETS:'false'

  # WhatsApp cloud API url, whereas undefined means default url `https://graph.facebook.com/v13.0`
  # WHATS_APP_GRAPH_API_HOST:

  # Workplace by facebook specific
  # WORKPLACE_VERIFY_TOKEN:
  # WORKPLACE_APP_REDIRECT:
  # WORKPLACE_APP_SECRET:

  ### service-ui env variables ###
  # sets the RSS-feed for the projects view
  # RSS_FEED_URL:https://www.cognigy.com/blog/tag/product/rss.xml

  # Flag that can be used to disable the 'get help / get tech support'
  # button within the navigation to file a support ticket a Cognigy
  # DISABLE_GET_TECH_SUPPORT:

  # A link to a custom support-page or solution. Will only be displayed
  # if the 'DISABLE_GET_TECH_SUPPORT' variable is NOT set to 'true'. If
  # defined, it will overwrite our zendesk support integration
  # FEATURE_CUSTOM_SUPPORT_LINK:

  # Flag that can enable the 'community-forum' button within the
  # navigation. The community forum is operated by Cognigy and a platform
  # that allows users to connect with others. By default this will be off.
  # FEATURE_COMMUNITY_BUTTON:

  # Flag used to enable or disable Amazon Lex endpoint
  # FEATURE_ENABLE_AMAZON_LEX_ENDPOINT

  # Allow "from" for smtp configuration, defaults to false
  # FEATURE_USE_SMTP_FROM:

  # Set a Signup Link on the login page
  # FEATURE_USE_SIGNUP_FOR_FREE_LINK:

  ### Temp variables ###
  # Activate the translation feature
  # FEATURE_TMP_USE_ENDPOINT_TRANSLATION:

  # Define a whitelist of Endpoints that will not be shown in the UI, separated by comma.
  # Use the actual endpoint channel type values, e.g. webchat2
  # Example: FEATURE_OMMITED_ENDPOINTS_FROM_UI:"twilio,twilio-autopilot,twilio-sms,webchat2"
  # FEATURE_OMMITED_ENDPOINTS_FROM_UI:

  # Disable communication with Gravatar servers for profile pictures if set to "true"
  # FEATURE_DISABLE_GRAVATAR_FOR_PROFILE_PICTURES:

  # Disable communication with Gravatar servers for profile pictures if set to "true"
  # FEATURE_DISABLE_GRAVATAR_FOR_PROFILE_PICTURES:

  # Set this to "true" to disable the Insights application and use "the old analytics" page instead
  # This option will be removed in the future!
  # FEATURE_DISABLE_INSIGHTS:

  # Disable marketplace integration
  # FEATURE_DISABLE_MARKETPLACE:

  # Define the marketplace hostname with protocol
  # MARKETPLACE_BASE_URL_WITH_PROTOCOL:

  # Activate possibility of Non-Conversational endpoint creation
  # FEATURE_USE_NON_CONVERSATIONAL_ENDPOINT:

  # If set to "true", the customer will be able to update the 'trustedCode'
  # property of an extension (and its node descriptor set)
  # FEATURE_ALLOW_TRUSTED_CODE_CONFIGURATION:

  # Enable VoiceGateway by setting this to "true"
  # Only works in combination with: FEATURE_ENABLE_VOICEGATEWAY_2_OVERRIDE_ALL_ORG_IDS or FEATURE_ENABLE_VOICEGATEWAY_2_WHITELIST
  # FEATURE_ENABLE_VOICEGATEWAY_2:

  # Enable VoiceGateway to all Org. IDs in the environment by setting it to "true"
  # Only works with FEATURE_ENABLE_VOICEGATEWAY_2 it is also "true"
  # FEATURE_ENABLE_VOICEGATEWAY_2_OVERRIDE_ALL_ORG_IDS:

  # Comma-separated list of Org. IDs to have VoiceGateway enabled
  # Only works with FEATURE_ENABLE_VOICEGATEWAY_2 it is also "true"
  # Example: FEATURE_ENABLE_VOICEGATEWAY_2_WHITELIST:5f99a7ad6107a6be813ff301,5f99a7ad6107a6be813ff302
  # FEATURE_ENABLE_VOICEGATEWAY_2_WHITELIST:

  # Enable Interaction Panel Calls feature to all Org. IDs in the environment by setting it to "true"
  # FEATURE_ENABLE_VOICECALL_OVERRIDE_ALL_ORG_IDS:

  # Comma-separated list of Org. IDs to have Interaction Panel Calls feature enabled
  # Example: FEATURE_ENABLE_VOICECALL_WHITELIST:5f99a7ad6107a6be813ff301,5f99a7ad6107a6be813ff302
  # FEATURE_ENABLE_VOICECALL_WHITELIST:

  # Voice Gateway WebApp Configurations
  # Comma-separated list of OrgIDs for which VoiceGateway WebApp access has to be enabled. Use * to enable for all OrgIDs
  # VG_WEBAPP_ACCESS_WHITELIST:
  # The below URLs need to be set if the VoiceGateway WebApp is enabled and the value should be from VoiceGateway Cluster
  # COGNIGY_VOICE_GATEWAY_APP_BASE_URL_WITH_PROTOCOL:
  # COGNIGY_VOICE_GATEWAY_WEB_BASE_URL_WITH_PROTOCOL:

  # Max waiting time for AI responses in the VG2 client. Default is 30 seconds
  # ENDPOINT_VG2_TIMEOUT_FOR_AI_RESPONSES_IN_SECONDS: "30"

  # Voice Gateway: Enable Handover settings in the VG2 Endpoint
  FEATURE_ENABLE_HANDOVER_SETTINGS_FOR_VG2: "true"
  # Disable atmosphere noises for VG
  # DISABLE_VG_ATMOSPHERE_NOISE:

  # Disable silence overlay for VG
  # DISABLE_VG_SILENCE_OVERLAY:

  # Enable Central Configuration for Adaptive cards
  # FEATURE_USE_ADVANCED_ADAPTIVECARDS_INTEGRATION:

  # Enable this flag to use the new Insights UI service
  # FEATURE_USE_SERVICE_INSIGHTS_UI:

  # Enables training all out of date flow models from a project (used in service-ai and service-api).
  # If enabled, you also have to set the TRAIN_ALL_FLOWS env variable for train deployments
  # FEATURE_TRAIN_ALL_PROJECT_FLOWS:

  # Enables nlp-train deployments to accept "train-all-project-flows" calls.
  # If set globally, all train deployments will accepts these calls.
  # We have a dedicated env var, because this would allow for dedicate "train-all" deployments if needed.
  # TRAIN_ALL_FLOWS:

  # Route to the Insights UI service for local development
  # INSIGHTS_UI_BASE_URL_WITH_PROTOCOL:

  # Temporary flag to hide Yes/No Intent feature.
  # Will be removed when feature is complete..
  # FEATURE_ENABLE_YES_NO_INTENTS:

  # The websocket URI to reach Voice Gateway from Interaction Panel Test calls
  # VOICE_GATEWAY_SIP_WS_URI_WITH_PROTOCOL:

  ### service-resources env variables ###
  # database credentials for resources
  # RESOURCES_DB_USERNAME:
  # RESOURCES_DB_PASSWORD:
  # RESOURCES_DB_HOST:
  # RESOURCES_DB_PORT:
  # RESOURCES_DB_NAME:

  # database credentials for nlu grid fs bucket
  # NLU_DB_USERNAME:
  # NLU_DB_PASSWORD:
  # NLU_DB_HOST:
  # NLU_DB_PORT:
  # NLU_DB_NAME:

  # encryption key for fields within connections
  # CONNECTION_FIELDS_ENCRYPTION_KEY:

  # Max amount of undo / redo steps to store
  # MAX_UNDO_REDO_STEPS:

  # Max amount of locales per project. Defaults to 10
  # MAX_AMOUNT_OF_PROJECT_LOCALES:

  # The storage path where Cognigy functions will reside
  # FUNCTION_CODE_STORAGE_PATH:

  # The amount of seconds a downloadable package for a Snapshot exists in Redis
  # SNAPSHOT_PACKAGE_TTL_IN_SECONDS:

  # list of organisationIds that use service nlp matcher, separated by ;
  # FEATURE_USE_SERVICE_NLP_MATCHER_ORG_FILTER:

  # The Path from which system wide extensions should be loaded.
  # FEATURE_ADDITIONAL_SYSTEM_WIDE_EXTENSIONS_PATH:

  # The total number of http requests a customer can send via the httpRequest API
  # OPTIONS_RESOLVER_MAX_OUTGOING_HTTP_REQUESTS:

  # The total amount of data (in bytes) a http response can contain - used for the
  # httpRequest API
  # OPTIONS_RESOLVER_MAX_HTTP_REQUEST_RESPONSE_SIZE_BYTES:

  # The maximum number of seconds an options resolver is allowed to run, after
  # which the vm running the resolver will exit
  # OPTIONS_RESOLVER_MAX_EXECUTION_TIME_IN_SECONDS:

  # Number of minutes after which playbook runs expire - default
  # is set to 30 days
  # FUNCTION_RUN_EXPIRATION_IN_MINUTES:

  # Generative AI
  # GENERATIVE_AI_GENERATE_SENTENCES_PROMPT:
  # GENERATIVE_AI_GENERATE_SENTENCES_TIMEOUT_MS:
  # GENERATIVE_AI_LEXICON_ENTRIES_PROMPT:
  # GENERATIVE_AI_LEXICON_ENTRIES_TIMEOUT_MS:
  # GENERATIVE_AI_FLOW_GENERATION_DESCRIPTION_PROMPT:
  # GENERATIVE_AI_FLOW_GENERATION_TRANSCRIPT_PROMPT:
  # GENERATIVE_AI_FLOW_GENERATION_DESCRIPTION_TIMEOUT_MS:

  # Temporary Generative AI Features
  # FEATURE_TMP_GENERATIVE_AI_REPHRASE_STATMENT_PROMPT:
  # FEATURE_TMP_GENERATIVE_AI_REPHRASE_MULTIPLE_STATEMENTS_PROMPT:
  # FEATURE_GENERATIVE_AI_REPHRASE_TIMEOUT_IN_SECONDS:

  ### service-security env variables ###
  # connection details for the database
  # SECURITY_DB_USERNAME:
  # SECURITY_DB_PASSWORD:
  # SECURITY_DB_HOST:
  # SECURITY_DB_PORT:
  # SECURITY_DB_NAME:

  # The TTL of the LRU cache that stores the billing timezone
  # LRU_CACHE_BILLING_TIMEZONE_TTL_IN_SECONDS:

  # The prefetch for the conversation counter queue. Default 50
  # CONVERSATION_COUNTER_PREFECTH:

  ### service-api env variables ###
  # licensing server url, default value present
  # LICENSING_SERVER_URL_WITH_PROTOCOL:

  # connection details for the authentication database
  # AUTHENTICATION_DB_USERNAME:
  # AUTHENTICATION_DB_PASSWORD:
  # AUTHENTICATION_DB_HOST:
  # AUTHENTICATION_DB_PORT:
  # AUTHENTICATION_DB_NAME:

  # Connection details for SMTP server
  # SYSTEM_SMTP_HOST:
  # SYSTEM_SMTP_PORT:
  # SYSTEM_SMTP_CONNECTION_TYPE:
  # SYSTEM_SMTP_USERNAME:
  # SYSTEM_SMTP_PASSWORD:
  # SYSTEM_SMTP_FROM:

  # Session Secret is used e.g. for the openid-connect implementation
  # SESSION_SECRET:

  # The basic auth credentials for special api calls (like creating organisations)
  # INTERNAL_API_USERNAME:
  # INTERNAL_API_PASSWORD:

  # Override URLs to services of the system. By default, Ingress host is used for every URL
  # Use the following format: protocol + domain + port (optional), without trailing slash
  # e.g. "https://subdomain.domain.tld:1234"
  # FRONTEND_BASE_URL_WITH_PROTOCOL:
  # BACKEND_BASE_URL_WITH_PROTOCOL:
  # INSIGHTS_BACKEND_BASE_URL_WITH_PROTOCOL:
  # ENDPOINT_BASE_URL_WITH_PROTOCOL:
  # RUNTIME_FILE_MANAGER_BASE_URL_WITH_PROTOCOL
  # APPS_BASE_URL_WITH_PROTOCOL:
  # AGENT_ASSIST_WORKSPACE_API_BASE_URL_WITH_PROTOCOL:
  # AGENT_ASSIST_WORKSPACE_FRONTEND_URL_WITH_PROTOCOL:
  # WEBCHAT_BASE_URL_WITH_PROTOCOL:

  # Decides whether users need to accept a license agreement
  # "true" | "false" (to be extended to "false" | "demo" | "community" etc. for different agreement texts)
  # FEATURE_LICENSE_AGREEMENT:
  # FEATURE_APIKEY_AUTH:

  # limit in kb for http put and post
  # HTTP_JSON_BODY_LIMIT:60

  # webhook that gets executed when a new user was created using the internal API
  # WEBHOOK_ON_USER_CREATED_HOST:

  # limit for http bodyparser text, used in upload csv
  # example: '1000KB', '2MB', ...
  # HTTP_TEXT_BODY_LIMIT:

  # Allows our customers to specify CORS origins. If you want to specify CORS origins,
  # add all of your origins into a comma-delimited list like so:
  # "http://example1.com, http://example2.com"
  # API_CORS_WHITELIST:

  # Allows to defined the TTL of access-tokens in minutes, e.g. set it to "5"
  #
  # The default value is: 15 minutes.
  # API_ACCESS_TOKEN_EXPIRATION_IN_MINUTES:

  # Allows to define the TTL of refresh-tokens. They need to have at least 4
  # times the amount of TTL than access-tokens!. E.g. set this to "15".
  #
  # The default value is: 1 day.
  # API_REFRESH_TOKEN_SHORT_EXPIRATION_IN_MINUTES:

  # The default value is: 30 days.
  # API_REFRESH_TOKEN_LONG_EXPIRATION_IN_MINUTES:

  # Conversation collection data Expiration time in minutes. Can be set to 0 to never expire conversations
  # MAX_CONVERSATION_TTL_IN_MINUTES:

  # Analytics collection data Expiration time in minutes. Can be set to 0 to never expire analytics
  # INSIGHTS_MAX_RAW_ANALYTICS_TTL_IN_MINUTES:
  # Conversation collection data Expiration time in minutes. Can be set to 0 to never expire conversations
  # INSIGHTS_MAX_CONVERSATIONS_TTL_IN_MINUTES:
  # Step events collection data Expiration time in minutes. Can be set to 0 to never expire step events
  # INSIGHTS_MAX_STEP_EVENTS_TTL_IN_MINUTES:
  # Steps collection data Expiration time in minutes. Can be set to 0 to never expire steps
  # INSIGHTS_MAX_STEPS_TTL_IN_MINUTES:

  # The amount of seconds how long audit-events are buffered before
  # they will get written to the database
  # AUDIT_EVENT_BUFFER_TIME_IN_SECONDS:

  # The amount of minutes for how long an audit-event should exist within the
  # system. By default, our system will drop audit-events after 30 days.
  # AUDIT_EVENT_TTL_IN_MINUTES:

  # The amount of operations per batch call.
  # MAX_AMOUNT_OF_OPERATIONS_PER_BATCH_CALL:

  # The max size allowed when uploading a Snapshot file.
  # Default size is 256 MiB
  # SNAPSHOT_MAX_FILE_SIZE:

  # The max size allowed when uploading a Package file.
  # Default size is 256 MiB
  # PACKAGE_MAX_FILE_SIZE:

  # Enable compression of response objects. Is by default
  # enabled and has to be set explicitly to 'false' to be disabled.
  # API_ENABLE_COMPRESSION:

  # The max size allowed when uploading a extensions file.
  # Default size is 128 MiB
  # EXTENSION_MAX_FILE_SIZE:

  # The length of the access token we generate. Default is 512 bytes
  # SECURITY_ACCESS_TOKEN_LENGTH:

  # The length of the refresh token we generate. Default is 2048 bytes
  # SECURITY_REFRESH_TOKEN_LENGTH:

  # Enable the feature to create superapikeys
  # FEATURE_USE_SUPERAPIKEY_API:

  # The allowed hostnames, from where extensions can be remotely loaded.
  #
  # This should be a comma-separated list of hostnames, domain names, or a mixture
  # of both. Asterisks can be used as wildcards.
  # Domain names may be indicated by a leading dot.
  # example: "*.aventail.com,home.com,.seanet.com"
  # defaults to "" meaning, no host is allowed.
  # use "*" to allow all hostnames.
  # ALLOWED_EXTENSION_HOSTNAMES:

  # If set to an integer value, the amount of Refresh Tokens generated by a user
  # will be limited to this value.
  # REFRESH_TOKEN_MAX_AMOUNT_PER_USER:

  # Email used to validate the organisation delition process
  # SYS_ADMINISTRATOR_EMAIL:

  # DELETE_ORGANIZATION_TOKEN_TTL_IN_MINUTES:

  # Flag to conditionally use request-promise to execute transformer
  # USE_REQUEST_PROMISE_FOR_TRANSFORMER:

  # VG prepareCall api-key
  # VOICE_TEST_CALL_API_SECRET:
  # VG base url
  # VOICE_GATEWAY_BASE_URL_WITH_PROTOCOL:
  # VOICE_GATEWAY_PREPARE_CALL_API:

  # The timeout for getting the conversation counter.
  # default 60000
  # CONVERSATION_COUNTER_TIMEOUT_IN_MS:

  # Hubspot Middleware URL to track events
  # HSMWURL:

  # URL to Microsoft Flow for Error Alerting
  # HSMWALERTURL:

  ### service-trainer env variables ###
  # connection details for the database
  # TRAINER_DB_USERNAME:
  # TRAINER_DB_PASSWORD:
  # TRAINER_DB_HOST:
  # TRAINER_DB_PORT:
  # TRAINER_DB_NAME:

  # An aes encryption key
  # TRAINER_PACKAGE_ENCRYPTION_KEY:

  ### service-logs env variables ###
  # connection details for the database
  # LOG_DB_USERNAME:
  # LOG_DB_PASSWORD:
  # LOG_DB_HOST:
  # LOG_DB_PORT:
  # LOG_DB_NAME:

  # ttl & buffer-time for log entries
  # LOG_ENTRIES_TTL_IN_MINUTES:
  # LOG_ENTRIES_BUFFER_IN_SECONDS:

  # maximum entries we process at once
  # LOG_ENTRIES_MAX_BUFFER_LENGHT:

  # the desired maximum length of the queue
  # MAX_LOGS_AMOUNT_IN_REDIS:

  ### service-task-manager env variables ###
  # connection details for the database
  # TASK_MANAGER_DB_USERNAME:
  # TASK_MANAGER_DB_PASSWORD:
  # TASK_MANAGER_DB_HOST:
  # TASK_MANAGER_DB_PORT:
  # TASK_MANAGER_DB_NAME:

  # set the ttl, how long a task is saved in the database
  # default is 1 week
  # TASK_TTL_IN_MINUTES:

  # Train intents expiration timeout in milliseconds. Defaults to "60000".
  # TRAIN_INTENTS_EXPIRATION_MILLISECONDS:

  ### service-custom-modules env variables ###
  # Whether to use a cert for installing npm modules
  # USE_PROXY_CA_CERT:

  ### service-ai env variables ###
  # max number of queues for consistent-hash-exchange in service-ai. default is 20.
  # AI_MESSAGE_QUEUES_AMOUNT: "20"

  # queue TTL in seconds Queues will expire after a period of time
  # only when they are not used (e.g. do not have consumers). default is 30 seconds.
  # AI_MESSAGE_QUEUES_TTL_IN_SECONDS: "30"

  # maximum byte size for context, contact profiles, input data
  # MAX_MEMORY_OBJECT_SIZE: ""

  # maximum loops to allow in Flows
  # MAX_LOOPS: "4"

  # Use NLU 2.0 for short utterances
  # SHORT_UTTERANCES_V2: ""

  # The TTL of the session state in redis. Default is 10 minutes
  # SESSION_STATE_REDIS_TTL_IN_SECONDS: "600"

  # The TTL of the session storage in the NLU transformers in seconds.
  # NLU_TRANSFORMER_SESSION_STORAGE_TTL: ""

  # The max outgoing hhtp requests that can be executed in a NLU transformer
  # NLU_TRANSFORMER_MAX_OUTGOING_REQUESTS: ""

  # The amount of times we will retry sending an email
  # SMTP_RETRY_ATTEMPTS: ""

  # The maximum attachment size allowed when sending an email
  # SMTP_MAX_ATTACHMENT_SIZE: ""

  # The amount of entries to be buffered, till the batch get sent
  # BULK_CREATE_TRAINER_MAX_BATCH_SIZE: ""

  # Timeout for 'getNluResultsRpc' call
  # RPC_TIMEOUT_GET_NLU_RESULTS_IN_MS: "5000"

  # The path to the HTMLTemplate for the email notification Node.
  # if not provided the value defaults to cognigy internal email html template
  # EMAIL_NOTIFICATION_HTML_TEMPLATE_FILE_PATH: ""

  # Auth type: basic or oauth2
  # EMAIL_NOTIFICATION_SMTP_AUTH_TYPE=

  # SMTP Email service type, default to 'otherSmtp' if not provided, otherwise value like 'Gmail', 'Office365'
  # EMAIL_NOTIFICATION_SMTP_EMAIL_SERVICE_TYPE=

  # Smtp Connection details for email basic authentication
  # EMAIL_NOTIFICATION_SMTP_HOST=
  # EMAIL_NOTIFICATION_SMTP_PORT=
  # EMAIL_NOTIFICATION_SMTP_TLS_REQUIRED=

  # Smtp Connection details for email oauth2 authentication
  # EMAIL_NOTIFICATION_SMTP_OAUTH2_TLS_OPTION=
  # EMAIL_NOTIFICATION_SMTP_OAUTH2_TOKEN_ACCESS_URL=
  # EMAIL_NOTIFICATION_SMTP_OAUTH2_EXPIRY_DATE_UNIX_TIMESTAMP=

  # Maximum size for Fuzzy Search Node source data (in bytes)
  # FUZZYSEARCH_MAX_OBJECT_SIZE: ""

  # The amount of messages one AI should handle in parallel
  # AI_MESSAGE_PREFETCH_COUNT: ""

  # Whether to use the new queueing concept that better handles messages in parallel
  # FEATURE_USE_QUEUEING_V2: ""

  # Controls the LRU cache for the chart executable
  # AI_LRU_CACHE_CHART_EXECUTABLE_ENABLED: "true"
  # AI_LRU_CACHE_CHART_EXECUTABLE_MAX_SIZE: "1000"
  # AI_LRU_CACHE_CHART_EXECUTABLE_MAX_AGE_IN_SECONDS: "86400"

  # Controls the LRU cache for the project data
  # AI_LRU_CACHE_PROJECT_ENABLED: "true"
  # AI_LRU_CACHE_PROJECT_MAX_SIZE: "1000"
  # AI_LRU_CACHE_PROJECT_MAX_AGE_IN_SECONDS: "86400"

  # Controls the LRU cache for connections
  # AI_LRU_CACHE_CONNECTIONS_MAX_AGE_IN_SECONDS: "86400"
  # AI_LRU_CACHE_CONNECTIONS_ENABLED: "true"
  # AI_LRU_CACHE_CONNECTIONS_MAX_SIZE: "1000"

  # Whether to refresh the Profile on each input
  # AI_REFRESH_PROFILES_ENABLED: ""

  # Max timeout fot the loadSessionStateRpc call
  # AI_LOAD_SESSION_STATE_RPC_TIMEOUT_IN_SECONDS: "2"

  # Timeout for HTTP requests for the httpRequest Node
  # HTTP_NODE_TIMEOUT_IN_SECONDS: ""

  # The TTL of Brains in AI. Default is 10 minutes
  # AI_BRAIN_TTL: ""

  # The cleanup interval of Brains in AI. Default is 30s
  # AI_BRAIN_CLEANUP_INTERVAL: ""

  # Maximum count of flows that we keep in memory cache. Default 1000
  # AI_FLOW_CACHE_MAX_SIZE:
  # How many seconds we keep a flow in memory cache without being called. Default 3600
  # AI_FLOW_CACHE_TTL_IN_SEC:

  # The cleanup interval of session states in seconds. Default is 30
  # AI_SESSION_STATE_CACHE_CLEANUP_INTERVAL_IN_SEC:
  # How many seconds we keep a session state in memory. Default is 3600
  # AI_SESSION_STATE_CACHE_TTL_IN_SEC:
  # Maximum items that are handled in one cleanup cycle for the session state. Default is 100.
  # AI_SESSION_STATE_CACHE_MAX_COUNT_PER_CLEANUP_CYCLE:

  # Timeout for Question node datepicker function.
  # AI_DATEPICKER_FUNCTION_VM_TIMEOUT_IN_MS: "150"

  # The path where the transcript logs are stored, default "/app/transcripts"
  # TRANSCRIPT_LOGS_STORAGE_PATH:
  # The maximum number of entries to read from the transcript logs, should not be less then 50 (the max value in the Get Transcript Node)
  # TRANSCRIPT_MANAGER_MAX_READ_LIMIT:
  # The TTL in seconds for how long the manager keeps inactive sessions in memory. Default is 300 (5 minutes).
  # TRANSCRIPT_MANAGER_SESSION_TTL_IN_SECS:
  # The TTL in seconds for how long the manager keeps write streams open when idle. Default is 60 seconds.
  # TRANSCRIPT_MANAGER_WRITE_STREAM_TTL_IN_SECS:

  ### service-execution env variables ###
  # Default value is 512 MiB
  # MAX_EXTENSIONS_CACHE_DIR_SIZE_IN_MB: "512"

  # Path to extensions cache directory
  # PATH_TO_EXTENSIONS_CACHE_DIR: ""

  # Amount of extensions that will be dropped from extensions map if the max dir size exceeds
  # AMOUNT_TO_DROP_IF_MAX_EXTENSIONS_DIR_SIZE_EXCEEDS: ""

  # Whether Extensions should be executed in a VM. Default is true
  # EXECUTE_EXTENSIONS_IN_VM: "true"

  ### service-function-execution env variables ###
  # The total number of http requests a customer can send via the httpRequest API
  # FUNCTION_MAX_OUTGOING_HTTP_REQUESTS: ""

  # The total amount of data (in bytes) a http response can contain - used for the
  # httpRequest API
  # FUNCTION_MAX_HTTP_REQUEST_RESPONSE_SIZE_BYTES: ""

  # The maximum amount of minutes a function instance is allowed to run
  # FUNCTION_EXECUTION_MAX_EXECUTION_TIME_IN_MINUTES: ""

  ### service-function-scheduler env variables ###
  # how long should we store instance information in the database -
  # we use a time-based index in order to rotate the data
  # FUNCTION_INSTANCE_EXPIRATION_IN_MINUTES: ""

  # the maximum number of active/running function instances per
  # organisation
  # FUNCTION_INSTANCE_MAX_RUNNING_NUMBER_PER_ORGANIZATION: ""

  # the maximum size (in bytes) for the parameters object with which
  # a function instance can be started, default 128 KB
  # FUNCTION_PARAMETERS_SIZE_MAX_IN_BYTES: ""

  ### service-http env variables ###
  # The amount of messages service-http can handle in parallel
  # SERVICE_HTTP_PREFETCH: ""

  # The max limit of a response object in bytes
  # RESPONSE_BYTES_LIMIT: ""

  ### service-parser env variables ###
  # The timeout for rpc calls made by service-parser
  # SERVICE_PARSER_RPC_TIMEOUT_IN_SEC: "20"

  # The chunk size for intent sentences to send to service-resources
  # SERVICE_PARSER_INTENT_SENTENCE_CHUNKSIZE: "300"

  # The chunk size for lexicon entries to send to service-resources
  # SERVICE_PARSER_LEXICON_ENTRY_CHUNKSIZE: "300"

  # The max amount of lexicon entries service-parser can import
  # SERVICE_PARSER_MAXIMUM_LEXICONS_ENTRIES_IMPORT: "1000000"

  ### service-playbook-execution env variables ###
  # Maximum executions Default: 10
  # MAX_CONCURRENT_PLAYBOOK_EXECUTIONS: "10"

  ### service-profiles env variables ###
  # connection details for the database
  # PROFILES_DB_USERNAME:
  # PROFILES_DB_PASSWORD:
  # PROFILES_DB_HOST:
  # PROFILES_DB_PORT:
  # PROFILES_DB_NAME:

  ### service-runtime-file-manager env variables ###
  # Allows our customers to specify CORS origins. Please note that you need to have this configured
  # in order for Cognigy Live Agent and the Webchat Widget demo page to work properly. You can specify
  # CORS origins by providing a comma-delimited list like so:
  # "http://example1.com, http://example2.com"
  # RUNTIME_FILE_MANAGER_CORS_WHITELIST: ""

  # Max file size of a runtime file in bytes. default :1024*1024*10 (10MB)
  # RUNTIME_FILE_MANAGER_MAX_FILE_SIZE: "10485760"

  ### service-session-state-manager env variables ###
  # The amount of time to buffer events before saving them. Can be set to 0 to disable buffering
  # SESSION_STATE_MANAGER_BUFFER_TIME_IN_SECONDS: "10"

  # The amount of events to buffer before saving them. Can be set to 0 to disable buffering
  # SESSION_STATE_MANAGER_BUFFER_COUNT: 100

  ### Variables used by NLP V2 services ###
  # Optional log level string: INFO | DEBUG | ERROR
  # NLP_LOG_LEVEL: ""

  # The maximum number of classes considered for deep training. Defaults to 2000.
  # NLP_MAX_STATE_CONDITION_TRAINING_CLASSES: ""

  # The maximum number of classes considered for deep training. Defaults to 100.
  # NLP_STATE_CONDITION_MASKED_CLASSIFICATION_THRESHOLD: ""

  # The maximum length of inputs/example sentences for exact matching. Defaults to 2048.
  # NLP_MAX_MATCHER_LEN: ""

  # Whether to use featurization script or not. Defaults to False.
  # NLP_ENCODER_SCRIPT: ""

  # NLP_SCORE_DISABLE_CACHE_EVICTION:"False"

  # The percentage of available memory the traingroup cache can use. Defaults to 75.
  # NLP_SCORE_CACHE_PERCENTAGE_OF_AVAILABLE_MEMORY: ""

  # Interval for recalculating eviction priority and removal of unused data. Defaults to 60
  # NLP_SCORE_CACHE_UPDATE_INTERVAL_IN_MINUTES: ""

  # How many interval timeframes are used for recalculating eviction priority and removal of unused data. Defaults to 24
  # NLP_SCORE_CACHE_AMOUNT_OF_TIMEFRAMES: ""

  # Not case-sensitive
  # "All" when all possible Any Slot matches should be returned.
  # "Exact" when only the exact Any Slot match should be returned, i.e. the exact sentence
  # structure with the Any Slot.
  # Defaults to "Default".
  # Default behaviour of Any Slot matching is to return the last found match, regardless of the exact sentence structure.
  # NLP_ANYSLOT_RETURN_MODE: "Default"

  # "True" to enable the logger to print timing information in some log messages, defaults to "False"
  # NLP_ENABLE_PERFORMANCE_LOGS: "True"

  # "True" to print debug log messages as info log messages. Defaults to "False"
  # NLP_DEBUG_IS_INFO: "False"

  # Maximum character length of an input sentence where any slots are still being extracted. If a sentence is longer than this number, the sentence is not processed for any slots further. Defaults to 100 characters.
  # NLP_ANY_SLOTS_MAX_INPUT_CHARACTER_LENGTH: "100"

  # The maximum time that the rabbitmq training queue remains open for a training job. Defaults to 90 minutes.
  # NLP_TRAIN_QUEUE_CONSUMER_TIMEOUT_IN_MS: "5400000"

  ### service-nlp-matcher env variables ###
  # amount of items we store in the memory cache, default 20000
  # NLP_MATCHER_CACHE_ITEMS: ""

  # batch size for get keyphrase tokens
  # GET_TOKENS_BATCH_SIZE: ""

  # log level
  # NLP_MATCHER_LOG_LEVEL: ""

  # Prefetch & TTL on the read and write queues.
  # When you change this in a rolling update, you will have to scale down service matcher first, so that the existing queues are gone.
  # You cannot change queues properties of existing queues.
  # NLP_MATCHER_PREFETCH_COUNT_READ: ""
  # NLP_MATCHER_PREFETCH_COUNT_WRITE: ""
  # NLP_MATCHER_QUEUE_TTL_IN_SECS_READ: ""
  # NLP_MATCHER_QUEUE_TTL_IN_SECS_WRITE: ""

  ### service-nlp-ner env variables ###
  # Maximum restarts of child process before process exit
  # NER_MAX_CHILD_PROCESS_RESTARTS: ""
  # Work item 74098 - locale to replace the generic locale for Duckling NER
  # FEATURE_SET_GE_GE_UNIVERSAL_SYSTEM_SLOT_LOCALE: ""

  # Timeout in ms before restarting the child process on error
  # NER_CHILD_PROCESS_RESTART_TIMEOUT: ""

  # Timeout in ms for getting the results from duckling & rustling
  # NER_CHILD_PROCESS_REPLY_TIMEOUT: ""

  # rabbitmq prefetch for getNer call
  # GET_NER_PREFETCH: ""

  # disable starting rustling & duckling http severs as child processes
  # NLP_NER_DISABLE_CHILD_PROCESSES: ""

  ### service-analytics-reporter env variables ###
  ## connection details for the database
  # ANALYTICS_REPORTER_DB_USERNAME:
  # ANALYTICS_REPORTER_DB_PASSWORD:
  # ANALYTICS_REPORTER_DB_HOST:
  # ANALYTICS_REPORTER_DB_PORT:
  # ANALYTICS_REPORTER_DB_NAME:

  # Regeneration period for Cognigy Insights cache reports (default 180 minutes)
  # INSIGHTS_REPORTS_CACHE_TIME_IN_MINUTES:

  ### service-analytics-collector env variables ###
  # connection details for the database
  # ANALYTICS_COLLECTOR_DB_USERNAME:
  # ANALYTICS_COLLECTOR_DB_PASSWORD:
  # ANALYTICS_COLLECTOR_DB_HOST:
  # ANALYTICS_COLLECTOR_DB_PORT:
  # ANALYTICS_COLLECTOR_DB_NAME:

  ### service-analytics-conversations env variables ###
  # connection details for the database
  # CONVERSATION_COLLECTOR_DB_USERNAME:
  # CONVERSATION_COLLECTOR_DB_PASSWORD:
  # CONVERSATION_COLLECTOR_DB_HOST:
  # CONVERSATION_COLLECTOR_DB_PORT:
  # CONVERSATION_COLLECTOR_DB_NAME:

  ### service-insights-forwarder env variables ###
  # The customer's endpoint where the insights data needs to be sent, e.g., http://www.example.com
  # INSIGHTS_FORWARDER_ENDPOINT:
  # The auth token provided by the customer to authenticate forwarder requests
  # INSIGHTS_FORWARDER_CONSUMER_AUTH_TOKEN:

  # contact Profile Expiration in minutes
  # MAX_CONTACT_PROFILE_TTL_IN_MINUTES:

  # connection details for the flows database
  # FLOWS_DB_USERNAME:
  # FLOWS_DB_PASSWORD:
  # FLOWS_DB_HOST:
  # FLOWS_DB_PORT:
  # FLOWS_DB_NAME:

  # odata server port
  # ODATA_HOSTNAME:

  # Odata protocol (http or https)
  # ODATA_PROTOCOL:

  # The amount of seconds a query is cached in Redis
  # ODATA_CACHE_TIME_IN_SECONDS:

  ### service-insights-api env variables ###
  # INSIGHTS_JWT_SECRET:
  # INSIGHTS_API_CORS_WHITELIST:
  # HTTP_JSON_BODY_LIMIT:
  # PRODUCT_DISPLAY_NAME:
  # SERVICE_PREFIX:
  # INSIGHTS_API_VERSION:

  # The key for the built-in pendo. If set, pendo routines will be activated.
  # PENDO_KEY:

  # Flag that can be used to disable the 'get help / get tech support'
  # button within the navigation to file a support ticket to Cognigy
  # DISABLE_GET_TECH_SUPPORT: true

  ### service-collector env variables ###
  # api key configuration
  # INSIGHTS_COLLECTOR_API_KEY:

  # http2 configuration (optional)(defaults to 0.0.0.0:8000)
  # INSIGHTS_COLLECTOR_HTTP_HOST:
  # INSIGHTS_COLLECTOR_HTTP_PORT:

  ### management-ui env variables ###
  # Base URL for Management UI
  # MANAGEMENTUI_BASE_URL_WITH_PROTOCOL:
  # Management UI port
  # CMUI_HTTP_PORT:

  # location of the authentication json for using the management ui, default: /run/secrets/management-ui-creds.json
  # AUTHENTICATION_MANAGEMENT_UI_CRED_LOCATION:

  ### Knowledge Search env variables ###
  # SERVICE_SEARCH_ORCHESTRATOR_URL_WITH_PROTOCOL:
  # SERVICE_SEARCH_ORCHESTRATOR_OPERATION_TIMEOUT_IN_MS:

  ### LLM Retry Mechanism env variables ###
  # For any of the below configurations, see the offical documentation here: https://www.npmjs.com/package/retry#retrytimeoutsoptions
  # Number of retries after the first attempt before failing. Defaults to 2.
  # GENERATIVE_AI_RETRY_OPTIONS_NUMBER_OF_RETRIES:
  # Timeout between retries to avoid rate limiting. Defaults to 50ms.
  # GENERATIVE_AI_RETRY_OPTIONS_MIN_TIMEOUT:
  # Max timeout between retries. Defaults to the minimum timeout.
  # GENERATIVE_AI_RETRY_OPTIONS_MAX_TIMEOUT:
  # Exponential factor to multiply the timeout with inbetween retries. Defaults to 1.
  # GENERATIVE_AI_RETRY_OPTIONS_FACTOR:

  ### transcript-nfs-cleanup job env variables ###
  # The path where the session directories are stored, default /app/transcripts
  # TRANSCRIPT_LOGS_STORAGE_PATH:
  # TTL for transcript logs cleanup, default 1440 (1 day)
  # TRANSCRIPT_LOGS_EXPIRATION_AFTER_MINUTES:
  # How many session directories are read and handled in one batch, default 100
  # TRANSCRIPT_LOGS_CLEANUP_BATCH_SIZE:
  # Time in ms that we wait between each batch, default 0
  # TRANSCRIPT_LOGS_CLEANUP_BATCH_DELAY_IN_MS:

  ### CSP HEADER DIRECTIVES ###
  # Disable CSP response header
  # HEADERS_CSP_DISABLED:
  # Enable CSP reportOnly mode
  # HEADERS_CSP_REPORT_ONLY:
  # CSP single directives customization
  # "default-src" - string - the value is appended to the existing string. Example: "*.example.com data: https:"
  # HEADERS_CSP_DIRECTIVES_DEFAULT_SRC:
  # "script-src" - string - the value is appended to the existing string. Example: "*.example.com data: https:"
  # HEADERS_CSP_DIRECTIVES_SCRIPT_SRC:
  # "img-src" - string - the value is appended to the existing string. Example: "*.example.com data: https:"
  # HEADERS_CSP_DIRECTIVES_IMG_SRC:
  # "media-src" - string - the value is appended to the existing string. Example: "*.example.com data: https:"
  # HEADERS_CSP_DIRECTIVES_MEDIA_SRC:
  # "worker-src" - string - the value is appended to the existing string. Example: "*.example.com data: https:"
  # HEADERS_CSP_DIRECTIVES_WORKER_SRC:
  # "font-src" - string - it overrides the helmet default value
  # HEADERS_CSP_DIRECTIVES_FONT_SRC:
  # "object-src" - string - it overrides the helmet default value
  # HEADERS_CSP_DIRECTIVES_OBJECT_SRC:
  # "style-src" - string - it overrides the helmet default value
  # HEADERS_CSP_DIRECTIVES_STYLE_SRC:
  # "form-action" - string - it overrides the helmet default value
  # HEADERS_CSP_DIRECTIVES_FORM_ACTION:
  # "frame-ancestors" - string - it overrides the helmet default value
  # HEADERS_CSP_DIRECTIVES_FRAME_ANCESTORS:

  ### Configuration for the embedding-models config map ###
embeddingModelConfig:
  usev4Config:
    maxBatchSize: "256"
    maxQueueDelayMicroseconds: "100"
  usev3Config:
    maxBatchSize: "256"
    maxQueueDelayMicroseconds: "100"
  labseConfig:
    maxBatchSize: "64"
    maxQueueDelayMicroseconds: "100"

## Config map with the default KAI vectordb collection configuration
# Note: Please DO NOT alter these values without consulting engineers
#       with expertise in the corresponding vector db
vectordbConfig:
  qdrantCollectionConfig:
    vectors:
      distance: "Cosine"
      onDisk: true
    shardNumber: 6
    replicationFactor: 3
    onDiskPayload: true
    hnswConfig:
      efConstruction: 128
      m: 64
      onDisk: true
    writeConsistencyFactor: 2

### RabbitMQ Message Broker Configuration ###
statefulRabbitMq:
  image: cognigy.azurecr.io/rabbitmq:4.0.3-management-alpine
  replicaCount: 1
  resources:
    limits:
      memory: 2Gi
      cpu: "2"
    requests:
      memory: 1Gi
      cpu: "1"
  extraEnvVars: []
  ## RabbitMQ authentication parameters
  ##
  auth:
    ## RabbitMQ username. Defaults to "cognigy" if not set.
    ##
    username: "cognigy"
    ## RabbitMQ password. Defaults to base 16 of a random 64 character alphanumeric string if not set.
    ##
    password: ""
    ## The name of an existing secret with RabbitMQ credentials.
    ## The secret must contain "rabbitmq-password", "connection-string" and "connection-string-api" keys.
    ##
    ## Example secret data format:
    ##
    ## rabbitmq-password: <password>
    ## connection-string: amqp://<user>:<password>@<host>:<port>
    ## connection-string-api: http://<user>:<password>@<host>:<port>/api
    ##
    ## NOTE: When it's set, the previous "statefulRabbitMq.auth.username" and "statefulRabbitMq.auth.password" parameters are ignored.
    ##
    existingSecret: ""
  ## The memory threshold under which RabbitMQ will stop reading from client network sockets, in order to avoid being killed by the OS
  ## ref: https://www.rabbitmq.com/alarms.html
  ## ref: https://www.rabbitmq.com/memory.html#threshold
  ##
  memoryHighWatermark:
    ## Enable configuring Memory high watermark on RabbitMQ
    ##
    enabled: true
    ## Memory high watermark type. Either `absolute` or `relative`
    ##
    type: "relative"
    ## Memory high watermark value.
    ## The default value of 0.4 stands for 40% of available RAM
    ## Note: the memory relative limit is applied to the statefulRabbitMq.resource.limits.memory to calculate the memory threshold
    ## You can also use an absolute value, e.g.: 256MB
    ##
    value: 0.4
  # The default max_message_size was set to 16Mb in rabbitMq 4.0. We increase it to be a bit higher then the max playload size of our api.
  maxMessageSize: "63000000"
  ## RabbitMQ Configuration file content: required cluster configuration
  ## ref: https://www.rabbitmq.com/configure.html#configuration-files
  ## Do not override unless you know what you are doing.
  ## To add more configuration, use `extraConfiguration` of `advancedConfiguration` instead
  ##
  configuration: |-
    {{ tpl .Values.statefulRabbitMq.extraConfiguration . }}
    ## allow access to the guest user from anywhere on the network
    ## https://www.rabbitmq.com/access-control.html#loopback-users
    ## https://www.rabbitmq.com/production-checklist.html#users
    loopback_users.guest = false

    ## Send all logs to stdout/TTY. Necessary to see logs when running in a container
    log.console = true

    {{- if .Values.statefulRabbitMq.memoryHighWatermark.enabled }}
    ## Memory Threshold
    ##
    total_memory_available_override_value = {{ include "rabbitmq.toBytes" .Values.statefulRabbitMq.resources.limits.memory }}
    vm_memory_high_watermark.{{ .Values.statefulRabbitMq.memoryHighWatermark.type }} = {{ .Values.statefulRabbitMq.memoryHighWatermark.value }}
    {{- end }}

    max_message_size = {{ .Values.statefulRabbitMq.maxMessageSize }}
  ## Optionally specify Configuration file content: extra configuration to be appended to RabbitMQ configuration
  ## Use this instead of `configuration` to add more configuration
  ## Example configuration:
  ## extraConfiguration: |-
  ##   listeners.tcp.default = 5672
  ##
  extraConfiguration: |-
    #default_vhost = {{ .Release.Namespace }}-vhost
    #disk_free_limit.absolute = 50MB

  ## Optionally specify Configuration file content: advanced configuration
  ## Use this as additional configuration in classic config format (Erlang term configuration format)
  ## ref: https://www.rabbitmq.com/configure.html#advanced-config-file
  ## Example configuration:
  ## advancedConfiguration: |-
  ##   [
  ##     {rabbit, [
  ##         {tcp_listeners, [5672]}
  ##       ]
  ##     }
  ##   ].
  advancedConfiguration: ""
  ## RabbitMQ pods' Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ## Note: The following values of RabbitMQ pod's Security Context runAsUser and runAsGroup are required to run the pod as non-root user.
  ##
  securityContext:
    runAsUser: 1337
    runAsGroup: 1337
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""

### Cognigy.AI components ###
serviceAi:
  image: cognigy.azurecr.io/service-ai:release-229342352e-1737714256
  replicaCount: 3
  resources:
    requests:
      cpu: "0.4"
      memory: 400M
    limits:
      cpu: "0.4"
      memory: 500M
  ## Optionally specify list of additional volumes
  ## Examples:
  ## extraVolumes:
  ##   - name: foo
  ##     secret:
  ##       secretName: mysecret
  ##       optional: false
  ##   - name: config-volume
  ##     configMap:
  ##       name: special-config
  ##       items:
  ##       - key: SPECIAL_LEVEL
  ##         path: keys
  extraVolumes: []
  ## Optionally specify list of additional volumeMounts
  ## Examples:
  ## extraVolumeMounts:
  ##   - name: foo
  ##     mountPath: "/etc/foo"
  ##     readOnly: true
  ##   - name: config-volume
  ##     mountPath: /etc/config
  extraVolumeMounts: []
  ## Optionally specify list of extra environment variables to add to the container
  ## e.g:
  ## extraEnvVars:
  ##   - name: FOO
  ##     value: "bar"
  ##
  extraEnvVars: []
  securityContext: {}
  ## Optionally specify affinity for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Optionally specify node labels for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
  ##
  nodeSelector: {}
  ## Optionally specify tolerations for pod assignment
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
  ##
  tolerations: []
  ## Optionally specify priorityClass name for the pod
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority
  ##
  priorityClassName: ""
  ## Optionally enable HorizontalPodAutoscaler for pods
  ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
  ##
  ## Make sure that pods have resources limits and requests defined and the 'metrics server' has been deployed and configured in the cluster.
  ## https://github.com/kubernetes-sigs/metrics-server
  ##
  ##
  ## Note: This is a experimental feature and should not be used in production. Please don't enable this flag for now if you are a
  ## customer running Cognigy.AI/Cognigy Insights using this HelmChart. This note will be removed once we are done with the
  ## testing and the feature will be production ready.
  horizontalPodAutoscaler:
    ## Whether enable horizontal pod autoscaler
    enabled: false
    ## Define the minimum allowed replicas to which the scaling target can be scaled down
    minReplicas: 3
    ## Define the maximum allowed replicas to which the scaling target can be scaled up
    maxReplicas: 30
    ## Define metrics against which HorizontalPodAutoscaler will react
    ## metrics:
    ##   - type: Resource
    ##     resource:
    ##       name: memory
    ##       target:
    ##         type: Utilization
    ##         averageUtilization: 80
    ##   - type: Resource
    ##     resource:
    ##       name: cpu
    ##       target:
    ##         type: Utilization
    ##         averageUtilization: 70
    metrics:
      - type: Resource
        resource:
          name: cpu
          target:
            type: Utilization
            ## Define the CPU target to trigger the scaling actions (utilization percentage)
            averageUtilization: 70
    behavior: {}
serviceAlexaManagement:
  image: cognigy.azurecr.io/service-alexa-management:release-0e45409099-1736525341
  replicaCount: 3
  resources:
    requests:
      cpu: "0.1"
      memory: 60M
    limits:
      cpu: "0.3"
      memory: 150M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceAnalyticsCollector:
  image: cognigy.azurecr.io/service-analytics-collector:release-233a740-1736346828
  replicaCount: 3
  resources:
    requests:
      cpu: "0.300"
      memory: 160M
    limits:
      cpu: "0.300"
      memory: 200M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceAnalyticsConversations:
  image: cognigy.azurecr.io/service-analytics-conversations:release-a470945-1734691422
  replicaCount: 3
  resources:
    requests:
      cpu: "0.1"
      memory: 120M
    limits:
      cpu: "0.3"
      memory: 250M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceAnalyticsOdata:
  image: cognigy.azurecr.io/service-analytics-odata:release-e46901a-1736252818
  replicaCount: 3
  resources:
    requests:
      cpu: "0.1"
      memory: 360M
    limits:
      cpu: "0.5"
      memory: 450M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceAnalyticsReporter:
  image: cognigy.azurecr.io/service-analytics-reporter:release-eb17dc4-1734691448
  replicaCount: 3
  resources:
    requests:
      cpu: "0.5"
      memory: 500M
    limits:
      cpu: "0.5"
      memory: 750M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceApi:
  image: cognigy.azurecr.io/service-api:release-229342352e-1737714256
  replicaCount: 3
  resources:
    requests:
      cpu: "0.2"
      memory: 400M
    limits:
      cpu: "0.4"
      memory: 700M
  extraVolumes: []
  extraVolumeMounts: []
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceAppSessionManager:
  image: cognigy.azurecr.io/service-app-session-manager:release-0e45409099-1736525341
  replicaCount: 3
  resources:
    requests:
      cpu: "0.4"
      memory: 400M
    limits:
      cpu: "0.4"
      memory: 500M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""

#
# This is part of new functionality we are working on actively.
# Don't enable this component on your infrastructure.
#
serviceCollaboration:
  enabled: false
  image: cognigy.azurecr.io/service-collaboration:release-acbd9a2-1735805555
  replicaCount: 3
  resources:
    requests:
      cpu: "0.3"
      memory: 512M
    limits:
      cpu: "0.3"
      memory: 512M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""

serviceCustomModules:
  image: cognigy.azurecr.io/service-custom-modules:release-0e45409099-1736525341
  replicaCount: 3
  resources:
    requests:
      cpu: "0.3"
      memory: 512M
    limits:
      cpu: "0.3"
      memory: 512M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceEndpoint:
  image: cognigy.azurecr.io/service-endpoint:release-37099b6769-1737994497
  replicaCount: 3
  resources:
    requests:
      cpu: "0.2"
      memory: 300M
    limits:
      cpu: "0.3"
      memory: 300M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceExecution:
  image: cognigy.azurecr.io/service-execution:release-0e45409099-1736525341
  replicaCount: 3
  resources:
    requests:
      cpu: "1"
      memory: 240M
    limits:
      cpu: "1"
      memory: 300M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
  horizontalPodAutoscaler:
    enabled: false
    minReplicas: 3
    maxReplicas: 30
    metrics:
      - type: Resource
        resource:
          name: cpu
          target:
            type: Utilization
            averageUtilization: 70
    behavior: {}
serviceFunctionExecution:
  image: cognigy.azurecr.io/service-function-execution:release-0e45409099-1736525341
  replicaCount: 3
  resources:
    requests:
      cpu: "1"
      memory: 512M
    limits:
      cpu: "2"
      memory: 512M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
  horizontalPodAutoscaler:
    enabled: false
    minReplicas: 3
    maxReplicas: 30
    metrics:
      - type: Resource
        resource:
          name: cpu
          target:
            type: Utilization
            averageUtilization: 70
    behavior: {}
serviceFunctionScheduler:
  image: cognigy.azurecr.io/service-function-scheduler:release-0e45409099-1736525341
  replicaCount: 3
  resources:
    requests:
      cpu: "0.1"
      memory: 60M
    limits:
      cpu: "0.3"
      memory: 150M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
  horizontalPodAutoscaler:
    enabled: false
    minReplicas: 3
    maxReplicas: 30
    metrics:
      - type: Resource
        resource:
          name: cpu
          target:
            type: Utilization
            averageUtilization: 70
    behavior: {}
serviceHandover:
  image: cognigy.azurecr.io/service-handover:release-0e45409099-1736525341
  replicaCount: 3
  resources:
    requests:
      cpu: "0.1"
      memory: 60M
    limits:
      cpu: "0.3"
      memory: 150M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceHandoverInactivity:
  enabled: true
  image: cognigy.azurecr.io/service-handover-inactivity:release-d214744-1734512278
  replicaCount: 3
  resources:
    requests:
      cpu: "0.1"
      memory: 150M
    limits:
      cpu: "0.4"
      memory: 150M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
  horizontalPodAutoscaler:
    enabled: false
    minReplicas: 3
    maxReplicas: 30
    metrics:
      - type: Resource
        resource:
          name: cpu
          target:
            type: Utilization
            averageUtilization: 70
    behavior: {}
serviceHttp:
  image: cognigy.azurecr.io/service-http:release-0e45409099-1736525341
  replicaCount: 3
  resources:
    requests:
      cpu: "0.1"
      memory: 60M
    limits:
      cpu: "0.1"
      memory: 75M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
  horizontalPodAutoscaler:
    enabled: false
    minReplicas: 3
    maxReplicas: 30
    metrics:
      - type: Resource
        resource:
          name: cpu
          target:
            type: Utilization
            averageUtilization: 70
    behavior: {}
serviceInsightsApi:
  image: cognigy.azurecr.io/service-insights-api:release-312110a-1734691526
  replicaCount: 3
  resources:
    requests:
      cpu: "0.1"
      memory: 100M
    limits:
      cpu: "0.3"
      memory: 200M
  extraVolumes: []
  extraVolumeMounts: []
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceInsightsResources:
  enabled: false
  image: cognigy.azurecr.io/service-insights-resources:release-1fe34e9-1734691597
  replicaCount: 3
  resources:
    requests:
      cpu: "0.1"
      memory: 100M
    limits:
      cpu: "0.3"
      memory: 200M
  extraVolumes: []
  extraVolumeMounts: []
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceInsightsForwarder:
  enabled: false
  image: cognigy.azurecr.io/service-insights-forwarder:release-121929d-1734691585
  replicaCount: 3
  resources:
    requests:
      cpu: "0.1"
      memory: 100M
    limits:
      cpu: "0.3"
      memory: 200M
  extraVolumes: []
  extraVolumeMounts: []
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceCollector:
  image: cognigy.azurecr.io/service-collector:release-5d92a85-1736528790
  replicaCount: 3
  resources:
    requests:
      cpu: "0.1"
      memory: 128M
    limits:
      cpu: "0.5"
      memory: 256M
  extraVolumes: []
  extraVolumeMounts: []
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceInsightsUi:
  image: cognigy.azurecr.io/service-insights-ui:release-0f397bf-1737130974
  replicaCount: 3
  resources:
    requests:
      cpu: "0.1"
      memory: 60M
    limits:
      cpu: "0.3"
      memory: 150M
  extraVolumes: []
  extraVolumeMounts: []
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceLogs:
  image: cognigy.azurecr.io/service-logs:release-0e45409099-1736525341
  replicaCount: 3
  resources:
    requests:
      cpu: "0.1"
      memory: 100M
    limits:
      cpu: "0.5"
      memory: 150M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceNlpMatcher:
  image: cognigy.azurecr.io/service-nlp-matcher:release-46880963df-1736498254
  replicaCount: 3
  resources:
    requests:
      cpu: "0.2"
      memory: 300M
    limits:
      cpu: "0.5"
      memory: 500M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceNlpNer:
  image: cognigy.azurecr.io/service-nlp-ner:release-0e45409099-1736525341
  replicaCount: 3
  resources:
    requests:
      cpu: "0.3"
      memory: 100M
    limits:
      cpu: "1.0"
      memory: 150M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
  horizontalPodAutoscaler:
    enabled: false
    minReplicas: 3
    maxReplicas: 30
    metrics:
      - type: Resource
        resource:
          name: cpu
          target:
            type: Utilization
            averageUtilization: 70
    behavior: {}
serviceParser:
  image: cognigy.azurecr.io/service-parser:release-46880963df-1736498254
  replicaCount: 3
  resources:
    requests:
      cpu: "0.1"
      memory: 60M
    limits:
      cpu: "0.3"
      memory: 150M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
servicePlaybookExecution:
  image: cognigy.azurecr.io/service-playbook-execution:release-0e45409099-1736525341
  replicaCount: 3
  resources:
    requests:
      cpu: "0.1"
      memory: 60M
    limits:
      cpu: "0.3"
      memory: 150M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceProfiles:
  image: cognigy.azurecr.io/service-profiles:release-0e45409099-1736525341
  replicaCount: 3
  resources:
    requests:
      cpu: "0.1"
      memory: 60M
    limits:
      cpu: "0.3"
      memory: 150M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
  horizontalPodAutoscaler:
    enabled: false
    minReplicas: 3
    maxReplicas: 30
    metrics:
      - type: Resource
        resource:
          name: cpu
          target:
            type: Utilization
            averageUtilization: 70
    behavior: {}
serviceResources:
  image: cognigy.azurecr.io/service-resources:release-a191eeae72-1737991870
  replicaCount: 3
  resources:
    requests:
      cpu: "0.2"
      memory: 512M
    limits:
      cpu: "1"
      memory: 1Gi
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceRuntimeFileManager:
  image: cognigy.azurecr.io/service-runtime-file-manager:release-0e45409099-1736525341
  replicaCount: 3
  resources:
    requests:
      cpu: "0.4"
      memory: 400M
    limits:
      cpu: "0.4"
      memory: 500M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
  horizontalPodAutoscaler:
    enabled: false
    minReplicas: 3
    maxReplicas: 30
    metrics:
      - type: Resource
        resource:
          name: cpu
          target:
            type: Utilization
            averageUtilization: 70
    behavior: {}
serviceSecurity:
  image: cognigy.azurecr.io/service-security:release-0e45409099-1736525341
  replicaCount: 3
  resources:
    requests:
      cpu: "0.2"
      memory: 60M
    limits:
      cpu: "0.4"
      memory: 150M
  extraEnvVars: []
  extraVolumes: []
  extraVolumeMounts: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""

  # this is a job which uses the same container image than "service-security" - hence
  # we don't define a separate container image, but simply a different entrypoint in the
  # job definition (spec) of the container.
  jobDailyConversationReporter:
    resources:
      requests:
        cpu: "0.2"
        memory: 60M
      limits:
        cpu: "0.4"
        memory: 150M
    schedule: "0 1 * * *" # every day at 1 AM
    successfulJobsHistoryLimit: 3
    failedJobsHistoryLimit: 3
    jobActiveDeadlineSeconds: 86400 # cleanup the job and its data 24 hours after it has been killed - gives us time for debugging
    jobTtlSecondsAfterFinished: 3600 # cleanup the job and its data 60 minutes after it has been killed
    activeDeadlineSeconds: 7200 # let the job run for a maximum of 2 hours
    ttlSecondsAfterFinished: 86400 # keep job information for 1 full day
    extraEnvVars: []
    extraVolumes: []
    extraVolumeMounts: []
    securityContext: {}
    affinity: {}
    nodeSelector: {}
    tolerations: []
    priorityClassName: ""

serviceSessionStateManager:
  image: cognigy.azurecr.io/service-session-state-manager:release-0e45409099-1736525341
  replicaCount: 3
  resources:
    requests:
      cpu: "0.4"
      memory: 400M
    limits:
      cpu: "0.4"
      memory: 500M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
  horizontalPodAutoscaler:
    enabled: false
    minReplicas: 3
    maxReplicas: 30
    metrics:
      - type: Resource
        resource:
          name: cpu
          target:
            type: Utilization
            averageUtilization: 70
    behavior: {}
serviceStaticFiles:
  image: cognigy.azurecr.io/service-static-files:release-3a07b84c90-1732026684
  replicaCount: 3
  resources:
    requests:
      cpu: "0.4"
      memory: 400M
    limits:
      cpu: "0.4"
      memory: 500M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceTaskManager:
  image: cognigy.azurecr.io/service-task-manager:release-0e45409099-1736525341
  replicaCount: 3
  resources:
    requests:
      cpu: "0.1"
      memory: 60M
    limits:
      cpu: "0.3"
      memory: 150M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceTrainer:
  image: cognigy.azurecr.io/service-trainer:release-0e45409099-1736525341
  replicaCount: 3
  resources:
    requests:
      cpu: "0.1"
      memory: 60M
    limits:
      cpu: "0.3"
      memory: 150M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceUi:
  image: cognigy.azurecr.io/service-ui:release-e3a15bfdcd-1738235301
  replicaCount: 3
  resources:
    requests:
      cpu: "0.1"
      memory: 60M
    limits:
      cpu: "0.3"
      memory: 150M
  extraVolumes: []
  extraVolumeMounts: []
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceWebchat:
  image: cognigy.azurecr.io/service-webchat:release-91ff05af79-1736763103
  replicaCount: 3
  resources:
    requests:
      cpu: "0.1"
      memory: 60M
    limits:
      cpu: "0.3"
      memory: 150M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceNlpEmbeddingEn:
  enabled: false
  image: cognigy.azurecr.io/service-nlp-embedding-en:release-68ae45b354-1728486469
  replicaCount: 2
  resources:
    requests:
      cpu: "0.3"
      memory: 2Gi
    limits:
      cpu: "0.4"
      memory: 3Gi
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceNlpEmbeddingXx:
  enabled: false
  image: cognigy.azurecr.io/service-nlp-embedding-xx:release-68ae45b354-1728486469
  replicaCount: 2
  resources:
    requests:
      cpu: "0.4"
      memory: 1.2Gi
    limits:
      cpu: "0.8"
      memory: 2Gi
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceNlpEmbeddingGe:
  enabled: false
  image: cognigy.azurecr.io/service-nlp-embedding-ge:release-68ae45b354-1728486469
  replicaCount: 2
  resources:
    requests:
      cpu: "0.3"
      memory: 3Gi
    limits:
      cpu: "1.0"
      memory: 4Gi
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceNlpClassifierScoreEn:
  enabled: false
  image: cognigy.azurecr.io/service-nlp-classifier-en:release-5ee5877341-1735890929
  replicaCount: 2
  resources:
    requests:
      cpu: "0.3"
      memory: 350M
    limits:
      cpu: "1.0"
      memory: 750M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceNlpClassifierTrainEn:
  enabled: false
  image: cognigy.azurecr.io/service-nlp-classifier-en:release-5ee5877341-1735890929
  replicaCount: 2
  resources:
    requests:
      cpu: "0.3"
      memory: 300M
    limits:
      cpu: "1.0"
      memory: 1000M
  livenessProbe:
    failureThreshold: 1
    initialDelaySeconds: 120
    periodSeconds: 60
    timeoutSeconds: 60
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceNlpOrchestrator:
  enabled: false
  image: cognigy.azurecr.io/service-nlp-orchestrator:release-5ee5877341-1735890929
  replicaCount: 2
  resources:
    requests:
      cpu: "0.3"
      memory: 700M
    limits:
      cpu: "1.0"
      memory: 1200M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceNlpClassifierScoreGe:
  enabled: false
  image: cognigy.azurecr.io/service-nlp-classifier-ge:release-5ee5877341-1735890929
  replicaCount: 2
  resources:
    requests:
      cpu: "0.3"
      memory: 1G
    limits:
      cpu: "1.0"
      memory: 2G
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceNlpClassifierTrainGe:
  enabled: false
  image: cognigy.azurecr.io/service-nlp-classifier-ge:release-5ee5877341-1735890929
  replicaCount: 2
  resources:
    requests:
      cpu: "0.3"
      memory: 1G
    limits:
      cpu: "1.0"
      memory: 2G
  livenessProbe:
    failureThreshold: 1
    initialDelaySeconds: 120
    periodSeconds: 60
    timeoutSeconds: 60
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceNlpClassifierScoreDe:
  enabled: false
  image: cognigy.azurecr.io/service-nlp-classifier:release-5ee5877341-1735890929
  replicaCount: 2
  resources:
    requests:
      cpu: "0.3"
      memory: 150M
    limits:
      cpu: "1.0"
      memory: 500M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceNlpClassifierTrainDe:
  enabled: false
  image: cognigy.azurecr.io/service-nlp-classifier:release-5ee5877341-1735890929
  replicaCount: 2
  resources:
    requests:
      cpu: "0.3"
      memory: 300M
    limits:
      cpu: "1.0"
      memory: 1000M
  livenessProbe:
    failureThreshold: 1
    initialDelaySeconds: 120
    periodSeconds: 60
    timeoutSeconds: 60
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceNlpClassifierScoreJa:
  enabled: false
  image: cognigy.azurecr.io/service-nlp-classifier-ja:release-5ee5877341-1735890929
  replicaCount: 2
  resources:
    requests:
      cpu: "0.3"
      memory: 150M
    limits:
      cpu: "1.0"
      memory: 500M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceNlpClassifierTrainJa:
  enabled: false
  image: cognigy.azurecr.io/service-nlp-classifier-ja:release-5ee5877341-1735890929
  replicaCount: 2
  resources:
    requests:
      cpu: "0.3"
      memory: 300M
    limits:
      cpu: "1.0"
      memory: 1000M
  livenessProbe:
    failureThreshold: 1
    initialDelaySeconds: 120
    periodSeconds: 60
    timeoutSeconds: 60
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceNlpClassifierScoreKo:
  enabled: false
  image: cognigy.azurecr.io/service-nlp-classifier-ko:release-5ee5877341-1735890929
  replicaCount: 2
  resources:
    requests:
      cpu: "0.3"
      memory: 150M
    limits:
      cpu: "1.0"
      memory: 500M
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceNlpClassifierTrainKo:
  enabled: false
  image: cognigy.azurecr.io/service-nlp-classifier-ko:release-5ee5877341-1735890929
  replicaCount: 2
  resources:
    requests:
      cpu: "0.3"
      memory: 300M
    limits:
      cpu: "1.0"
      memory: 1000M
  livenessProbe:
    failureThreshold: 1
    initialDelaySeconds: 120
    periodSeconds: 60
    timeoutSeconds: 60
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceNlpClassifierScoreXx:
  enabled: false
  image: cognigy.azurecr.io/service-nlp-classifier:release-5ee5877341-1735890929
  replicaCount: 2
  resources:
    requests:
      cpu: "0.3"
      memory: 1G
    limits:
      cpu: "1.0"
      memory: 2G
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceNlpClassifierTrainXx:
  enabled: false
  image: cognigy.azurecr.io/service-nlp-classifier:release-5ee5877341-1735890929
  replicaCount: 2
  resources:
    requests:
      cpu: "0.3"
      memory: 1G
    limits:
      cpu: "1.0"
      memory: 2G
  livenessProbe:
    failureThreshold: 1
    initialDelaySeconds: 120
    periodSeconds: 60
    timeoutSeconds: 60
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
serviceSearchOrchestrator:
  image: cognigy.azurecr.io/service-search-orchestrator:release-2bc129a-1736524946
  replicaCount: 3
  resources:
    requests:
      cpu: "0.3"
      memory: "500M"
    limits:
      cpu: "1.0"
      memory: "1.0G"
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
agentAssistBackend:
  image: cognigy.azurecr.io/agent-assist-backend:release-37e81ec-1734625512
  replicaCount: 3
  resources:
    limits:
      cpu: 600m
      memory: 600Mi
    requests:
      cpu: 400m
      memory: 400Mi
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
agentAssistFrontend:
  image: cognigy.azurecr.io/agent-assist-frontend:release-08317c5-1734626446
  replicaCount: 3
  resources:
    limits:
      cpu: 600m
      memory: 600Mi
    requests:
      cpu: 400m
      memory: 400Mi
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
agentAssistGenesysNotificationsForwarder:
  image: cognigy.azurecr.io/agent-assist-genesys-notifications-forwarder:release-91292d7-1734625452
  replicaCount: 3
  resources:
    limits:
      cpu: 600m
      memory: 600Mi
    requests:
      cpu: 400m
      memory: 400Mi
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
migration:
  handoverRequest:
    image: ""
    enabled: false
  ### Sunsetted/Retired Endpoint Deletion/Migration Job
  # This enables migration job which removes all sunsetted or retired endpoints, which are for example by default deleting `google`, `twilio-autopilo` channels.
  # Job connects to 'service-resource' db using 'SERVICE_RESOURCES_CONNECTION_STRING' environment variable, value set from existing secret.
  # Important: For fresh installation, please make this job disabled.
  endpointDeletion:
    enabled: false
    hooks: pre-upgrade
    hookDeletePolicy: "before-hook-creation"
    ttlSecondsAfterFinished: 900 # 15 minutes
    affinity: {}
    image: cognigy.azurecr.io/endpoint-deletion:18539e1e00749e46714614e6e180f2c045bad5cf
    batchSize: 100

### Configuration for Kubernetes jobs that sync data between mongodb and the vector database ###
jobSyncKnowledgeData:
  enabled: false
  image: cognigy.azurecr.io/job-sync-knowledge-data:release-dc5329f-1734512357
  resources:
    requests:
      cpu: "0.3"
      memory: 150M
    limits:
      cpu: "0.5"
      memory: 300M
  schedule: "0 1 * * *" # every day at 1 AM
  successfulJobsHistoryLimit: 3
  failedJobsHistoryLimit: 3
  parallelism: 1
  concurrencyPolicy: Forbid
  restartPolicy: OnFailure
  jobActiveDeadlineSeconds: 3600 # 60 minutes
  jobTtlSecondsAfterFinished: 3600 # 60 minutes
  activeDeadlineSeconds: 900 # 15 minutes
  ttlSecondsAfterFinished: 900 # 15 minutes
  extraEnvVars: []
  extraVolumes: []
  extraVolumeMounts: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""

taskProcessKnowledgeSourceFile:
  image: cognigy.azurecr.io/task-process-knowledge-source-file:release-d56720d-1734512424
  resources:
    requests:
      cpu: "0.1"
      memory: 200M
    limits:
      cpu: "0.3"
      memory: 1000M
  nodeOptions: "--max-old-space-size=2048"
  # despite the fact that the 'unstructured-io' configuration is under the
  # taskProcessKnowledgeSourceFile section, unstructured does not run as part
  # of the Kubernetes Job but as a standalone deployment (always online) as
  # unstructured has now proper way to exit its container.
  unstructuredIo:
    image: cognigy.azurecr.io/unstructured-api:0.0.35
    resources:
      requests:
        cpu: "0.1"
        memory: 512M
      limits:
        cpu: "0.3"
        memory: 750M
  activeDeadlineSeconds: 900 # 15 minutes
  ttlSecondsAfterFinished: 900 # 15 minutes
  extraEnvVars: []
  extraVolumes: []
  extraVolumeMounts: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
taskProcessKnowledgeSourceUrl:
  image: cognigy.azurecr.io/task-process-knowledge-source-url:release-066e647-1734512501
  resources:
    requests:
      cpu: "0.1"
      memory: 512M
    limits:
      cpu: "0.3"
      memory: 750M
  activeDeadlineSeconds: 900 # 15 minutes
  ttlSecondsAfterFinished: 900 # 15 minutes
  extraEnvVars: []
  extraVolumes: []
  extraVolumeMounts: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
taskIngestKnowledgeChunks:
  image: cognigy.azurecr.io/task-ingest-knowledge-chunks:release-e1a6a1f-1734512386
  resources:
    requests:
      cpu: "0.1"
      memory: 60M
    limits:
      cpu: "0.3"
      memory: 200M
  activeDeadlineSeconds: 900 # 15 minutes
  ttlSecondsAfterFinished: 900 # 15 minutes
  extraEnvVars: []
  extraVolumes: []
  extraVolumeMounts: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""

taskCreatePackageNfs:
  image: cognigy.azurecr.io/service-resources:release-a191eeae72-1737991870
  resources:
    requests:
      cpu: "1"
      memory: 1Gi
    limits:
      cpu: "1.5"
      memory: 2Gi
  activeDeadlineSeconds: 7200 # 120 minutes
  ttlSecondsAfterFinished: 900 # 15 minutes
  extraEnvVars: []
  extraVolumes: []
  extraVolumeMounts: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""

cronNfsCleanup:
  image: cognigy.azurecr.io/cron-nfs-cleanup:release-7d2049a-1734624199
  resources:
    requests:
      cpu: "0.1"
      memory: 60M
    limits:
      cpu: "0.3"
      memory: 150M
  schedule: "0 * * * *" # every hour
  backoffLimit: 3
  activeDeadlineSeconds: 300 # 5 minutes
  ttlSecondsAfterFinished: 600 # 10 minutes
  successfulJobsHistoryLimit: 3
  failedJobsHistoryLimit: 3
  parallelism: 1
  concurrencyPolicy: Forbid
  restartPolicy: OnFailure
  maxSnapshotAge: 120 # delete snapshots older than 120 minutes
  maxPackageAge: 120 # delete packages older than 120 minutes
  maxUploadedBinaryAge: 300 # delete uploaded binaries older than 300 minutes
  extraEnvVars: []
  extraVolumes: []
  extraVolumeMounts: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""

cronNfsCleanupTranscripts:
  image: cognigy.azurecr.io/cron-nfs-cleanup-transcripts:release-1a802c1-1735804550
  resources:
    requests:
      cpu: "0.1"
      memory: 30M
    limits:
      cpu: "0.2"
      memory: 60M
  schedule: "3 * * * *" # every hour
  backoffLimit: 3
  activeDeadlineSeconds: 1200 # 20 minutes
  ttlSecondsAfterFinished: 600 # 10 minutes
  successfulJobsHistoryLimit: 3
  failedJobsHistoryLimit: 3
  parallelism: 1
  concurrencyPolicy: Forbid
  restartPolicy: OnFailure
  extraEnvVars: []
  extraVolumes: []
  extraVolumeMounts: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""

### Configuration for Kubernetes jobs that deletes leftover data from mongodb###
insightsDataCleanupJob:
  enabled: true
  image: cognigy.azurecr.io/mongodb:5.0.16-debian-11-r3
  resources:
    requests:
      cpu: "0.3"
      memory: 150M
    limits:
      cpu: "0.5"
      memory: 300M
  schedule: "*/10 * * * *" # every 10 minutes
  activeDeadlineSeconds: 300 # 5 minutes
  ttlSecondsAfterFinished: 600 # 10 minutes
  successfulJobsHistoryLimit: 3
  failedJobsHistoryLimit: 3
  parallelism: 1
  backoffLimit: 3
  concurrencyPolicy: Forbid
  restartPolicy: OnFailure
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""

### Configuration for Kubernetes jobs that copyies the Functions/Extensions from NFS
jobCopyNfs:
  enabled: false
  image: cognigy.azurecr.io/job-copy-nfs:release-c9ad89d-1733137103
  resources:
    requests:
      cpu: "0.4"
      memory: 500M
    limits:
      cpu: "1"
      memory: 1G
  backoffLimit: 3
  activeDeadlineSeconds: 172800 # 2 days
  ttlSecondsAfterFinished: 86400 # 1 day
  parallelism: 1
  concurrencyPolicy: Forbid
  restartPolicy: OnFailure
  extraEnvVars:
    - name: "COPY_EXTENSIONS"
      value: "true"
    - name: "COPY_FUNCTIONS"
      value: "true"
    - name: "COPY_PATCH"
      value: "30"
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
  runtimeVolumeClaimName: runtime
  flowModulesVolumeClaimName: flow-modules
  functionsolumeClaimName: functions

## Optionally enable HorizontalPodAutoscaler for pods
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
##
## Make sure that pods have resources limits and requests defined and the 'metrics server' has been deployed and configured in the cluster.
## https://github.com/kubernetes-sigs/metrics-server
##
## Note: This is an experimental feature and should not be used in production.
## Please don't enable this flag for now if you are a customer running Cognigy.AI/Cognigy Insights using this Helm Chart.
## This note will be removed once we are done with the testing and the feature will be production ready.
##
hpa:
  enabled: false
  ## When set to true, and "hpa.enabled" is true, the "spec.replicas" field will be omitted from the deployment manifest of all the HPA managed services.
  ##
  removeReplicas: true
  ## Enabling this flag would apend the tolerations defined in "hpa.hpaTolerations" to the deployment manifest of all the HPA managed services.
  ##
  useHpaTolerations: true
  ## default totaltions to be added to the deployment manifest of all the HPA managed services.
  ##
  hpaTolerations:
    - key: "node-role.cognigy.ai"
      value: "autoscaler"
      effect: "NoSchedule"
  ## Enabling this flag would apend the nodeSelector defined in "hpa.hpaNodeSelector" to the deployment manifest of all the HPA managed services.
  ##
  useHpaNodeSelector: true
  ## default nodeSelector to be added to the deployment manifest of all the HPA managed services.
  ##
  hpaNodeSelector:
    "node-role": "autoscaler"
  ## HorizontalPodAutoscaler (HPA) managed services
  ##
  services:
    serviceAi:
      ## Enable horizontal pod autoscaler
      ##
      enabled: true
      name: service-ai
      ## Minimum allowed replicas to which the scaling target can be scaled down
      ##
      minReplicas: 3
      ## Maximum allowed replicas to which the scaling target can be scaled up
      ##
      maxReplicas: 30
      ## Define metrics against which HorizontalPodAutoscaler will react
      ## metrics:
      ##   - type: Resource
      ##     resource:
      ##       name: memory
      ##       target:
      ##         type: Utilization
      ##         averageUtilization: 80
      ##   - type: Resource
      ##     resource:
      ##       name: cpu
      ##       target:
      ##         type: Utilization
      ##         averageUtilization: 70
      ##
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              ## Define the CPU target to trigger the scaling actions (utilization percentage)
              ##
              averageUtilization: 25
      behavior:
        scaleDown:
          stabilizationWindowSeconds: 900
    serviceExecution:
      enabled: true
      name: service-execution
      minReplicas: 3
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 50
      behavior:
        scaleDown:
          stabilizationWindowSeconds: 900
    serviceResources:
      enabled: true
      name: service-resources
      minReplicas: 3
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 50
      behavior:
        scaleDown:
          stabilizationWindowSeconds: 900
    serviceFunctionExecution:
      enabled: true
      name: service-function-execution
      minReplicas: 3
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 50
      behavior:
        scaleDown:
          stabilizationWindowSeconds: 900
    serviceFunctionScheduler:
      name: service-function-scheduler
      enabled: true
      minReplicas: 3
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 50
      behavior:
        scaleDown:
          stabilizationWindowSeconds: 900
    serviceHandoverInactivity:
      name: service-handover-inactivity
      enabled: true
      minReplicas: 3
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 50
      behavior: {}
    serviceHttp:
      name: service-http
      enabled: true
      minReplicas: 3
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 50
      behavior: {}
    serviceInsightsForwarder:
      name: service-insights-forwarder
      enabled: false
      minReplicas: 2
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 40
      behavior:
        scaleDown:
          stabilizationWindowSeconds: 900
    serviceNlpNer:
      name: service-nlp-ner
      enabled: true
      minReplicas: 3
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 50
      behavior: {}
    serviceProfiles:
      name: service-profiles
      enabled: true
      minReplicas: 3
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 50
      behavior: {}
    serviceRuntimeFileManager:
      name: service-runtime-file-manager
      enabled: true
      minReplicas: 3
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 50
      behavior: {}
    serviceSessionStateManager:
      name: service-session-state-manager
      enabled: true
      minReplicas: 3
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 50
      behavior: {}
    serviceNlpOrchestrator:
      name: service-nlp-orchestrator
      enabled: false
      minReplicas: 2
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 60
      behavior:
        scaleDown:
          stabilizationWindowSeconds: 900
    serviceNlpEmbeddingEn:
      name: service-nlp-embedding-en
      enabled: false
      minReplicas: 2
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 60
      behavior:
        scaleDown:
          stabilizationWindowSeconds: 900
    serviceNlpEmbeddingGe:
      name: service-nlp-embedding-ge
      enabled: false
      minReplicas: 2
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 60
      behavior:
        scaleDown:
          stabilizationWindowSeconds: 900
    serviceNlpEmbeddingXx:
      name: service-nlp-embedding-xx
      enabled: false
      minReplicas: 2
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 60
      behavior:
        scaleDown:
          stabilizationWindowSeconds: 900
    serviceNlpClassifierScoreEn:
      name: service-nlp-classifier-score-en
      enabled: false
      minReplicas: 2
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 60
      behavior:
        scaleDown:
          stabilizationWindowSeconds: 900
    serviceNlpClassifierScoreDe:
      name: service-nlp-classifier-score-de
      enabled: false
      minReplicas: 2
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 60
      behavior:
        scaleDown:
          stabilizationWindowSeconds: 900
    serviceNlpClassifierScoreXx:
      name: service-nlp-classifier-score-xx
      enabled: false
      minReplicas: 2
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 60
      behavior:
        scaleDown:
          stabilizationWindowSeconds: 900
    serviceNlpClassifierScoreGe:
      name: service-nlp-classifier-score-ge
      enabled: false
      minReplicas: 2
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 60
      behavior:
        scaleDown:
          stabilizationWindowSeconds: 900
    serviceNlpClassifierScoreJa:
      name: service-nlp-classifier-score-ja
      enabled: false
      minReplicas: 2
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 60
      behavior:
        scaleDown:
          stabilizationWindowSeconds: 900
    serviceNlpClassifierScoreKo:
      name: service-nlp-classifier-score-ko
      enabled: false
      minReplicas: 2
      maxReplicas: 30
      metrics:
        - type: Resource
          resource:
            name: cpu
            target:
              type: Utilization
              averageUtilization: 60
      behavior:
        scaleDown:
          stabilizationWindowSeconds: 900

## PriorityClass(es) for services
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass
##
priorityClass:
  enabled: true
  critical:
    enabled: true
    name: critical
    value: 4000000
    preemptionPolicy: PreemptLowerPriority
    globalDefault: false
    description: "PriorityClass for critical priority services"
  high:
    enabled: true
    name: high
    value: 3000000
    preemptionPolicy: PreemptLowerPriority
    globalDefault: false
    description: "PriorityClass for high priority services"
  medium:
    enabled: true
    name: medium
    value: 2000000
    preemptionPolicy: PreemptLowerPriority
    globalDefault: false
    description: "PriorityClass for medium priority services"
  low:
    enabled: true
    name: low
    value: 1000000
    preemptionPolicy: Never
    globalDefault: false
    description: "PriorityClass for low priority services"

## You can enable the pod monitors only if Prometheus instance is running or Prometheus CRDs are created in your cluster
podMonitors:
  enabled: false
  ## The namespace for the pod-monitor should be the same namespace where your prometheus instance is running
  namespace: ""

## Create custom StorageClass(es) for stateful services
##
storageClass:
  ## StorageClass(es) parameters for AWS
  ##
  aws:
    enabled: true
    ## AWS EBS
    ## ref: https://aws.amazon.com/ebs/
    ## ref: https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html
    ##
    ebs:
      postgresql:
        enabled: false
        storageClassName: "postgresql"
        provisionerName: "ebs.csi.aws.com"
        awsEBSVolumeType: "gp3"
        diskIops: "3000"
        diskThroughput: "150"
        reclaimPolicy: Retain
        volumeBindingMode: WaitForFirstConsumer
      redisPersistentHa:
        enabled: true
        storageClassName: "redis-persistent-ha"
        provisionerName: "ebs.csi.aws.com"
        awsEBSVolumeType: "gp3"
        reclaimPolicy: Retain
        volumeBindingMode: WaitForFirstConsumer
      qdrant:
        enabled: false
        storageClassName: "qdrant"
        provisionerName: "ebs.csi.aws.com"
        awsEBSVolumeType: "gp3"
        reclaimPolicy: Retain
        volumeBindingMode: WaitForFirstConsumer
    ## AWS EFS
    ## ref: https://aws.amazon.com/efs/
    ## ref: https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html
    ##
    efs:
      cubejs:
        enabled: false
        storageClassName: "cubejs"
        fileSystemId: ""
        directoryPerms: "777"
        gid: "1000"
        uid: "1000"
        provisioner: efs.csi.aws.com
        reclaimPolicy: Retain
        allowVolumeExpansion: true
        volumeBindingMode: Immediate
      ide:
        enabled: false
        storageClassName: "ide"
        fileSystemId: ""
        directoryPerms: "777"
        gid: "1000"
        uid: "1000"
        provisioner: efs.csi.aws.com
        reclaimPolicy: Retain
        allowVolumeExpansion: true
        volumeBindingMode: Immediate
      runtime:
        enabled: false
        storageClassName: "runtime"
        fileSystemId: ""
        directoryPerms: "777"
        gid: "1000"
        uid: "1000"
        provisioner: efs.csi.aws.com
        reclaimPolicy: Retain
        allowVolumeExpansion: true
        volumeBindingMode: Immediate

  ## StorageClass(es) parameters for Azure
  ##
  azure:
    enabled: true
    ## Azure Disk
    ## ref: https://learn.microsoft.com/en-us/azure/aks/azure-csi-disk-storage-provision
    ##
    disk:
      postgresql:
        enabled: false
        storageClassName: "postgresql"
        provisionerName: "disk.csi.azure.com"
        azureStorageAccountType: "PremiumV2_LRS"
        volumeBindingMode: WaitForFirstConsumer
        reclaimPolicy: Retain
        cachingMode: None
        diskIops: "3000"
        diskThroughput: "150"
      redisPersistentHa:
        enabled: true
        storageClassName: "redis-persistent-ha"
        provisionerName: "disk.csi.azure.com"
        azureStorageAccountType: "Premium_LRS"
        volumeBindingMode: WaitForFirstConsumer
        reclaimPolicy: Retain
        cachingMode: ReadOnly
      qdrant:
        enabled: false
        storageClassName: "qdrant"
        provisionerName: "disk.csi.azure.com"
        azureStorageAccountType: "StandardSSD_LRS"
        volumeBindingMode: WaitForFirstConsumer
        reclaimPolicy: Retain
        cachingMode: ReadOnly
    ## Azure Files
    ## ref: https://learn.microsoft.com/en-us/azure/aks/azure-csi-files-storage-provision
    ##
    file:
      cubejs:
        enabled: false
        storageClassName: "cubejs"
        provisioner: file.csi.azure.com
        skuName: Standard_ZRS
        reclaimPolicy: Retain
        allowVolumeExpansion: true
        volumeBindingMode: Immediate
        gid: "1000"
        uid: "1000"
      flowmodules:
        enabled: false
        storageClassName: "flow-modules"
        provisioner: file.csi.azure.com
        skuName: Standard_LRS
        reclaimPolicy: Retain
        allowVolumeExpansion: true
        volumeBindingMode: Immediate
        gid: "1000"
        uid: "1000"
        lfs: true
      functions:
        enabled: false
        storageClassName: "functions"
        provisioner: file.csi.azure.com
        skuName: Standard_LRS
        reclaimPolicy: Retain
        allowVolumeExpansion: true
        volumeBindingMode: Immediate
        gid: "1000"
        uid: "1000"
        lfs: true
      runtime:
        enabled: false
        storageClassName: "runtime"
        provisioner: file.csi.azure.com
        skuName: Standard_GZRS
        reclaimPolicy: Retain
        allowVolumeExpansion: true
        volumeBindingMode: Immediate
        gid: "1000"
        uid: "1000"
        lfs: true
      ide:
        enabled: false
        storageClassName: "ide"
        provisioner: file.csi.azure.com
        skuName: Standard_GZRS
        reclaimPolicy: Retain
        allowVolumeExpansion: true
        volumeBindingMode: Immediate
        gid: "1000"
        uid: "1000"
        lfs: true

## Create custom PVC(s) for stateful services
##
persistentVolumeClaim:
  enabled: false
  runtime:
    enabled: false
    pvcName: runtime
    accessModes: ReadWriteMany
    storageClassName: runtime
    storage: 1Mi # for azure use 1000Gi
  ide:
    enabled: false
    pvcName: ide
    accessModes: ReadWriteMany
    storageClassName: ide
    storage: 1Mi # for azure use 1000Gi

## Antivirus assets scanning
##
clamd:
  # streamMaxLength: 4000M is the maximum value
  streamMaxLength: 4000M
  maxScanSize: 300M
  maxFileSize: 100M
  tcpAddr: 0.0.0.0
  image: cognigy.azurecr.io/clamav:0.105
  replicaCount: 1
  resources:
    limits:
      cpu: 1000m
      memory: 3000Mi
    requests:
      cpu: 800m
      memory: 2000Mi
  extraEnvVars: []
  securityContext: {}
  affinity: {}
  nodeSelector: {}
  tolerations: []
  priorityClassName: ""
  httpProxyServer: ""
  httpProxyPort: 8080
  httpProxyUsername: ""
  httpProxyPassword: ""

##
## Tracing configurations. Create sentry project and get the DSN from there and assign it to the baseUrl
## The environment can be the deployment environment eg. dev, qa, prod
##
tracing:
  environment: ""
  sentry:
    ide:
      enabled: false
      errorsEnabled: false
      baseUrl: ""
      eventsSampleRate: ""
      sampleRate: ""
    runtime:
      enabled: false
      errorsEnabled: false
      baseUrl: ""
      eventsSampleRate: ""
      sampleRate: ""
    insights:
      enabled: false
      errorsEnabled: false
      baseUrl: ""
      eventsSampleRate: ""
      sampleRate: ""
    liveAgent:
      enabled: false
      errorsEnabled: false
      baseUrl: ""
      eventsSampleRate: ""
      sampleRate: ""

## Extra objects to deploy with the release. Accepts a list of resource manifests
## Example:
## extraResources:
## - apiVersion: v1
##   kind: Namespace
##   metadata:
##     name: cognigy-ai
extraResources: []

# The values below are used for Traefik Helm chart. For more information, see
# https://github.com/traefik/traefik-helm-chart
traefik:
  enabled: true
  instanceLabelOverride: "cognigy-ai"
  fullnameOverride: traefik
  image:
    registry: cognigy.azurecr.io
    repository: traefik
    tag: "3.1.6"
    pullPolicy: IfNotPresent
  deployment:
    ## Specify imagePullSecrets to pull the image from private repository.
    ## Based on the information provided in "imageCredentials" parameter previously, this should be
    ## either "cognigy-registry-token" or predefined secrets.
    ## NOTE: Can be ignored if traefik is not enabled.
    imagePullSecrets:
      - name: cognigy-registry-token
    replicas: 3
    podAnnotations: {}
    podLabels:
      uniquezone: "set"
  logs:
    general:
      level: INFO
    access:
      enabled: true
      filters: {}
      fields:
        general:
          defaultmode: keep
          names: {}
        headers:
          defaultmode: drop
          names: {}
  ingressClass:
    enabled: true
    isDefaultClass: true
  ingressRoute:
    dashboard:
      enabled: false
  globalArguments:
    - "--api.insecure=true"
  additionalArguments: []
  ports:
    traefik:
      port: 9000
      expose:
        default: false
        internal: false
      exposedPort: 9000
      protocol: TCP
    web:
      port: 8000
      expose:
        default: true
      exposedPort: 80
      protocol: TCP
      ## NOTE: If traefik is enabled ("traefik.enabled: true"), and you provide "tls.enable: false", then the auto redirection of http to https
      ## also must be disabled by setting traefik.ports.web.redirectTo.port: null
      redirectTo:
        port: websecure
      # Trust forwarded headers information (X-Forwarded-*).
      forwardedHeaders:
        trustedIPs: []
        insecure: true
      # Enable the Proxy Protocol header parsing for the entry point
      proxyProtocol:
        trustedIPs: []
        insecure: true
    websecure:
      port: 8443
      expose:
        default: true
      exposedPort: 443
      protocol: TCP
      # Trust forwarded  headers information (X-Forwarded-*).
      forwardedHeaders:
        trustedIPs: []
        insecure: true
      # Enable the Proxy Protocol header parsing for the entry point
      proxyProtocol:
        trustedIPs: []
        insecure: true
      tls:
        enabled: true
        options: ""
        certResolver: ""
        domains: []
    metrics:
      port: 9100
      expose:
        default: false
        internal: true
      exposedPort: 9100
      protocol: TCP
  service:
    enabled: true
    type: LoadBalancer
    annotations: {}
    annotationsTCP: {}
    annotationsUDP: {}
    labels: {}
    spec: {}
    loadBalancerSourceRanges: []
    externalIPs: []
  resources:
    limits:
      cpu: 400m
      memory: 750Mi
    requests:
      cpu: 200m
      memory: 350Mi
  tlsOptions:
    default:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  affinity:
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchExpressions:
              - key: "uniquezone"
                operator: In
                values:
                  - "set"
          topologyKey: "topology.kubernetes.io/zone"

  updateStrategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
      maxSurge: 0

## Qdrant Vector DB configuration
qdrant:
  enabled: false
  # This will create a Secret with a random API key. A constant string can be set here as well,
  # but it is not recommended.
  apiKey: true
  # This has to be set explicitly to enable rolling updates
  updateConfigurationOnChange: true
  replicaCount: 3
  # This will make sure all qdrant related Kubernetes objects have names
  # starting with 'qdrant' rather than 'cognigy-ai-qdrant' (or some other
  # automated prefix)
  fullnameOverride: "qdrant"
  image:
    repository: cognigy.azurecr.io/qdrant
    tag: "v1.8.3"
    pullPolicy: IfNotPresent
    useUnprivilegedImage: true
  imagePullSecrets:
    - name: cognigy-registry-token
  config:
    log_level: INFO
    # Otherwise, it will send telemetry data to Qdrant developers
    telemetry_disabled: true
    cluster:
      # Enable distributed deployment for high-availability
      enabled: true
    service:
      enable_tls: false
      # Disable the GRPC endpoint
      grpc_port: null
  service:
    # We set this explicitly to make it visible here.
    type: ClusterIP
    annotations: {}
  livenessProbe:
    enabled: true
  readinessProbe:
    enabled: true
  startupProbe:
    enabled: true
  resources:
    limits:
      cpu: 2
      memory: 4Gi
    requests:
      cpu: 2
      memory: 4Gi
  persistence:
    size: 50Gi
    storageClassName: "qdrant"
    annotations: {}
  affinity:
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchExpressions:
              - key: "app"
                operator: In
                values:
                  - "qdrant"
          topologyKey: "topology.kubernetes.io/zone"
  ingress:
    # Explicitly disable ingress
    enabled: false
  snapshotRestoration:
    # Only supported for single-node Qdrant clusters
    enabled: false
  metrics:
    serviceMonitor:
      enabled: false
  env:
    # Can be set to 'true' in stituations where Qdrant fails to start
    # repeatidly due to OOM. See https://qdrant.tech/documentation/guides/administration/#recovery-mode
    - name: QDRANT_ALLOW_RECOVERY_MODE
      value: false
  priorityClassName: ""
  nodeSelector: {}
  tolerations: []
  additionalVolumes: []
  additionalVolumeMounts: []
  additionalLabels: {}
  podAnnotations: {}
  podLabels: {}

## For the securityContext config of traefik, please refer to the official values.yaml file of the traefik
## This is the link for chart v23.1.0 for example
## https://github.com/traefik/traefik-helm-chart/blob/6df869b8e8bcd6757e7934b554b97d925350c9fa/traefik/values.yaml#L882-L901

# Toggle goals enablement
goals:
  enabled: false

# Cube Framework for Insights
cubejs:
  enabled: false
  persistence:
    enabled: true
    size: "100Gi"
    storageClass: "cubejs"
  postgresql:
    cluster: "postgres-ha"
    ssl: "true"
    image: "cognigy.azurecr.io/spilo-15:3.0-p1"
    poolerServiceSuffix: "pooler"
    database: "service_analytics_collector"
    username: "cognigy-insights"
    host: "{{ tpl .Values.cubejs.postgresql.cluster . }}-pooler"
    readReplica:
      useReadReplica: false
      host: "{{ tpl .Values.cubejs.postgresql.cluster . }}-pooler-repl"
    port: "5432"
    sslmode: "require"
  # Insights CronJob for Data Expiration in Postgres
  dataExpiration:
    affinity: {}
    nodeSelector: {}
    tolerations: []
    securityContext: {}
  # Insights CronJob for Data Cleanup in Postgres
  dataCleanup:
    enabled: true
    resources:
      requests:
        cpu: "0.3"
        memory: 150M
      limits:
        cpu: "0.5"
        memory: 300M
    schedule: "*/10 * * * *" # every 10 minutes
    activeDeadlineSeconds: 300 # 5 minutes
    ttlSecondsAfterFinished: 600 # 10 minutes
    successfulJobsHistoryLimit: 3
    failedJobsHistoryLimit: 3
    parallelism: 1
    backoffLimit: 3
    concurrencyPolicy: Forbid
    restartPolicy: OnFailure
    securityContext: {}
    affinity: {}
    nodeSelector: {}
    tolerations: []
    priorityClassName: ""
  # Insights Job for Database Schema Migration in Postgres
  dbMigration:
    enabled: true
    helmHook:
      hook: "post-install,pre-upgrade"
      hookWeight: "-3"
      deletePolicy: "before-hook-creation,hook-succeeded"
    image: "cognigy.azurecr.io/insights-db-migration-manager:release-60c79ec-173651\
      4858"
    resources:
      requests:
        cpu: "1"
        memory: "700Mi"
      limits:
        cpu: "1"
        memory: "1Gi"
    securityContext: {}
    affinity: {}
    nodeSelector: {}
    tolerations: []
    migration:
      mode: "up"
      include: ""
      exclude: "20240819121540-add-constraints-session-hash-id.js"
  apiServer:
    image: "cognigy.azurecr.io/insights-cube:release-a9ba867-1734691369"
    replicaCount: 1
    env:
      NODE_OPTIONS: "--max-old-space-size=2048"
    resources:
      requests:
        memory: "1Gi"
        cpu: "0.5"
      limits:
        memory: "2Gi"
        cpu: "1"
    extraEnvVars: []
    securityContext: {}
    affinity: {}
    nodeSelector: {}
    tolerations: []
    priorityClassName: ""
  refreshWorker:
    image: "cognigy.azurecr.io/insights-cube:release-a9ba867-1734691369"
    replicaCount: 1 # Don't increase the replica count, refresh worker can't be scaled independently and a whole cluster has to be replicated
    resources:
      requests:
        memory: "2Gi"
        cpu: "1.5"
      limits:
        memory: "3Gi"
        cpu: "2"
    extraEnvVars: []
    securityContext: {}
    affinity: {}
    nodeSelector: {}
    tolerations: []
    priorityClassName: ""
  storeRouter:
    image: "cognigy.azurecr.io/insights-cubestore:v0.35.53"
    replicaCount: 1 # Don't increase the replica count, store router can't be scaled independently and a whole cluster has to be replicated
    routerPort: "3030"
    metaPort: "9999"
    resources:
      requests:
        memory: "2.5Gi"
        cpu: "1"
      limits:
        memory: "5Gi"
        cpu: "2"
    extraEnvVars: []
    securityContext: {}
    affinity: {}
    nodeSelector: {}
    tolerations: []
    priorityClassName: ""
    metrics:
      enabled: true
      image: prom/statsd-exporter:v0.24.0
      resources:
        requests:
          cpu: 25m
          memory: 32Mi
        limits:
          cpu: 100m
          memory: 128Mi
  storeWorker:
    image: "cognigy.azurecr.io/insights-cubestore:v0.35.53"
    ##
    # Minimum required replicaCount: 2
    # In case of replicaCount increase store-router must be restarted after the scale-up
    ##
    replicaCount: 2
    workerPort: "9001"
    resources:
      requests:
        memory: "6Gi"
        cpu: "2"
      limits:
        memory: "10Gi"
        cpu: "4"
    extraEnvVars: []
    securityContext: {}
    affinity: {}
    nodeSelector: {}
    tolerations: []
    priorityClassName: ""

pgoperator:
  enabled: false
  nameOverride: postgres-operator
  fullnameOverride: postgres-operator
  image:
    registry: cognigy.azurecr.io
    repository: postgres-operator
    tag: v1.10.1
  imagePullSecrets:
    - name: cognigy-registry-token
    # priority class for operator pod
  priorityClassName: ""
  # priority class for database pods
  podPriorityClassName: ""

  configKubernetes:
    # toggles readiness probe for database pods
    enable_readiness_probe: true
    # specify the pod management policy of stateful sets of Postgres clusters
    pod_management_policy: "parallel"
    # toggles pod anti affinity on the Postgres pods
    enable_pod_antiaffinity: true
    # switches pod anti affinity type to `preferredDuringSchedulingIgnoredDuringExecution`
    pod_antiaffinity_preferred_during_scheduling: false
    # override topology key for pod anti affinity
    pod_antiaffinity_topology_key: "topology.kubernetes.io/zone"
    # add imagePullSecrets to ServiceAccount
    pod_service_account_definition: '{"apiVersion": "v1", "kind": "ServiceAccount",
      "metadata": {"name": "postgres-pod"}, "imagePullSecrets": [{"name":
      "cognigy-registry-token"}]}'

  postgresqlCluster:
    enabled: true
    manifest:
      apiVersion: "acid.zalan.do/v1"
      kind: "postgresql"
      metadata:
        name: "{{ tpl .Values.cubejs.postgresql.cluster . }}"
        namespace: "{{ $.Release.Namespace }}"
        labels:
          team: cognigy
      spec:
        dockerImage: "{{ tpl .Values.cubejs.postgresql.image . }}"
        teamId: "cognigy"
        numberOfInstances: 3
        enableConnectionPooler: true
        enableReplicaConnectionPooler: true
        enableMasterLoadBalancer: false
        enableMasterPoolerLoadBalancer: false
        postgresql:
          version: "15"
          # parameters:
          # log_min_messages: "DEBUG5"
          # max_connections: "10"
          # patroni:
          #   maximum_lag_on_failover: "2147483648"
        volume:
          size: "100Gi"
          storageClass: "postgresql"
        users:
          "{{ tpl .Values.cubejs.postgresql.username . }}": []
        databases:
          "{{ tpl .Values.cubejs.postgresql.database . }}": "{{ tpl .Values.cubejs.postgresql.username . }}"
        allowedSourceRanges: # IP ranges to access your cluster go here

        resources:
          requests:
            cpu: "2"
            memory: "6Gi"
          limits:
            cpu: "2"
            memory: "6Gi"
        # env:
        #   - name: "ALLOW_NOSSL"
        #     value: "true"
        #   - name: "DEBUG"
        #     value: "true"
        #   - name: "LOGLEVEL"
        #     value: DEBUG
        sidecars:
          - name: "exporter"
            image: "cognigy.azurecr.io/postgres-exporter:v0.14.0"
            ports:
              - name: exporter
                containerPort: 9187
                protocol: TCP
            resources:
              limits:
                cpu: 500m
                memory: 256M
              requests:
                cpu: 50m
                memory: 128M
            env:
              - name: "DATA_SOURCE_URI"
                value: 127.0.0.1:5432
              - name: "DATA_SOURCE_USER"
                value: "$(POSTGRES_USER)"
              - name: "DATA_SOURCE_PASS"
                value: "$(POSTGRES_PASSWORD)"
              - name: "PG_EXPORTER_AUTO_DISCOVER_DATABASES"
                value: "true"

  configConnectionPooler:
    connection_pooler_image: "cognigy.azurecr.io/pgbouncer:master-27"
    # max db connections the pooler should hold
    connection_pooler_max_db_connections: 60
    # number of pooler instances
    connection_pooler_number_of_instances: 2
    # default resources
    connection_pooler_default_cpu_request: 50m
    connection_pooler_default_cpu_limit: 500m
    connection_pooler_default_memory_request: 32Mi
    connection_pooler_default_memory_limit: 512Mi

### Redis installation in high availability (HA) mode ###
redisHa:
  enabled: true
  global:
    imagePullSecrets:
      - cognigy-registry-token
  fullnameOverride: "redis-ha"
  nameOverride: "redis-ha"
  image:
    registry: cognigy.azurecr.io
    repository: redis
    tag: 7.4.0-debian-12-r4
  ## Redis-HA authentication parameters
  ##
  auth:
    ## Redis-HA password string. If not set, a random 64-character string is generated and stored in cognigy-redis-password secret
    ## Do not set the password manually unless absolutely necessary!
    ##
    password: ""
    ## The name of an existing secret with Redis-HA credentials.
    ## The secret must contain "redis-password.conf" and "REDIS_PASSWORD" keys.
    ## Example:
    ## redis-password.conf: requirepass <redis_password>
    ## REDIS_PASSWORD: <redis_password>
    ##
    ## NOTE: When it's set, the previous "redisHa.auth.password" parameter is ignored.
    ## Do not change existingSecret value unless absolutely necessary!
    ## If existingSecret != cognigy-redis-password, the secret will not be auto-generated and must be created manually!
    existingSecret: cognigy-redis-password
    existingSecretPasswordKey: REDIS_PASSWORD
  commonConfiguration: |-
    appendonly no
    protected-mode no
    repl-diskless-sync no
    save ""
    stop-writes-on-bgsave-error yes
    maxmemory-policy volatile-ttl
  replica:
    replicaCount: 3
    resources:
      limits:
        cpu: 500m
        memory: 512Mi
      requests:
        cpu: 500m
        memory: 512Mi
    podAnnotations: {}
    ## Set the maxmemory to the 85% of the redis memory limit.
    configuration: |-
      maxmemory 436mb
    podLabels:
      uniquezone: "redis-ha"
    affinity:
      podAntiAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
                - key: "uniquezone"
                  operator: In
                  values:
                    - "redis-ha"
            topologyKey: "topology.kubernetes.io/zone"
    persistence:
      enabled: false
  sentinel:
    enabled: true
    image:
      registry: cognigy.azurecr.io
      repository: redis-sentinel
      tag: 7.4.0-debian-12-r4
    automateClusterRecovery: true
    downAfterMilliseconds: 2000
    failoverTimeout: 10000
    resources:
      limits:
        cpu: 200m
        memory: 200Mi
      requests:
        cpu: 25m
        memory: 32Mi
  metrics:
    enabled: true
    image:
      registry: cognigy.azurecr.io
      repository: redis-exporter
      tag: 1.63.0-debian-12-r0
    resources:
      limits:
        cpu: 200m
        memory: 200Mi
      requests:
        cpu: 25m
        memory: 32Mi
    serviceMonitor:
      enabled: false

### Stateful Redis-Persistent installation in high availability (HA) mode ###
redisPersistentHa:
  enabled: true
  global:
    storageClass: "redis-persistent-ha"
    imagePullSecrets:
      - cognigy-registry-token
  fullnameOverride: "redis-persistent-ha"
  nameOverride: "redis-persistent-ha"
  image:
    registry: cognigy.azurecr.io
    repository: redis
    tag: 7.4.0-debian-12-r4
  auth:
    ## Redis-persistent-HA password string. If not set, a random 64-character string is generated and stored
    ## in cognigy-redis-persistent-password secret. Do not set the password manually unless absolutely necessary!
    ##
    password: ""
    ## The name of an existing secret with Redis-persistent-HA credentials.
    ## The secret must contain "redis-persistent-password.conf" and "REDIS_PERSISTENT_PASSWORD" keys.
    ## Example:
    ## redis-persistent-password.conf: requirepass <redis_persistent_password>
    ## REDIS_PERSISTENT_PASSWORD: <redis_persistent_password>
    ##
    ## NOTE: When it's set, the previous "redisPersistentHa.auth.password" parameter is ignored.
    ## Do not change existingSecret value unless absolutely necessary!
    ## If existingSecret != cognigy-redis-persistent-password, the secret will not be auto-generated and must be created manually!
    existingSecret: cognigy-redis-persistent-password
    existingSecretPasswordKey: REDIS_PERSISTENT_PASSWORD
  commonConfiguration: |-
    appendonly no
    protected-mode no
    repl-diskless-sync no
    save 60 1
    stop-writes-on-bgsave-error no
  replica:
    replicaCount: 3
    resources:
      limits:
        cpu: 500m
        memory: 512Mi
      requests:
        cpu: 500m
        memory: 512Mi
    podLabels:
      uniquezone: "redis-persistent-ha"
    podAnnotations: {}
    affinity:
      podAntiAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
                - key: "uniquezone"
                  operator: In
                  values:
                    - "redis-persistent-ha"
            topologyKey: "topology.kubernetes.io/zone"
    persistence:
      enabled: true
      storageClass: "redis-persistent-ha"
      size: 15Gi
  sentinel:
    enabled: true
    image:
      registry: cognigy.azurecr.io
      repository: redis-sentinel
      tag: 7.4.0-debian-12-r4
    automateClusterRecovery: true
    downAfterMilliseconds: 2000
    failoverTimeout: 10000
    resources:
      limits:
        cpu: 200m
        memory: 200Mi
      requests:
        cpu: 25m
        memory: 32Mi
  metrics:
    enabled: true
    image:
      registry: cognigy.azurecr.io
      repository: redis-exporter
      tag: 1.63.0-debian-12-r0
    resources:
      limits:
        cpu: 200m
        memory: 200Mi
      requests:
        cpu: 25m
        memory: 32Mi
    serviceMonitor:
      enabled: false

# To enable the new NFS volumes
migrateFS:
  enabled: false
  # This flag should set to true after the migration finished to use only the new NFS volumes
  finished: false

# Prerequisite: needs the new "runtime" volume.
# Warning: if disabled, not only the Transcripts feature but also Agent AI will not work anymore.
featureTranscripts:
  enabled: true