Skip to content

Kubernetes Configurations - Custom Property Keys

These are all the properties you can set in the Custom Properties section on the Kubernetes Configs tab for your connector. Enter the key exactly as shown and provide a value in the format indicated.

Notation

  • <name> - replace with the actual resource name (e.g. rocksdb, data-storage)
  • <VAR_NAME> - replace with the environment variable name (e.g. MY_API_TOKEN)
  • Boolean - enter true or false (no quotes)
  • Group - JSON object {"key": "value"}, merges with existing entries
  • List - JSON array [...], always fully replaces existing entries

Replicas & Lifecycle

Key Type Example value What it controls
replicaCount Number 3 Number of running pod copies
terminationGracePeriodSeconds Number 60 Seconds to wait before force-stopping a pod

App Identity

Key Type Example value What it controls
app.labels Group {"team":"platform","env":"prod"} Extra labels applied to all created resources
app.annotations Group {"owner":"team-x"} Extra annotations applied to all created resources

Container Image

Key Type Example value What it controls
image.hub Text 404161567772.dkr.ecr.us-east-1.amazonaws.com Container registry URL
image.repository Text privacera/connector Image repository name
image.tag Text v3.5.1 Image tag; overrides the version deployed
image.pullPolicy Text Always Always, IfNotPresent, or Never
image.pullSecrets List [{"name":"ecr-registry-secret"}] Image pull secrets for private registries

Deployment Strategy

Key Type Example value What it controls
deployment.annotations Group {"deployment.kubernetes.io/revision":"3"} Annotations on the Deployment object metadata
deployment.labels Group {"tier":"backend"} Extra labels on the Deployment object
deployment.updateStrategy.type Text Recreate RollingUpdate or Recreate
deployment.updateStrategy.rollingUpdate.maxSurge Text/Number 50% Extra pods created during a rolling update (e.g. 25% or 1)
deployment.updateStrategy.rollingUpdate.maxUnavailable Text/Number 1 Max pods unavailable during an update (e.g. 0 or 25%)

Resources (CPU & Memory)

Key Type Example value What it controls
resources.requests.cpu Text 500m Minimum CPU guaranteed (millicores or cores)
resources.requests.memory Text 4Gi Minimum memory guaranteed
resources.limits.cpu Text 2000m Maximum CPU; connector is throttled if exceeded
resources.limits.memory Text 4Gi Maximum memory; connector is restarted if exceeded

Main Container

Key Type Example value What it controls
mainContainer.command List ["java"] Override container entrypoint command
mainContainer.args List ["-jar","/app/service.jar"] Arguments passed to the container command
mainContainer.containerPort Number 8080 Primary container port (used by service and health probes)
mainContainer.ports List [{"containerPort":9090,"name":"metrics"}] Additional container ports
mainContainer.envFrom List [{"configMapRef":{"name":"app-env-config"}}] Inject all keys from a ConfigMap or Secret as env vars
mainContainer.lifecycle Group {"preStop":{"exec":{"command":["/bin/sh","-c","sleep 10"]}}} Lifecycle hooks (preStop, postStart)

Health Probes

Key Type Example value What it controls
livenessProbe Group {"httpGet":{"path":"/health","port":8080},"initialDelaySeconds":30,"periodSeconds":30} Restarts the container if it fails
readinessProbe Group {"httpGet":{"path":"/ready","port":8080},"periodSeconds":10} Removes the pod from Service endpoints if it fails
startupProbe Group {"httpGet":{"path":"/health","port":8080},"failureThreshold":30,"periodSeconds":10} Delays liveness/readiness until the app has started
Probe field Example value Meaning
httpGet.path /health HTTP endpoint to check
httpGet.port 8080 Port to call
initialDelaySeconds 30 Wait before first check
periodSeconds 30 Check interval
failureThreshold 3 Failures before action is taken

Environment Variables

Key Type Example value What it controls
env.enabled Boolean true Enable environment variable injection
env.variables Group {"LOG_LEVEL":"INFO","APP_NAME":"my-svc"} Map of env vars - merges with existing
env.variables.<VAR_NAME> Text or Group my-plain-value Single env var; value can be a string or {"valueFrom":{...}}

ConfigMaps

Key Type Example value What it controls
configMaps.app-config.enabled Boolean true Enable the built-in app-config ConfigMap
configMaps.app-config.mountPath Text /app/config Directory where the ConfigMap is mounted
configMaps.app-config.defaultFileName Text application.properties Name of the generated properties file
configMaps.app-config.annotations Group {"owner":"platform"} Annotations on the ConfigMap resource
configMaps.app-config.labels Group {"env":"prod"} Extra labels on the ConfigMap resource
configMaps.<name>.enabled Boolean true Enable a custom-named ConfigMap
configMaps.<name>.mountPath Text /app/db-config Mount path for a custom ConfigMap

Secrets

Key Type Example value What it controls
secrets.enabled Boolean true Enable creation of a Kubernetes Secret resource
secrets.data Group {"DB_PASSWORD":"bXlzZWNyZXQ="} Key-value pairs; values must be base64-encoded strings

Service (Internal)

Key Type Example value What it controls
service.enabled Boolean false Create the Kubernetes Service for this connector
service.name Text my-connector-svc Override the service name
service.type Text LoadBalancer ClusterIP, NodePort, or LoadBalancer
service.port Number 8080 Port the service listens on
service.targetPort Number 8080 Container port the service forwards to
service.protocol Text TCP TCP, UDP, or SCTP
service.ports List [{"name":"metrics","port":9090,"targetPort":9090}] Additional named ports on the service
service.annotations Group {"service.beta.kubernetes.io/aws-load-balancer-type":"nlb"} Annotations on the Service resource
service.labels Group {"team":"platform"} Extra labels on the Service resource
service.headless.enabled Boolean true Make the service headless (no cluster IP)

External Service

Key Type Example value What it controls
externalService.enabled Boolean true Create an additional external Service
externalService.name Text my-connector-external External service name
externalService.type Text LoadBalancer ClusterIP, NodePort, or LoadBalancer
externalService.port Number 443 External service port
externalService.targetPort Number 8080 Container port to forward to
externalService.protocol Text TCP Protocol
externalService.annotations Group {"service.beta.kubernetes.io/aws-load-balancer-ssl-cert":"arn:aws:acm:..."} External service annotations
externalService.labels Group {"visibility":"public"} Extra labels on the external service

Ingress

Key Type Example value What it controls
ingress.enabled Boolean true Create a Kubernetes Ingress resource
ingress.hostname Text connector.mycompany.com Primary hostname for routing
ingress.path Text / URL path for the primary routing rule
ingress.pathType Text Prefix Prefix, Exact, or ImplementationSpecific
ingress.annotations Group {"alb.ingress.kubernetes.io/scheme":"internet-facing"} Controller annotations (ALB, NGINX, GCE, etc.)
ingress.ingressClassName Text alb IngressClass name
ingress.tls List [{"secretName":"my-tls-secret","hosts":["connector.mycompany.com"]}] TLS configuration
ingress.extraPaths List [{"path":"/admin","pathType":"Prefix","port":8080}] Additional paths on the same host
ingress.extraRules List [{"host":"admin.mycompany.com","paths":[{"path":"/","pathType":"Prefix"}]}] Additional rules for other hostnames

Pod Security Context

Key Type Example value What it controls
securityContext.enabled Boolean false Apply a pod-level security context
securityContext.fsGroup Number 2000 Group ID for ownership of mounted volumes
securityContext.runAsNonRoot Boolean true Reject containers that run as root
securityContext.runAsUser Number 1001 User ID to run all containers as
securityContext.runAsGroup Number 1001 Group ID to run all containers as

Container Security Context

Key Type Example value What it controls
mainContainer.securityContext.enabled Boolean true Apply a container-level security context
mainContainer.securityContext.readOnlyRootFilesystem Boolean true Make the container's root filesystem read-only
mainContainer.securityContext.allowPrivilegeEscalation Boolean false Allow privilege escalation inside the container
mainContainer.securityContext.runAsNonRoot Boolean true Reject running as root (container level)
mainContainer.securityContext.runAsUser Number 1001 User ID for this container
mainContainer.securityContext.runAsGroup Number 1001 Group ID for this container

Service Account

Key Type Example value What it controls
serviceAccount.enabled Boolean true Mount a service account in the pod
serviceAccount.create Boolean false Create the ServiceAccount (false = use an existing one)
serviceAccount.name Text my-connector-sa Service account name
serviceAccount.annotations Group {"eks.amazonaws.com/role-arn":"arn:aws:iam::123:role/x"} Annotations on the service account
serviceAccount.annotations.[eks.amazonaws.com/role-arn] Text arn:aws:iam::123456789012:role/my-connector-role AWS IRSA role ARN
serviceAccount.annotations.[iam.gke.io/gcp-service-account] Text my-sa@project.iam.gserviceaccount.com GCP Workload Identity service account
serviceAccount.enableAdminRoleOnNS Boolean true Grant namespace-admin Role+RoleBinding (requires create=true)
serviceAccount.useAzureWorkloadIdentity Boolean true Add AKS Workload Identity pod label

Network Policy

Key Type Example value What it controls
networkPolicy.enabled Boolean true Create a Kubernetes NetworkPolicy
networkPolicy.policyTypes List ["Ingress","Egress"] Which traffic directions to enforce
networkPolicy.ingress List [{"from":[{"podSelector":{"matchLabels":{"app":"frontend"}}}],"ports":[{"port":8080}]}] Rules controlling inbound traffic to the pod
networkPolicy.egress List [{"to":[],"ports":[{"protocol":"UDP","port":53}]}] Rules controlling outbound traffic from the pod

Autoscaling (HPA)

Key Type Example value What it controls
autoscaling.enabled Boolean true Create a HorizontalPodAutoscaler
autoscaling.minReplicas Number 2 Minimum replicas
autoscaling.maxReplicas Number 20 Maximum replicas
autoscaling.targetCPUUtilizationPercentage Number 70 CPU utilization % that triggers a scale-up
autoscaling.targetMemoryUtilizationPercentage Number 75 Memory utilization % that triggers a scale-up

KEDA Autoscaling

Key Type Example value What it controls
scaledobject.enabled Boolean true Create a KEDA ScaledObject
scaledobject.app.type Text Deployment Deployment or StatefulSet
scaledobject.app.pollingInterval Number 15 Metric check interval (seconds)
scaledobject.app.cooldownPeriod Number 120 Time between scale operations (seconds)
scaledobject.app.minReplicaCount Number 2 Minimum replicas
scaledobject.app.maxReplicaCount Number 50 Maximum replicas
scaledobject.triggers List [{"type":"kafka","metadata":{"bootstrapServers":"kafka:9092","topic":"events","lagThreshold":"100"}}] Trigger definitions

Pod Disruption Budget

Key Type Example value What it controls
podDisruptionBudget.enabled Boolean true Create a PodDisruptionBudget
podDisruptionBudget.spec Group {"minAvailable":2} PDB spec - minAvailable or maxUnavailable

Topology Spread Constraints

Key Type Example value What it controls
topologySpreadConstraints.default.enabled Boolean false Enable the default spread constraint
topologySpreadConstraints.default.maxSkew Number 2 Max pod count difference between topology domains
topologySpreadConstraints.default.topologyKey Text topology.kubernetes.io/zone Node label key for topology domains
topologySpreadConstraints.default.whenUnsatisfiable Text DoNotSchedule ScheduleAnyway or DoNotSchedule
topologySpreadConstraints.additional.enabled Boolean true Enable additional custom spread constraints
topologySpreadConstraints.additional.constraints List [{"maxSkew":1,"topologyKey":"kubernetes.io/hostname","whenUnsatisfiable":"ScheduleAnyway"}] Custom constraint list

Node Scheduling

Key Type Example value What it controls
nodeSelector Group {"node-type":"connector-pool","environment":"production"} Restrict the pod to nodes with matching labels
tolerations List [{"key":"dedicated","operator":"Equal","value":"connector-pool","effect":"NoSchedule"}] Allow the pod to run on tainted nodes (always fully replaced)
affinity Group {"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"weight":100,"podAffinityTerm":{"labelSelector":{"matchLabels":{"app":"connector"}},"topologyKey":"kubernetes.io/hostname"}}]}} Pod/node affinity and anti-affinity rules

Monitoring & Observability

Key Type Example value What it controls
podAnnotations Group {"prometheus.io/scrape":"true","prometheus.io/port":"9090"} Annotations on the pod
podLabels Group {"team":"platform","cost-center":"engineering"} Extra labels on the pod
Common annotation Example value Tool
prometheus.io/scrape "true" Prometheus
prometheus.io/port "9090" Prometheus
prometheus.io/path "/metrics" Prometheus

Storage Class

Key Type Example value What it controls
storageClass.enabled Boolean true Create a StorageClass resource
storageClass.name Text my-namespace-efs-storage StorageClass name
storageClass.provisioner Text efs.csi.aws.com CSI driver (required when enabled)
storageClass.parameters Group {"fileSystemId":"fs-xxxxxxxxxxxxx"} Provisioner-specific parameters
storageClass.reclaimPolicy Text Retain Delete or Retain
storageClass.volumeBindingMode Text WaitForFirstConsumer Immediate or WaitForFirstConsumer
storageClass.allowVolumeExpansion Boolean true Allow PVCs using this class to be expanded
storageClass.mountOptions List ["rw","sync"] Volume mount options
storageClass.labels Group {"storage-tier":"fast"} Extra labels on the StorageClass resource
storageClass.annotations Group {"owner":"infra-team"} Extra annotations on the StorageClass resource

Persistent Volume Claims

PVC Name

Replace <name> with the PVC identifier (e.g. rocksdb): persistentVolumeClaims.rocksdb.size

Key Type Example value What it controls
persistentVolumeClaims.<name>.enabled Boolean true Enable this PVC
persistentVolumeClaims.<name>.name Text my-connector-data Custom PVC name
persistentVolumeClaims.<name>.size Text 10Gi Storage size (cannot be reduced after first deployment)
persistentVolumeClaims.<name>.accessModes List ["ReadWriteOnce"] Access modes
persistentVolumeClaims.<name>.storageClass Text gp2 StorageClass to use
persistentVolumeClaims.<name>.mountPath Text /app/data Mount path in the container
persistentVolumeClaims.<name>.subPath Text data Mount only a subdirectory of the volume
persistentVolumeClaims.<name>.labels Group {"backup-policy":"daily"} Extra labels on the PVC resource
persistentVolumeClaims.<name>.annotations Group {"owner":"infra-team"} Extra annotations on the PVC resource

PVC Size

PVC size cannot be reduced after the first deployment. Only increases are supported.

Empty Dir Volumes

Empty Dir Name

Replace <name> with the volume identifier (e.g. temp-workdir).

Key Type Example value What it controls
emptyDirVolumes.<name>.enabled Boolean true Enable this emptyDir volume
emptyDirVolumes.<name>.mountPath Text /tmp/work Mount path in the container
emptyDirVolumes.<name>.medium Text Memory "" (disk) or Memory (RAM-based tmpfs)
emptyDirVolumes.<name>.sizeLimit Text 512Mi Size cap; unlimited when omitted