Appian Platform (CS) Helm Chart

A Helm chart for deploying the Appian platform on Kubernetes. This Helm chart is supplied by Appian Customer Success via the Appian App Market.

This chart deploys a custom resource of type appian that is managed by the Appian Operator.

Introduction

This chart facilitates the deployment of Appian sites through templated support for common options while baking-in best practice configurations.

Prerequisites

The Config Generator tool from Appian Kubernetes Utilities, available from the Appian App Market, can help you prepare these prerequisites.

Usage

Review templated custom resource specification

Want to see what custom resource specification your values file would produce? You can preview your Appian custom resource manifest by preparing your values file and running the following:


helm template -f values.yaml appian-platform-cs-$CHART_VERSION.tgz > appian-site.yaml

Note: You need to substitute the placeholder CHART_VERSION with the version of chart you are using. A YAML file that specifies the values for the parameters must be provided (e.g. values.yaml).

Or if you have already deployed the chart to your Helm repository:


xxxxxxxxxx
helm template -f values.yaml oci://$REGISTRY_NAME/$REPOSITORY_NAME/appian-platform-cs --version $CHART_VERSION > appian-site.yaml

Note: You need to substitute the placeholders REGISTRY_NAME and REPOSITORY_NAME with a reference to your Helm chart registry and repository. A YAML file that specifies the values for the parameters must be provided (e.g. values.yaml).

Deploying or restarting the Appian site (Installing the chart)

To install the chart with the release name $SITE_NAME:


xxxxxxxxxx
helm install $SITE_NAME --namespace appian -f values.yaml --wait oci://$REGISTRY_NAME/$REPOSITORY_NAME/appian-platform-cs --version $CHART_VERSION

Note: You need to substitute the placeholders REGISTRY_NAME and REPOSITORY_NAME with a reference to your Helm chart registry and repository. A YAML file that specifies the values for the parameters must be provided (e.g. values.yaml) while installing the chart.

Stopping the Appian site (Deleting the chart)

To stop the Appian site with the release name $SITE_NAME:


xxxxxxxxxx
helm uninstall $SITE_NAME --namespace appian

This will not delete the Persistent Volume Claims nor the associated RDBMS and as such leaves the site's data in place ready for when the site is next started again.

Upgrading or hotfixing the Appian site

To upgrade the Appian site to a new major version, or to hoftix the site with newer container images for the same major version:

Stop the Appian site (Ensure the site stops cleanly with all checkpoints completed).
Update the value of url in your values file to reference your new target version
Start the Appian site

Ensure you check the operator release notes and platform release notes before upgrading an Appian site and provision the relevant container images and Operator Helm chart in your container registry.

Upgrading this Helm chart

To upgrade to a later version of this Helm chart, ensure you check the Release Notes for any changes. Before upgrading, use the helm template command to compare the output generated by the new version of the chart with your existing configuration.

Example values files

This section provides some sample values files illustrating certain configuration options.

Note: These few examples are not exhaustive and do not represent all possible configurations.

Example 1 - Non-HA, MariaDB, AWS Load Balancer

Spec overview:

Non-HA
class "small"
MariaDB primary data source
AWS Load Balancer ingress, with SSL configured via an AWS certificate
Container registry authenticated via images.pullSecrets


xxxxxxxxxx
siteName: company-proj-dev
version: "24.3.100.0"
url: https://proj-dev.company.com
staticUrl: https://proj-dev.company-static.com
dynamicUrl: https://proj-dev.company-dynamic.com
class: small
# Non-HA
highAvailability: false
passwordsPropertiesSecretName: "passwords-properties"
license:
  k3SecretName: "k3lic"
  k4SecretName: "k4lic"
  appianConfigMapName: "appian-lic"
storage:
  rwoStorageClassName: "my-ebs-sc"
  sharedLogsPvc: "appian-shared-logs-pvc"
images:
  pullSecrets:
    - regcred
  appian:
    repository: "my.container.registry.com/appian"
  minimal:
    repository: alpine
    tag: "3.18.0"
smtp:
  senderAddress: "my_from_address@my_domain.com"
  senderDomain: "my_domain.com"
  host: "my.smtp.server.smtp.com"
  auth: true
  user: "my_user_name"
  protocol: "smtp"
  starttlsEnabled: false
  starttlsRequired: false
dataSources:
  # MariaDB primary data source
  primary:
    name: jdbc/AppianPrimary
    dbType: mariadb
    dbServerAndPort: my.database.server.com:3306
    schemaName: "appian_primary"
    usernameSecretKeyRef:
      name: "appian-primary-ds"
      key: "username"
    passwordSecretKeyRef:
      name: "appian-primary-ds"
      key: "password"
ingressTemplate:
  # AWS Load Balancer ingress
  name: alb
  # SSL configured via an AWS certificate
  certificateReference: "my-cert-arn"

Example 2 - HA, MySQL, NGINX

Spec overview:

HA
class "medium"
MySQL primary and one business data source
NGINX ingress, with SSL configured via TLS field
Node selector targeting dedicated Appian node group
Kafka storage size (set by class template) overridden
Data Service class upscaled to "large"
Self-managed monitoring metrics API enabled


xxxxxxxxxx
siteName: company-proj-dev
version: "24.3.100.0"
url: https://proj-dev.company.com
staticUrl: https://proj-dev.company-static.com
dynamicUrl: https://proj-dev.company-dynamic.com
class: medium
# HA
highAvailability: true
passwordsPropertiesSecretName: "passwords-properties"
# Self-Managed Monitoring Metrics API
metricsAuthToken: "bW9uaXRvcmluZw=="
# Node selector targeting dedicated Appian node group
nodeSelector:
  my-node-group-label-key: my-node-group-label-value
license:
  k3SecretName: "k3lic"
  k4SecretName: "k4lic"
  appianConfigMapName: "appian-lic"
storage:
  rwoStorageClassName: "my-rwo-sc"
  sharedLogsPvc: "appian-shared-logs-pvc"
  haSharedDataPvc: "appian-shared-data-pvc"
images:
  appian:
    repository: "my.container.registry.com/appian"
  minimal:
    repository: alpine
    tag: "3.18.0"
smtp:
  senderAddress: "my_from_address@my_domain.com"
  senderDomain: "my_domain.com"
  host: "my.smtp.server.smtp.com"
  auth: true
  user: "my_user_name"
  protocol: "smtp"
  starttlsEnabled: false
  starttlsRequired: false
dataSources:
  # MySQL primary
  primary:
    name: jdbc/AppianPrimary
    dbType: mysql
    dbServerAndPort: my.database.server.com:3306
    schemaName: "appian_primary"
    usernameSecretKeyRef:
      name: "appian-primary-ds"
      key: "username"
    passwordSecretKeyRef:
      name: "password-secret-appian-primary-ds"
      key: "password"
  # one business data source
  business:
    - name: jdbc/Appian
      dbType: mysql
      dbServerAndPort: my.database.server.com:3306
      schemaName: "appian"
      usernameSecretKeyRef:
    name: "appian-business-ds"
        key: "username"
      passwordSecretKeyRef:
        name: "appian-business-ds"
        key: "password"
ingressTemplate:
  # NGINX ingress
  name: nginx
  # SSL configured via TLS field
  tls:
    - hosts:
        - proj-dev.company.com
        - proj-dev.company-static.com
        - proj-dev.company-dynamic.com
      secretName: appian-ingress-tls-secret
# Kafka storage size (set by class template) overridden
kafka:
  storageSize: "60Gi"
dataServer:
  class: "large"

Limitations

A number of fields in the Custom Resource are immutable. These must not be modified for a running site, so any Helm upgrades to the chart must avoid changing these values. To be able to change these immutable fields, the Appian site needs to be stopped (by deleting the chart) and restarted (by installing the chart with updated values).

As version is one of these immutable fields, Appian hotfixes and major version upgrades cannot be applied using helm upgrade and require the site to be stopped and restarted as above.

T-Shirt Sizing

This Helm chart uses a class parameter to apply default values for a range of size- and scaling-related parameters, which can then be fine-tuned using component-level overrides. An appropriate t-shirt size should be chosen as a starting configuration. Performance testing should be used to determine whether to change class or, alternatively, to override certain parameters set by class templates.

For example, a site with higher process throughput may require larger Kafka storage and additional resources for just the execution engines - which can be achieved by overriding just those parameters, while all other relevant parameters are left as set by the chosen class.

The table below provides very rough guidelines for each class, including the expected resources required to run each size.

Class	Purpose	Resources Required (Non-HA)	Resources Required (HA)
`x-small`	Development or Single Application	8 CPU / 64 GB RAM 115 GB RWO 100 GB RWX (Logs)	CPU / RAM x3 186 GB RWO 200 GB RWX (Logs) / 100 GB RWX (Data)
`small`	Development or Single Application	16 CPU / 128 GB RAM 115 GB RWO 100 GB RWX (Logs)	CPU / RAM x3 186 GB RWO 200 GB RWX (Logs) / 100 GB RWX (Data)
`medium`	Departmental adoption	24 CPU / 192 GB RAM 150 GB RWO 150 GB RWX (Logs)	CPU / RAM x3 291 GB RWO 300 GB RWX (Logs) / 200 GB RWX (Data)
`large`	Enterprise adoption	48 CPU / 384 GB RAM 210 GB RWO 200 GB (Logs)	CPU / RAM x3 342 GB RWO 400 GB RWX (Logs) / 300 GB RWX (Data)
`x-large`	Enterprise adoption	64 CPU / 512 GB RAM 210 GB RWO 200 GB (Logs)	CPU / RAM x3 342 GB RWO 400 GB RWX (Logs) / 300 GB RWX (Data)

Assumes 3 Exec/Analytics shards without RPA or AI. Initial sizing only. Performance testing / observation and resource request / compute right-sizing is required.

Parameters

General parameters

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`siteName`	string	`""`	Appian site name. Must match the wildcard pattern of the licenses provided. See request licenses. This field is immutable.	true	`metadata.name`
`version`	string	`""`	The Low-Code Platform (LCP) version. This field will be required in a future release. This field is immutable.	true	`spec.version`
`url`	string	`""`	The scheme, host, and, optionally, port used to access Appian (e.g. `https://appian.example.com`, `http://appian.example.com:32767`, etc). For sites with a single Webapp replica, updating this field requires restarting Webapp's pod.	true	`spec.url`
`staticUrl`	string	`""`	The scheme, host, and, optionally, port for Appian's static content URL (e.g. `https://appian.example-static.com`, `http://appian.example-static.com:32767`, etc). The scheme must be the same as that defined in `spec.url`. Must use a different domain from `spec.url` and `dynamicUrl`. For sites with a single Webapp replica, updating this field requires restarting Webapp's pod. See Configure Your Static and Dynamic Content URLs for more info.	false	`spec.webapp.staticUrl`
`dynamicUrl`	string	`""`	The scheme, host, and, optionally, port for Appian's dynamic content URL (e.g. `https://appian.example-dynamic.com`, `http://appian.example-dynamic.com:32767`, etc). The scheme must be the same as that defined in `spec.url`. Must use a different domain from `spec.url` and `staticUrl`. For sites with a single Webapp replica, updating this field requires restarting Webapp's pod. See Configure Your Static and Dynamic Content URLs for more info.	false	`spec.webapp.dynamicUrl`
`class`	enum	`""`	One of `"x-small", "small"`, `"medium"`, `"large", "x-large"`. Changing `class` after an initial deployment will not automatically affect all sizings driven by it (e.g. disk volume sizes will not change). This field is immutable. See class.	true	Multiple fields across all components.
`enableCpuLimits`	bool	`false`	Determines whether to apply CPU limits to pods. By default, no CPU limits are set. Setting this field to `true` will apply the class's defaults for each pod type, unless overridden by `defaultCpuLimits` or `[component].resources.limits.cpu`. When CPU limits are enabled (when `enableCpuLimits: true`), the order of precedence for each component is 1. Component-level CPU limits override, 2. Global `defaultCpuLimits`, 3. Class CPU limits.	false	`spec.[component]` `.resources.limits.cpu`
`defaultCpuLimits`	int or string	`nil`	Default CPU limits to set if not disabling CPU limits and not using the built-in class's CPU limits. Only applied if `enableCpuLimits: true`. Can be overridden for a specific component by setting `[component].resources.limits.cpu`.	false	`spec.[component]` `.resources.limits.cpu`
`enableResourceRequests`	bool	`true`	When set to `false` this sets CPU and Memory resource requests to `0` for each component. Overrides all other configurations for these fields. Only used when running on small, dedicated worker nodes. Must be used in conjunction with `nodeSelector` (see T-Shirt Sizing).	false	`spec.[component]` `.resources.requests.cpu` `spec.[component]` `.resources.requests.memory`
`highAvailability`	bool	`false`	Determines whether the environment will be deployed in a High Availability (HA) configuration. Changing `highAvailability` after an initial deployment will not automatically change the topology of the site. This field is immutable.	false	Multiple fields across all components.
`passwordsPropertiesSecretName`	string	`""`	Name of an existing secret containing Appian's `passwords.properties` file. If using an authenticated SMTP server, the file should contain `conf.password.SMTP=$YOUR_SMTP_PASSWORD_HERE` For sites with a single Webapp replica, updating this field requires restarting Webapp's pod.	false Required when `smtp.auth` is `true`.	`spec.webapp` `.passwordsPropertiesSecretName`
`metricsAuthToken`	string	`""`	Base64 encoded password for authenticating to the Appian self-managed monitoring metrics API. Setting this field automatically sets two custom properties: `metricsauthtoken` (to this value) and `appian.feature.selfManagedMonitoring` (to `true`). See Self-Managed Monitoring for details of this solution.	false	`spec.customProperties`
`additionalCustomProperties`	object	`{}`	Additional custom properties in addition to those set by the chart automatically. See Custom Properties for more info. Note: Do not set any custom properties here that are set by this chart by default. Doing so will result in duplicate entries for that property under `spec.customProperties`.	false	`spec.customProperties`
`nodeSelector`	object	`{}`	A selector which must be true for the components' pod(s) to fit on a node. See nodeSelector for more info. Can be overridden for a specific component by setting `[component].nodeSelector`.	false	`spec.[component]` `.nodeSelector`
`securityContext`	object	`{}`	Container-level security context applied to all components. Passthrough to `corev1.SecurityContext`. See securityContext for more info. Can be overridden for a specific component by setting `[component].securityContext`.	false	`spec.[component]` `.securityContext`
`podSecurityContext`	object	`{}`	Pod-level security context applied to all components. Passthrough to `corev1.PodSecurityContext`. Requires Appian Operator v0.200.0+. Can be overridden for a specific component by setting `[component].podSecurityContext`.	false	`spec.[component]` `.podSecurityContext`
`rbac`	object	`{}`	Configuration for creating RBAC resources.	false	`spec.rbac`
`networkPolicies`	object	`{}`	Configuration for creating network policy resources.	false	`spec.networkPolicies`
`additionalLabels`	object	`{}`	Additional labels for created objects - including pods. For stateful components with a single replica, updating this field requires restarting the component's pod.	false	`spec.additionalLabels`
`cascadeVersionToComponentTags`	bool	`false`	Whether to set `[component].image.tag` to the value of `version`. Only required if using the Appian Migration Tool, which enforces that `{component}.image.tag` is present.	false	`spec.[component].image.tag`

License parameters

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`license.k3SecretName`	string	`"k3lic"`	Name of the existing secret containing the `k3.lic` file. Defaults to `k3lic`. For sites with a single replica of service-manager, updating this field requires restarting all service-manager pods.	true	`spec.k3LicSecretName`
`license.k4SecretName`	string	`"k4lic"`	Name of the existing secret containing the `k4.lic` file. Defaults to `k4lic`. For sites with a single Data Service replica, updating this field requires restarting Data Service's pod.	true	`spec.k4LicSecretName`
`appianConfigMapName`	string	`"appian-lic"`	Name of the existing config map containing the `appian.lic` file.	true	`spec.appianLicConfigMapName`

Storage parameters

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`storage.rwoStorageClassName`	string	`""`	Name of an existing Storage Class for provisioning ReadWriteOnce (RWO) storage for the Appian stateful pods. Changing `rwoStorageClassName` after an initial deployment will not automatically change the storage class of the provisioned RWO volumes.	true	`spec.[component]` `.volumeClaimTemplateSpec.storageClassName`
`storage.sharedLogsPvc`	string	`""`	Name of an existing ReadWriteMany (RWX) persistent volume claim to be used for Appian shared logs (aka Health Check) storage. Must differ from `haSharedDataPvc`. This field is immutable. See Persistent Volumes for more info.	false [Not required but strongly recommended for all environments]	`spec.webapp.healthCheckExistingClaim`
`storage.haSharedDataPvc`	string	`""`	Name of an existing ReadWriteMany (RWX) persistent volume claim to be used for shared data. Must differ from `sharedLogsPvc`. Required for HA environments. For non-HA environments that may be converted to HA in future, setting this field from the start (in addition to `storage.sharedLogsPvc`) makes it easier to convert the environment. This field cannot be set after initial creation of an environment without manual data copy operations! This field is immutable. See Persistent Volumes for more info.	false Required when `highAvailability` is `true`.	`spec.webapp.haExistingClaim`, `spec.serviceManager.haExistingClaim`

Images parameters

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`images.pullSecrets`	list	`[]`	Names of existing image pull secrets. See Pull an Image from a Private Registry for more info.	false	`spec.imagePullSecrets`
`images.appian.repository`	string	`""`	The URL to which `/[component]` can be added to reference each of the Appian component container images (e.g. `my.container.registry.com/appian`)	true	`spec.[component]` `.image.repository`
`images.minimal.repository`	string	`busybox`	The path to the minimal container image to use where required. This should be the full image path (e.g. `my.container.registry.com/alpine` or `busybox`). Required if not disabling the built-in Search Server init container (via `searchServer.setVmMaxMapCount: false`).	false	Any init containers configured by the chart (e.g. Search Server vm max map count init container)
`images.minimal.tag`	string	`""`	The tag to use for the minimal image. Required if not disabling the built-in Search Server init container (via `searchServer.setVmMaxMapCount: false`).	false	Any init containers configured by the chart (e.g. Search Server vm max map count init container)

SMTP parameters

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`smtp.senderAddress`	string	`""`	The address that will appear as the sender (the "From" address) of notification and password reset emails from the system	false	`spec.customProperties`
`smtp.senderDomain`	string	`""`	The domain (portion after the "@") for the "from" email address for addresses created via expressions functions; also applies to the domain for alert emails when the custom property `conf.mailhandler.ntf_sndr_addr` is not set	false	`spec.customProperties`
`smtp.host`	string	`""`	The host is the FQDN, hostname, or IP address of the SMTP server for sending email from the system. Muliple SMTP servers can be specified using a comma-separated list. They will be tried in the order specified. If a port other than 25 is required, append it to the hostname (e.g. `mailhost3:9025`). If this is not set, no email will be sent from the system. The Helm chart will not add SMTP-related custom properties if `smtp.host` is not set.	false	`spec.customProperties`
`smtp.auth`	bool	`false`	Set to `true` if user/password authentication to the SMTP server is used. Leave the default (`false`) to indicate that the SMTP server does not require authentication. If multiple SMTP servers are defined above, the same auth settings will apply to all servers	false	`spec.customProperties`
`smtp.user`	string	`""`	The username used to connect to the SMTP server	false	`spec.customProperties`
`smtp.protocol`	string	`"smtp"`	The protocol should be set to either `smtp` or `smtps`.	false	`spec.customProperties`
`smtp.starttlsEnabled`	string	`""`	You can enable or require STARTTLS with the `smtp` protocol. Setting `smtp.starttlsEnabled` to `true` will cause outgoing mail to use STARTTLS if supported by the remote server, but will fall back to plain smtp otherwise	false	`spec.customProperties`
`smtp.starttlsRequired`	string	`""`	Setting `smtp.starttlsRequired` to `true` will cause mail to fail if the remote server does not support STARTTLS	false	`spec.customProperties`

Data Sources parameters

The datasources field allows primary and business data sources to be configured with ease via built-in templates for each supported RDBMS.

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`dataSources.primary`	Data Source Template object	`{}`	The data source for the Appian primary database. See Data Source Template parameters. Ignored if `webapp.dataSources` is provided!	true	`spec.webapp` `.dataSources.primary`
`dataSources.business`	Data Source Template list	`[]`	Optional business data sources. List of Data Source Template. Ignored if `webapp.dataSources` is provided!	false	`spec.webapp` `.dataSources.primary`

Data Source Template parameters

The following parameters are available for dataSources.primary and for each item in the list dataSources.business. The chart's Data Source Templates make it simpler to apply the correct configurations for each data source with fewer, simpler parameters to be configured.

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`name`	string	`""`	The JNDI name for the data source (e.g. `jdbc/AppianPrimary`).	true	`spec.webapp.dataSources` `.[primary/business.[]].name`
`dbType`	string	`""`	One of `"mariadb"`, `"mysql"`, `"mysql-aurora"`, `"oracle"`, `"mssql"`, `"postgresql"`, `"postgresql-aurora"`, `"db2"`.	true	`spec.webapp.dataSources` `.[primary/business.[]].driverClassName` `spec.webapp.dataSources` `.[primary/business.[]].url`
`dbServerAndPort`	string	`""`	The server and port for the target database (e.g. `my.database.com:3306`).	true	`spec.webapp.dataSources` `.[primary/business.[]].url` or `spec.webapp.dataSources` `.[primary/business.[]].url`
`schemaName`	string	`""`	The schema name for the target database. For Oracle this is the service name. For MS SQL this is the database name. E.g. `appian_primary`	true	`spec.webapp.dataSources` `.[primary/business.[]].url` or `spec.webapp.dataSources` `.[primary/business.[]].url`
`urlParameters`	string	`""`	A string of appropriately separated connection string query parameters. For MySQL and MariaDB do not include `useOldAliasMetadataBehavior` (this is prepended by the chart). For MSSQL do not include `databaseName` or `socketTimeout` (these are prepended by the chart). Do not include leading `?`, `;` or `&` at the start.	false	`spec.webapp.dataSources` `.[primary/business.[]].url` or `spec.webapp.dataSources` `.[primary/business.[]].url`
`usernameSecretKeyRef.name`	string	`""`	Name of an existing secret holding the username used to connect to the data source (e.g. `appian-primary-ds`).	true	`spec.webapp.dataSources` `.[primary/business.[]].usernameSecretKeyRef.name`
`usernameSecretKeyRef.key`	string	`""`	Key within the existing secret `dataSources.primary.usernameSecretKeyRef.name` holding the username used to connect to the data source (e.g. `username`).	true	`spec.webapp.dataSources` `.[primary/business.[]].usernameSecretKeyRef.key`
`passwordSecretKeyRef.name`	string	`""`	Name of an existing secret holding the password used to connect to the data source (e.g. `appian-primary-ds`).	true	`spec.webapp.dataSources` `.[primary/business.[]].passwordSecretKeyRef.name`
`passwordSecretKeyRef.key`	string	`""`	Key within the existing secret `dataSources.primary.passwordSecretKeyRef.name` holding the password used to connect to the data source (e.g. `password`).	true	`spec.webapp.dataSources` `.[primary/business.[]].passwordSecretKeyRef.key`
`attributes`	object	`{}`	Optionally replaces the default set of attributes in `spec.webapp.dataSources.[primary/business.[]].attributes`. If not provided, the chart applies the default set of attributes as defined in Configuring Relational Databases.	false	`spec.webapp.dataSources` `.[primary/business.[]].attributes`

Ingress Template parameters

The ingressTemplate field allows an ingress to be configured with ease via built-in templates for 4 popular ingress controllers: NGINX Ingress Controller, AWS Load Balancer Controller, Azure Application Gateway Ingress Controller (AGIC) and OpenShift Default ingress controller. These templates apply standard annotations required for each ingress class.

If you are using another ingress controller, configure this using Ingress instead.

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`ingressTemplate.name`	string	`""`	One of `"nginx"`, `"alb"`, `"agic"`, `"openshift-default"`. The ingress template to apply.	true	`spec.ingress.ingressClassName`
`ingressTemplate` `.certificateReference`	string	`""`	For `alb`, this is the `certificate-arn`. For `agic` this is `appgw-ssl-certificate`	false	`spec.ingress.annotations`
`ingressTemplate` `.additionalAnnotations`	object	`{}`	Annotations to configure in addition to those deployed by the chosen ingress template.	false	`spec.ingress.annotations`
`ingressTemplate` `.tls`	list	`[]`	Configuration for TLS. Not necessary if using `ingressTemplate.certificateReference` for `alb` or `agic`. See TLS for more info.	false	`spec.ingress.tls`
`ingressTemplate` `.hostname`	string	`""`	The hostname used to create the ingress. Useful if you'd like ingress to use an internal hostname different from that used to access Appian. Defaults to the hostname defined in `url`.	false	`spec.ingress.hostname`
`ingressTemplate` `.staticHostname`	string	`""`	The hostname for Appian's static content URL used to create the ingress. Useful if you'd like ingress to use an internal hostname different from that used to access Appian. Defaults to the hostname defined in `staticUrl`.	false	`spec.ingress.staticHostname`
`ingressTemplate` `.dynamicHostname`	string	`""`	The hostname for Appian's dynamic content URL used to create the ingress. Useful if you'd like ingress to use an internal hostname different from that used to access Appian. Defaults to the hostname defined in `dynamicUrl`.	false	`spec.ingress.dynamicHostname`
`ingressTemplate` `.healthcheck.intervalSeconds`	string	`""`	Override ingress template value if chosen template applies this value.	false	`spec.ingress.annotations`
`ingressTemplate` `.healthcheck.path`	string	`""`	Override ingress template value if chosen template applies this value.	false	`spec.ingress.annotations`
`ingressTemplate` `.healthcheck.port`	string	`""`	Override ingress template value if chosen template applies this value.	false	`spec.ingress.annotations`
`ingressTemplate` `.healthcheck.protocol`	string	`""`	Override ingress template value if chosen template applies this value.	false	`spec.ingress.annotations`
`ingressTemplate` `.healthcheck.timeoutSeconds`	string	`""`	Override ingress template value if chosen template applies this value.	false	`spec.ingress.annotations`
`ingressTemplate` `.healthcheck.healthyThresholdCount`	string	`""`	Override ingress template value if chosen template applies this value.	false	`spec.ingress.annotations`
`ingressTemplate` `.healthcheck.unhealthyThresholdCount`	string	`""`	Override ingress template value if chosen template applies this value.	false	`spec.ingress.annotations`
`ingressTemplate` `.listenPorts`	string	`""`	Override ingress template value if chosen template applies this value.	false	`spec.ingress.annotations`
`ingressTemplate` `.loadBalancerName`	string	`""`	Override ingress template value if chosen template applies this value.	false	`spec.ingress.annotations`
`ingressTemplate` `.scheme`	string	`""`	Override ingress template value if chosen template applies this value.	false	`spec.ingress.annotations`
`ingressTemplate` `.usePrivateIp`	string	`""`	Override ingress template value if chosen template applies this value.	false	`spec.ingress.annotations`
`ingressTemplate` `.trustedRootCertificate`	string	`""`	Override ingress template value if chosen template applies this value.	false	`spec.ingress.annotations`
`ingressTemplate` `.successCodes`	string	`""`	Override ingress template value if chosen template applies this value.	false	`spec.ingress.annotations`
`ingressTemplate` `.targetType`	string	`""`	Override ingress template value if chosen template applies this value.	false	`spec.ingress.annotations`
`ingressTemplate` `.requestTimeout`	string	`""`	Override ingress template value if chosen template applies this value.	false	`spec.ingress.annotations`

Replication parameters

The replication parameters enable a site to be configured for Kafka real-time transaction replication via MirrorMaker for Kafka mirroring. The site can be configured either as a replication source or destination using these parameters.

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`replication.mirrorMaker.mode`	string	`""`	One of `source`, `destination`. Setting `replication.mirrorMaker.mode` to `source` configures this site's Kafka component to expose listeners for a destination site to replicate transactions. Setting `replication.mirrorMaker.mode` to `destination` configures this site's MirrorMaker component to deploy the site in replication mode.	false	`spec.kafka` (when `replication.mirrorMaker.mode` is `source`) `spec.mirrorMaker` (when `replication.mirrorMaker.mode` is `destination`)
`replication.mirrorMaker.listeners`	list	`[]`	List of externally addressable Kafka hosts in the source site, used by MirrorMaker in the destination site. The order of the listeners must match the order of Kafka's pods.	false Required when `replication.mirrorMaker.mode` is set.	`spec.kafka.mirrorMakerListeners` (when `replication.mirrorMaker.mode` is `source`) `spec.mirrorMaker.sourceBrokers` (when `replication.mirrorMaker.mode` is `destination`)

Per-Component overrides and additional parameters

Overrides for fields set automatically based on general parameters (e.g. via class) and additional optional parameters can be specified at component-level.

Zookeeper

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`zookeeper.minHeap`	string	`""`	Override the environment variable `ZK_HEAP_MIN` set by `class`.	false	`spec.zookeeper.env`
`zookeeper.maxHeap`	string	`""`	Override the environment variable `ZK_HEAP_MAX` set by `class`.	false	`spec.zookeeper.env`
`zookeeper.storageSize`	string	`""`	Override the size of the component's RWO volumes set by `class`. Changing this value after an initial deployment will not automatically resize the volumes. This field is immutable.	false	`spec.zookeeper` `.volumeClaimTemplateSpec.resources` `.requests.storage`
`zookeeper.resources.requests.cpu`	int or string	`""`	Override the component's CPU requests set by `class`.	false	`spec.zookeeper` `.resources.requests.cpu`
`zookeeper.resources.limits.cpu`	int or string	`""`	Override the component's CPU limits set by `class`.	false	`spec.zookeeper` `.resources.limits.cpu`
`zookeeper.resources.requests.memory`	int or string	`""`	Override the component's memory requests set by `class`.	false	`spec.zookeeper` `.resources.requests.memory`
`zookeeper.resources.limits.memory`	int or string	`""`	Override the component's memory limits set by `class`.	false	`spec.zookeeper` `.resources.limits.memory`
Common Additional Parameters			(Members of Common Additional Parameters are embedded into this type)

Kafka

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`kafka.minHeap`	string	`""`	Override the environment variable `KAFKA_HEAP_MIN` set by `class`.	false	`spec.kafka.env`
`kafka.maxHeap`	string	`""`	Override the environment variable `KAFKA_HEAP_MAX` set by `class`.	false	`spec.kafka.env`
`kafka.storageSize`	string	`""`	Override the size of the component's RWO volumes set by `class`. Changing this value after an initial deployment will not automatically resize the volumes. This field is immutable.	false	`spec.kafka` `.volumeClaimTemplateSpec.resources` `.requests.storage`
`kafka.resources.requests.cpu`	int or string	`""`	Override the component's CPU requests set by `class`.	false	`spec.kafka` `.resources.requests.cpu`
`kafka.resources.limits.cpu`	int or string	`""`	Override the component's CPU limits set by `class`.	false	`spec.kafka` `.resources.limits.cpu`
`kafka.resources.requests.memory`	int or string	`""`	Override the component's memory requests set by `class`.	false	`spec.kafka` `.resources.requests.memory`
`kafka.resources.limits.memory`	int or string	`""`	Override the component's memory limits set by `class`.	false	`spec.kafka` `.resources.limits.memory`
Common Additional Parameters			(Members of Common Additional Parameters are embedded into this type)

Search Server

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`searchServer.heap`	string	`""`	Override the environment variable `SS_HEAP` set by `class`.	false	`spec.searchServer.env`
`searchServer.storageSize`	string	`""`	Override the size of the component's RWO volumes set by `class`. Changing this value after an initial deployment will not automatically resize the volumes. This field is immutable.	false	`spec.searchServer` `.volumeClaimTemplateSpec.resources` `.requests.storage`
`searchServer.resources.requests.cpu`	int or string	`""`	Override the component's CPU requests set by `class`.	false	`spec.searchServer` `.resources.requests.cpu`
`searchServer.resources.limits.cpu`	int or string	`""`	Override the component's CPU limits set by `class`.	false	`spec.searchServer` `.resources.limits.cpu`
`searchServer.resources.requests.memory`	int or string	`""`	Override the component's memory requests set by `class`.	false	`spec.searchServer` `.resources.requests.memory`
`searchServer.resources.limits.memory`	int or string	`""`	Override the component's memory limits set by `class`.	false	`spec.searchServer` `.resources.limits.memory`
`searchServer.setVmMaxMapCount`	boolean	`true`	Deploys a privileged init container to set the worker node kernel's vm.max_map_count value to the required setting.	false	`spec.searchServer.initContainers`
`additionalInitContainers`	list	`[]`	A list of initialization containers belonging to the component to deploy in addition to the default init container configured by the chart for the Search Server kernel setting. For stateful components with a single replica, updating this field requires restarting the component's pod. See Init Containers for more info.	false	`spec.[component].initContainers`
Common Additional Parameters			(Members of Common Additional Parameters are embedded into this type)

Data Service

Note that the Data Service object is called dataServer in the Appian CRD.

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`dataServer.class`	enum	`""`	One of `"x-small", "small"`, `"medium"`, `"large", "x-large"`. Overrides the value of `class` only for the Data Service component. Used to scale Data Service independently of other platform components (for example for sites with higher or lower Data Fabric usage). Changing `dataServer.class` after an initial deployment will not automatically affect all sizings driven by it (e.g. disk volume sizes will not change). This field is immutable. See T-Shirt Sizes.	false	Multiple fields across all components.
`dataServer.rts.count`	int	`nil`	Override the RTS count set by `class`. Updating this field requires restarting both Data Service's and Webapp's pods. See Real-time Store and Configuring the Data Service for more info.	false	`spec.dataServer.topology.rtsCount`
`dataServer.rts` `.threads`	int	`nil`	Override the value of the custom property `ads.adb.systemConfig__.rts.threads`. This property is automatically defaulted in line with the chosen class's default RTS count. Only use this field to override the built-in default. See Configuring the real-time store for guidance.	false	`spec.customProperties` `.ads.adb.systemConfig__.rts.threads`
`dataServer.rts` `.memoryLimit`	string	`""`	Override the value of the custom property `ads.adb.systemConfig__.rts.memory_limit`. This property is automatically defaulted in line with the chosen class's default RTS count. Only use this field to override the built-in default. See Configuring the real-time store for guidance.	false	`spec.customProperties` `.ads.adb.systemConfig__.rts.memory_limit`
`dataServer.storageSize`	string	`""`	Override the size of the component's RWO volumes set by `class`. Changing this value after an initial deployment will not automatically resize the volumes. This field is immutable.	false	`spec.dataServer` `.volumeClaimTemplateSpec.resources` `.requests.storage`
`dataServer.resources.requests.cpu`	int or string	`""`	Override the component's CPU requests set by `class`.	false	`spec.dataServer` `.resources.requests.cpu`
`dataServer.resources.limits.cpu`	int or string	`""`	Override the component's CPU limits set by `class`.	false	`spec.dataServer` `.resources.limits.cpu`
`dataServer.resources.requests.memory`	int or string	`""`	Override the component's memory requests set by `class`.	false	`spec.dataServer` `.resources.requests.memory`
`dataServer.resources.limits.memory`	int or string	`""`	Override the component's memory limits set by `class`.	false	`spec.dataServer` `.resources.limits.memory`
Common Additional Parameters			(Members of Common Additional Parameters are embedded into this type)

Service Manager

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`serviceManager.replicas`	int	`nil`	Override the number of replicas for service manager set by `highAvailability`. Defaults to `1` for non-high availability and `3` for high availability. Updating this field is disallowed both before Appian has started and when `highAvailability` is not `true`.	false	`spec.serviceManager.replicas`
`serviceManager.komodoDirectMemMax`	string	`""`	Override the environment variable `KOMODO_DIRECT_MEM_MAX` set by `class`.	false	`spec.serviceManager.env`
`serviceManager.komodoHeapMax`	string	`""`	Override the environment variable `KOMODO_HEAP_MAX` set by `class`.	false	`spec.serviceManager.env`
`serviceManager.maxExecEngineLoadMetric`	int	`120`	Override the value of the custom property `server.conf.processcommon.MAX_EXEC_ENGINE_LOAD_METRIC`. This property is defaulted to `120`.	false	`spec.customProperties` `.server.conf.processcommon.MAX_EXEC_ENGINE_LOAD_METRIC`
`serviceManager.storageSize`	string	`""`	Override the size of the component's RWO volumes set by `class`. Changing this value after an initial deployment will not automatically resize the volumes. This field is immutable.	false	`spec.serviceManager` `.volumeClaimTemplateSpec.resources` `.requests.storage`
`serviceManager.analyticsExecShardCount`	int	`3`	Override the number of shards of the process analytics and process execution engines. This field is immutable. See Add Execution and Analytics Shards for more info.	false	`spec.serviceManager` `.topology.analyticsExecShardCount`
`serviceManager.exec.resources.requests.cpu`	int or string	`""`	Override the execution engines' CPU requests set by `class`.	false	`spec.serviceManager` `.engineOverrides.execution` `.resources.requests.cpu`
`serviceManager.exec.resources.limits.cpu`	int or string	`""`	Override the execution engines' CPU limits set by `class`.	false	`spec.serviceManager` `.engineOverrides.execution` `.resources.requests.cpu`
`serviceManager.exec.resources.requests.memory`	int or string	`""`	Override the execution engines' memory requests set by `class`.	false	`spec.serviceManager` `.engineOverrides.execution` `.resources.requests.memory`
`serviceManager.exec.resources.limits.memory`	int or string	`""`	Override the execution engines' memory limits set by `class`.	false	`spec.serviceManager` `.engineOverrides.execution` `.resources.limits.memory`
`serviceManager.analytics.resources.requests.cpu`	int or string	`""`	Override the analytics engines' CPU requests set by `class`.	false	`spec.serviceManager` `.engineOverrides.analytics` `.resources.requests.cpu`
`serviceManager.analytics.resources.limits.cpu`	int or string	`""`	Override the analytics engines' CPU limits set by `class`.	false	`spec.serviceManager` `.engineOverrides.analytics` `.resources.requests.cpu`
`serviceManager.analytics.resources.requests.memory`	int or string	`""`	Override the analytics engines' memory requests set by `class`.	false	`spec.serviceManager` `.engineOverrides.analytics` `.resources.requests.memory`
`serviceManager.analytics.resources.limits.memory`	int or string	`""`	Override the analytics engines' memory limits set by `class`.	false	`spec.serviceManager` `.engineOverrides.analytics` `.resources.limits.memory`
`serviceManager.tier2.resources.requests.cpu`	int or string	`""`	Override the CPU requests for the groups, collaboration and process design engines set by `class`.	false	`spec.serviceManager` `.engineOverrides.[groups\|content\|processDesign]` `.resources.requests.cpu`
`serviceManager.tier2.resources.limits.cpu`	int or string	`""`	Override the CPU limits for the groups, collaboration and process design engines set by `class`.	false	`spec.serviceManager` `.engineOverrides.[groups\|content\|processDesign]` `.resources.requests.cpu`
`serviceManager.tier2.resources.requests.memory`	int or string	`""`	Override the memory requests for the groups, collaboration and process design engines set by `class`.	false	`spec.serviceManager` `.engineOverrides.[groups\|content\|processDesign]` `.resources.requests.memory`
`serviceManager.tier2.resources.limits.memory`	int or string	`""`	Override the the memory limits for the groups, collaboration and process design engines set by `class`.	false	`spec.serviceManager` `.engineOverrides.[groups\|content\|processDesign]` `.resources.limits.memory`
`serviceManager.default.resources.requests.cpu`	int or string	`""`	Override the default CPU requests used by all other engines set by `class`.	false	`spec.serviceManager` `.resources.requests.cpu`
`serviceManager.default.resources.limits.cpu`	int or string	`""`	Override the default CPU limits used by all other engines set by `class`.	false	`spec.serviceManager` `.resources.limits.cpu`
`serviceManager.default.resources.requests.memory`	int or string	`""`	Override the default memory requests used by all other engines set by `class`.	false	`spec.serviceManager` `.resources.requests.memory`
`serviceManager.default.resources.limits.memory`	int or string	`""`	Override the the memory limits used by all other engines set by `class`.	false	`spec.serviceManager` `.resources.limits.memory`
`serviceManager.engineOverrides`	object	`{}`	Allows complete override of all per-engine configurations set by `class`. Used in the scenario where you require complete granular control over every engine type's CPU and memory configuration. To set the `engineOverrides` field for the first time, generate the CR spec without `engineOverrides` set using `helm template` and then use the output value of `engineOverrides` in the generated CR spec as the starting value for your Helm values `engineOverrides` field. This way, you start with the current engine-level configurations for your chosen class and can adjust them accordingly. See Engine Overrides for more info.	false	`spec.serviceManager.engineOverrides`
Common Additional Parameters			(Members of Common Additional Parameters are embedded into this type)

Webapp

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`webapp.replicas`	int	`nil`	Override the number of replicas for webapp set by `highAvailability`. When set, this field also sets the httpd component's replicas to match. Updating this field is disallowed both before Appian has started and when `highAvailability` is not `true`.	false	`spec.webapp.replicas` `spec.httpd.replicas`
`webapp.minHeap`	string	`""`	Set the custom property `conf.appserver.minHeapSize`.	false	`spec.customProperties`
`webapp.maxHeap`	string	`""`	Override the custom property `conf.appserver.maxHeapSize` set by `class`.	false	`spec.customProperties`
`webapp.autodeleteArchivesDelayDays`	string	`"30"`	Override the custom property `server.conf.processcommon.AUTODELETE_ARCHIVES_DELAY_DAYS` set automatically by the chart. This setting defines when archived processes will automatically be deleted, both from the Process Activity monitor view, and the .l files themselves.	false	`spec.customProperties`
`webapp.storageSize`	string	`""`	Override the size of the component's RWO volumes set by `class`. Changing this value after an initial deployment will not automatically resize the volumes. This field is immutable.	false	`spec.webapp` `.volumeClaimTemplateSpec.resources` `.requests.storage`
`webapp.resources.requests.cpu`	int or string	`""`	Override the component's CPU requests set by `class`.	false	`spec.webapp` `.resources.requests.cpu`
`webapp.resources.limits.cpu`	int or string	`""`	Override the component's CPU limits set by `class`.	false	`spec.webapp` `.resources.limits.cpu`
`webapp.resources.requests.memory`	int or string	`""`	Override the component's memory requests set by `class`.	false	`spec.webapp` `.resources.requests.memory`
`webapp.resources.limits.memory`	int or string	`""`	Override the component's memory limits set by `class`.	false	`spec.webapp` `.resources.limits.memory`
`webapp.dataSources`	object	`{}`	Override completely the webapp data source configuration set via templates by `dataSources.primary` and `dataSources.business`.	false	`spec.webapp.dataSources`
`webapp.additionalInitContainers`	list	`[]`	A list of initialization containers belonging to the component to deploy in addition to any default init containers configured by the chart. If no default init containers would be deployed, this field has the same effect as `webapp.initContainers`. For stateful components with a single replica, updating this field requires restarting the component's pod. See Init Containers for more info.	false	`spec.webapp.initContainers`
`webapp.customLoggers`	Custom Logger list	`[]`	A list of Custom Logger to be applied to webapp components. Implements the Customizing Application Logging pattern. If set, this chart deploys an additional ConfigMap `appian-log4j-override-properties` and mounts it to all webapp pods.	false	`spec.webapp.additionalVolumes` `spec.webapp.additionalVolumeMounts`
Common Additional Parameters			(Members of Common Additional Parameters are embedded into this type)

Httpd

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`httpd.replicas`	int	`nil`	Override the number of replicas for httpd set by `highAvailability` or `webapp.replicas`.	false	`spec.httpd.replicas`
`httpd.resources.requests.cpu`	int or string	`""`	Override the component's CPU requests set by `class`.	false	`spec.httpd` `.resources.requests.cpu`
`httpd.resources.limits.cpu`	int or string	`""`	Override the component's CPU limits set by `class`.	false	`spec.httpd` `.resources.limits.cpu`
`httpd.resources.requests.memory`	int or string	`""`	Override the component's memory requests set by `class`.	false	`spec.httpd` `.resources.requests.memory`
`httpd.resources.limits.memory`	int or string	`""`	Override the component's memory limits set by `class`.	false	`spec.httpd` `.resources.limits.memory`
Common Additional Parameters			(Members of Common Additional Parameters are embedded into this type)

MirrorMaker

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`mirrorMaker.resources`	object	`{}`	Compute resources required by the component's container(s). See Resource Management for Pods and Containers for more info.	false	`spec.mirrorMaker.resources`
`mirrorMaker.sourceBrokers`	list	`[]`	Override the value set by `replication.mirrorMaker.listeners`. List of hosts that point to the Kafka brokers in the source cluster. Updating this field requires restarting MirrorMaker's pod(s).	false	`spec.mirrorMaker.sourceBrokers`
`mirrorMaker.storageSize`	string	`""`	Override the size of the component's RWO volumes set by `class`. Changing this value after an initial deployment will not automatically resize the volumes. This field is immutable.	false	`spec.mirrorMaker` `.volumeClaimTemplateSpec.resources` `.requests.storage`
Common Additional Parameters			(Members of Common Additional Parameters are embedded into this type)

Common Additional Parameters

The following optional parameters can be specified for any component listed above.

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`[component].initContainers`	list	`[]`	A list of initialization containers belonging to the component. Initialization containers satisfy a variety of use cases - including supplying RDBMS/JDBC drivers. For stateful components with a single replica, updating this field requires restarting the component's pod. See Init Containers for more info. For a component that has a `[component].additionalInitContainers` parameter, `[component].initContainers` will override any init containers that are automatically configured by the chart.	false	`spec.[component].initContainers`
`[component].env`	list	`[]`	A list of environment variables to set in the component's container(s). For stateful components with a single replica, updating this field requires restarting the component's pod. See Define Environment Variables for a Container for more info.	false	`spec.[component].env`
`[component].additionalVolumes`	list	`[]`	Additional volumes for the component's pod(s). For stateful components with a single replica, updating this field requires restarting the component's pod. See Volumes for more info.	false	`spec.[component].additionalVolumes`
`[component].additionalVolumeMounts`	list	`[]`	Additional volume mounts for the component's container(s). For stateful components with a single replica, updating this field requires restarting the component's pod. See Volumes for more info.	false	`spec.[component].additionalVolumeMounts`
`[component].sidecarContainers`	list	`[]`	Sidecar containers for the component's container(s). For stateful components with a single replica, updating this field requires restarting the component's pod.	false	`spec.[component].sidecarContainers`
`[component].nodeSelector`	object	`{}`	A selector which must be true for the component's pod(s) to fit on a node. For stateful components with a single replica, updating this field requires restarting the component's pod. See nodeSelector for more info.	false	`spec.[component].nodeSelector`
`[component].tolerations`	list	`[]`	Tolerations for the component's pod(s). For stateful components with a single replica, updating this field requires restarting the component's pod. See Taints and Tolerations for more info.	false	`spec.[component].tolerations`
`[component].additionalNetworkPolicyIngressRules`	list	`[]`	Additional ingress rules for the component's network policy. Forbidden when `spec.networkPolicies.enabled` is `false`. See Network Policies for more info.	false	`spec.[component].additionalNetworkPolicyIngressRules`
`[component].priorityClassName`	string	`""`	Priority Class for the component's pod(s). For stateful components with a single replica, updating this field requires restarting the component's pod. See Pod Priority and Preemption for more info.	false	`spec.[component].priorityClassName`
`[component].dnsPolicy`	object	`""`	DNS policy for the component's pod(s). For stateful components with a single replica, updating this field requires restarting the component's pod. This field will default to `ClusterFirst` if not specified. See Pod DNS Policy for more info.	false	`spec.[component].dnsPolicy`
`[component].dnsConfig`	object	`{}`	DNS Config for the component's pod(s). For stateful components with a single replica, updating this field requires restarting the component's pod. This field is required when DNSPolicy is set to `None`. If DNS Policy is not specified, then `ClusterFirst` is used. See Pod DNS Config for more info.	false	`spec.[component].dnsConfig`
`[component].podAnnotations`	map[string]string	`{}`	Annotations to be applied to the component's pod(s). For stateful components with a single replica, updating this field requires restarting the component's pod.	false	`spec.[component].podAnnotations`
`[component].podLabels`	map[string]string	`{}`	Labels to be applied to the component's pod(s). For stateful components with a single replica, updating this field requires restarting the component's pod.	false	`spec.[component].podLabels`
`[component].serviceAccount`	object	`{}`	Configuration for the component's service account.	false	`spec.[component].serviceAccount`
`[component].securityContext`	object	`{}`	Container-level security context for the component. Overrides the global `securityContext`. Passthrough to `corev1.SecurityContext`.	false	`spec.[component].securityContext`
`[component].podSecurityContext`	object	`{}`	Pod-level security context for the component. Overrides the global `podSecurityContext`. Passthrough to `corev1.PodSecurityContext`. Requires Appian Operator v0.200.0+.	false	`spec.[component].podSecurityContext`

Custom Logger

The following parameters are available for each item in the list webapp.customLoggers. The chart's Custom Logger Template makes it simpler to customize application logging. Logging for these custom loggers will be output in the root ~/logs directory of each pod and named {reference}.log. Log rotation is enabled within the settings output in the ConfigMap generated by this chart.

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`reference`	string	`""`	An uppercase underscore separated reference for your logger, containing letters only (e.g. `COM_APPIAN_PACKAGE_DEBUG`).	true	`appian-log4j-override-properties`
`packageName`	string	`""`	The package name to be logged (e.g. `com.appian.package`). Do not include the prefix `log4j.logger.` in the package name provided.	true	`appian-log4j-override-properties`
`loggingLevel`	string	`""`	The logging level to be logged (e.g. `DEBUG`).	true	`appian-log4j-override-properties`

Service

By default, a service is configured by the chart with spec.service.type: ClusterIP. Configure this service object for any alternative service configurations.

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`service`	object	`{}`	Service defines configuration for creating Appian's service resource. See Service for more info.	false	`spec.service`

Ingress

Ingress for ingress controllers NGINX Ingress Controller, AWS Load Balancer Controller and Azure Application Gateway Ingress Controller (AGIC) can be configured via ingressTemplate. For any other ingress controller, use ingress below.

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`ingress`	object	`{}`	Configuration for creating Appian's ingress resource if not using ingressTemplate. See Ingress for more info.	false	`spec.ingress`

RPA

RPA can be configured for the Appian site via the rpa component. No pre-configured options are included in this Helm chart for RPA at this time. See the sample YAML file, the Custom Resource Definition and the RPA Setup section for RPA configuration options.

Key	Type	Default	Description	Required	CRD Field(s) Impacted
`rpa`	object	`{}`	Defines configuration for RPA. See RPA for more info.	false	`spec.service`

Managed Custom Properties

The following custom properties are automatically added based on either default configurations, class or driven by values file fields.

Component	Custom Properties	Driven By
App Server Heap	`conf.appserver.maxHeapSize`	Class and `webapp` override field
App Server Heap	`conf.appserver.minHeapSize`	`webapp` field
SMTP	`conf.mailhandler.*` properties, `conf.suite.MAIL_SCHEME` and `conf.suite.MAIL_SERVER_AND_PORT`	`smtp` fields
Data Service	`ads.adb.systemConfig__.rts.memory_limit` and `ads.adb.systemConfig__.rts.threads`	Class and `dataServer` override field
Process Engines	`server.conf.processcommon.MAX_EXEC_ENGINE_LOAD_METRIC`	Default value and `serviceManager` override field
Process Engines	`server.conf.processcommon.AUTODELETE_ARCHIVES_DELAY_DAYS`	Default value and `webapp` override field
Metrics API	`appian.feature.selfManagedMonitoring` and `metricsauthtoken`	`metricsAuthToken` field

Excluded Appian CRD Fields

The following fields from the Appian CRD either cannot be set via this Helm chart, or the value that this Helm chart configures cannot be directly overridden. If you must customise one of these fields, this can be done in the site YAML directly after generating it via helm template.

CRD Field	Reason
`[component].podDisruptionBudget`	Pod Disruption Budgets are set by the chart for each component when `highAvailability` is `true`.
`[component].replicas`	`[component].replicas`is set by the chart depending on the value of `highAvailability`. For service manager, webapp and httpd this value can be overridden. For all other components this value cannot be overridden and will be `1` for non-HA and `3` for HA).
`[component].affinity`	The Appian operator deploys a default affinity configuration. This cannot be customized for the Service Manager pods without breaking exec/analytics engine shard-level affinity configuration. This chart does not support customizing affinity. This chart does, however, deploy a customised affinity rule for httpd to allow the additional httpd pod that is deployed and terminated on site startup to be scheduled on the same worker as another httpd pod to ensure it can launch and terminate successfully. `nodeSelector` can still be configured globally and per-component to constrain Pods to nodes with specific labels.
`serviceManager.engineOverrides.[engine].replicas`	Engine type replica count cannot be customised at engine level. They will always use the global `serviceManager.replicas` value.

Release Notes

2.1.0

BREAKING CHANGES This release includes breaking changes. If upgrading to this version, read these Release Notes carefully before upgrading and use helm template to compare the output with that from your current version to ensure the result is as expected.

The minimum Appian Operator version compatible with this chart is v0.200.0.
Breaking Change securityContext is now a pure passthrough to corev1.SecurityContext (container-level), aligning with the Appian Operator v0.200.0+ CRD. If you previously set fsGroup or fsGroupChangePolicy under securityContext (globally or per-component), you must move these to podSecurityContext. These fields are deprecated on securityContext and will be removed by the operator in a future release.
New podSecurityContext field added as a pure passthrough to corev1.PodSecurityContext (pod-level). Supports global and per-component override, same pattern as securityContext and nodeSelector.

Migration example — if your current values contain:


xxxxxxxxxx
# Old (pre-2.1.0)
securityContext:
  runAsUser: 500
  fsGroup: 500
  fsGroupChangePolicy: OnRootMismatch

Update to:


xxxxxxxxxx
# New (2.1.0+)
securityContext:
  runAsUser: 500
  allowPrivilegeEscalation: false
podSecurityContext:
  fsGroup: 500
  fsGroupChangePolicy: OnRootMismatch

The same applies at component level — e.g. httpd.securityContext.fsGroup becomes httpd.podSecurityContext.fsGroup.

2.0.0

BREAKING CHANGES This release includes breaking changes. If upgrading to this version, read these Release Notes carefully before upgrading and use helm tempalate to compare the output with that from your current version to ensure the result is as expected.

The minimum Appian Operator version compatible with this chart is v0.194.0.
Corrected data source template for Oracle so the connection URL includes the required leading // after the @.
Support setting securityContext globally for all components, or at component level as [component].securityContext.
Support disabling the built-in Search Server init container that sets vm.max_map_count on the worker node via the new field searchServer.setVmMaxMapCount. This field defaults to true. If you choose to disable this init container, you must ensure via other means that vm.max_map_count is correctly set on all worker nodes onto which Search Server pods could be provisioned.
Support setting images.pullPolicy to be applied to all components and built-in init containers.
Removed support for deprecated dataSources.mysqlDriverConfigMapName field.
Added default CPU and memory requests and limits to httpd. Default httpd resources can be overridden in the same way as other components (instead of via the removed field httpd.resources).
httpd affinity rules updated to allow the n+1 httpd pod that is launched to run on the same worker as another pod if required, to ensure it is able to run and terminate. This avoids being left with a stuck httpd pod when httpd replica count is <= number of worker nodes.
Support setting spec.[component].serviceAccount field for a component.
The chart sets the custom property server.conf.processcommon.AUTODELETE_ARCHIVES_DELAY_DAYS to a default of 30 days to automatically clean up archived processes. This can be customised via webapp.autodeleteArchivesDelayDays. If not customised, this will now result in your archived processes being automatically deleted after 30 days.
Support OpenShift Default ingress controller as ingressTemplate.
Chart now sets the new custom properties used by the Appian Data Service since 25.1 ads.adb.systemConfig__.rts.memory_limit and ads.adb.systemConfig__.rts.threads, instead of the deprecated rts.queryMemoryLimits.circuitBreaker.threshold.bytes. Removed corresponding override field dataServer.rts.queryMemoryCircuitBreakerThresholdBytes and added new override fields under dataServer.rts.
Restructured or renamed some existing chart values fields to align with a more standardised naming approach (see table below).
The chart no longer populates spec.httpd.nslookupImage (which is not used from Operator v0.194.0).
Data source username field dataSources.[primary\|business[]].username has been removed in favour of providing the username(s) via a secret dataSources.[primary\|business[]].usernameSecretKeyRef.

Values field restructuring

Some of the fields have been restructured in this release to be more user friendly. The following table provides a guide to help you update your values files to use the new field name.

Old Field Name	New Field Name	Notes
`[component].cpuRequests`	`[component].resources.requests.cpu`
`[component].cpuLimits`	`[component].resources.limits.cpu`
`[component].memoryRequests`	`[component].resources.requests.memory`
`[component].memoryLimits`	`[component].resources.limits.memory`
`disableCpuLimits`	`enableCpuLimits`	Default functionality is unchanged. CPU limits are disabled by default.
`disableResourceRequests`	`enableResourceRequests`	Default functionality is unchanged. Resource requests are enabled by default.
`webapp.minHeapSize`	`webapp.minHeap`
`webapp.maxHeapSize`	`webapp.maxHeap`
`tshirtSize`	`class`
`images.imagePullSecrets`	`images.pullSecrets`
`k3LicSecretName`	`license.k3SecretName`
`k4LicSecretName`	`license.k4SecretName`
`appianLicConfigMapName`	`license.appianConfigMapName`
`dataSources.mysqlDriverConfigMapName`	Removed	Removed. MySQL driver is now too large to support deployment via ConfigMap
`dataServer.rts.queryMemoryCircuitBreakerThresholdBytes`	Removed	Removed. From 25.1 the Data Service uses alternative custom properties instead, defaulted based on class and overridden via `dataServer.rts.threads` and `dataServer.rts.memoryLimit`.
`dataSources.[primary\\|business[]].username`	`dataSources.[primary\\|business[]].usernameSecretKeyRef.name` and `dataSources.[primary\\|business[]].usernameSecretKeyRef.key`	Data Source Template's `username` field has been removed in favour of providing the username(s) via a secret.
`ingressTemplate.healthcheckIntervalSeconds`	`ingressTemplate.healthcheck.intervalSeconds`
`ingressTemplate.healthcheckPath`	`ingressTemplate.healthcheck.path`
`ingressTemplate.healthcheckPort`	`ingressTemplate.healthcheck.port`
`ingressTemplate.healthcheckProtocol`	`ingressTemplate.healthcheck.protocol`
`ingressTemplate.healthcheckTimeoutSeconds`	`ingressTemplate.healthcheck.timeoutSeconds`
`ingressTemplate.healthcheckHealthyThresholdCount`	`ingressTemplate.healthcheck.healthyThresholdCount`
`ingressTemplate.healthcheckUnhealthyThresholdCount`	`ingressTemplate.healthcheck.unhealthyThresholdCount`

Built against Appian operator v0.194.0 and Appian platform 25.4. This chart will work with older and newer versions of the Appian operator (to a minimum of v0.194.0) and Appian platform, but some parameters may not be valid.

1.2.0

Removed searchServerPassword field. From Operator v0.181.0, and Appian platform versions hotfixed from July 03, 2025 or later, the Operator now manages the Search Server password for you. Manually specifying a Search Server password is no longer required nor recommended. If you previously configured a Search Server password, you must remove this from your passwords.properties file when upgrading to this version of the Helm chart (see this KB for more details).

Built against Appian operator v0.181.0 and Appian platform 25.3. This chart will work with older and newer versions of the Appian operator (to a minimum of v0.181.0) and Appian platform, but some parameters may not be valid.

1.1.3

Fixed Search Server CPU requests for Medium t-shirt size to 200m.

Built against Appian operator v0.178.0 and Appian platform 25.3. This chart will work with other versions of the Appian operator and platform, both older and newer, but some parameters may not be valid (e.g. spec.rpa was only introduced from v0.156.0).

1.1.2

Fixed issue where setting disableResourceRequests: true removed resource requests altogether but left limits in place, resulting in Kubernetes automatically adding resource requests back in and set to the same values as the limits. Now, setting disableResourceRequests: true sets resource requests to 0 to prevent this.

Built against Appian operator v0.173.0 and Appian platform 25.1. This chart will work with other versions of the Appian operator and platform, both older and newer, but some parameters may not be valid (e.g. spec.rpa was only introduced from v0.156.0).

Minimum operator version tested with this Helm chart is v0.159.0.

1.1.1

Fixed issue where webapp.engineOverrides field could not be set as it was incorrectly defined as an array instead of an object.
Support setting webapp.minHeapSize to configure webapp's minimum heap size instead of using customProperties.

Minimum operator version tested with this Helm chart is v0.159.0.

1.1.0

Minor increase to Search Server CPU requests for Small and Medium t-shirt sizes in-line with public docs update.
Added dataServer.class field to enable independent scaling of the Data Service component without changing global t-shirt size.
Breaking Change Aligned Data Service t-shirt sizing with latest public docs. This keeps resources relatively similar to earlier versions, but reduces RTS count for each t-shirt size. Use the new dataServer.class field or the dataServer.rts.count field to readjust if required.
Breaking Change CPU limits are no longer set by default. This is to align with K8s best practices (where accurate CPU limits for the specific usage scenario are not already known). CPU limits can be applied by setting the new field disableCpuLimits to false (it defaults to true). If enabled, the t-shirt size's CPU limits are applied. This can be overridden globally by setting the new field defaultCpuLimits or overridden per component by setting [component].cpuLimits. The field workerNodeTotalCpu has been removed in favour of defaultCpuLimits. Previous chart behaviour can be achieved by setting disableCpuLimits to false and setting defaultCpuLimits to the previous value of workerNodeTotalCpu.
Breaking Change Removed serviceManager.cpuLimits and serviceManager.memoryLimits fields. Use serviceManager.default.cpuLimits and serviceManager.default.memoryLimits instead.
disableResourceRequests now sets no resources.requests at all, rather than incorrectly setting them to 0.
Deprecated dataSources.mysqlDriverConfigMapName, which enabled deploying the MySQL driver via a ConfigMap and webapp init container. The supported MySQL driver is now too large to be mounted via a ConfigMap. This field will be removed in a future version.
Fixed broken public docs links

Minimum operator version tested with this Helm chart is v0.159.0.

1.0.3

Fixed an issue with the AGIC Ingress Template where an invalid ingressClassName was set. It now sets the annotation kubernetes.io/ingress.class instead, to the correct value, instead of setting ingressClassName.
AGIC Ingress Template now defaults ingressTemplate.usePrivateIp to false instead of true.

Built against Appian operator v0.166.0 and Appian platform 24.4. This chart will work with other versions of the Appian operator and platform, both older and newer, but some parameters may not be valid (e.g. spec.rpa was only introduced from v0.156.0).

Minimum supported operator version is v0.159.0.

1.0.2

Allow storage.haSharedData to be specified when not in a high availability configuration
No longer enforces passwordsPropertiesSecretName to be set (as this need only be provided and loaded at first environment startup)
Support override of serviceManager.replicas in high availability configurations (from the default 3)

Minimum supported operator version is v0.159.0.

1.0.1

Fixed bug preventing ingress from being used to completely override the templated ingress ingressTemplate

Minimum supported operator version is v0.159.0.

1.0.0

Fixed bug preventing webapp.dataSources from being used to completely override the templated data sources dataSources.primary and dataSources.business
Fixed bug where CPU and memory limits were not set for execution, analytics, groups, collaboration and process design engines when applying t-shirt sizes
Default value of the Data Service custom property rts.queryMemoryLimits.circuitBreaker.threshold.bytes automatically set based on RTS count
Added webapp.customLoggers to facilitate the addition of customized application logging
Added metricsAuthToken to enable Appian Self-Managed Monitoring metrics API
Added cascadeVersionToComponentTags for compatibility with the Appian Migration Tool
Built-in SMTP-related custom properties are only added by the chart if smtp.host is provided
serviceManager.maxExecEngineLoadMetric is now an integer (corrected from string)
dataServer.rts.count is now an integer (corrected from string)
dataServer.rts.queryMemoryCircuitBreakerThresholdBytes is now an integer (corrected from string)

Minimum supported operator version is v0.159.0.

0.1.2

Added disableResourceRequests for running on smaller, dedicated worker nodes

Built against Appian operator v0.161.0 and Appian platform 24.3. This chart will work with other versions of the Appian operator and platform, both older and newer, but some parameters may not be valid (e.g. spec.rpa was only introduced from v0.156.0).

Minimum supported operator version is v0.156.0.

0.1.1

Supports new Search Server API password (introduced in 24.3)
Minor bug fixes

Minimum supported operator version is now v0.156.0.

0.1.0

First public release.

Built against Appian operator v0.156.0 and Appian platform 24.1. This chart will work with other versions of the Appian operator and platform, both older and newer, but some parameters may not be valid (e.g. spec.rpa was only introduced from v0.156.0).

License

Appian AppMarket (see here)