mirror of
https://github.com/bitnami/charts.git
synced 2026-03-13 14:57:24 +08:00
[bitnami/spring-cloud-dataflow] feat!: 🔒 💥 Improve security defaults (#24714)
* [bitnami/spring-cloud-dataflow] feat!: 🔒 💥 Improve security defaults Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * [bitnami/spring-cloud-dataflow] Update MariaDB to branch 11.3 Signed-off-by: David Gomez <dgomezleon@vmware.com> * Update bitnami/spring-cloud-dataflow/README.md Co-authored-by: Andrés Bono <andresbono@vmware.com> Signed-off-by: David Gomez <davidbhlm@gmail.com> * [bitnami/spring-cloud-dataflow] Update deps Signed-off-by: David Gomez <dgomezleon@vmware.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> --------- Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> Signed-off-by: David Gomez <dgomezleon@vmware.com> Signed-off-by: David Gomez <davidbhlm@gmail.com> Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> Co-authored-by: David Gomez <dgomezleon@vmware.com> Co-authored-by: Andrés Bono <andresbono@vmware.com> Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
committed by
GitHub
GitHub
parent
533225c066
commit
1a3c7bc452
@@ -1,15 +1,15 @@
|
||||
dependencies:
|
||||
- name: rabbitmq
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 12.15.0
|
||||
version: 13.0.2
|
||||
- name: mariadb
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 15.2.3
|
||||
version: 18.0.1
|
||||
- name: kafka
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 26.11.4
|
||||
version: 28.0.1
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 2.19.1
|
||||
digest: sha256:bd8b126cc167fb16d25f045ee937db8d90947502adad9c36371d6292dc4410af
|
||||
generated: "2024-04-02T10:13:24.266004026Z"
|
||||
digest: sha256:182966c4c542875ae63a0957fcf3cf0dd78fab4a1f124087d14ac43f3e5197f7
|
||||
generated: "2024-04-03T11:07:50.30255+02:00"
|
||||
|
||||
@@ -23,17 +23,17 @@ dependencies:
|
||||
- condition: rabbitmq.enabled
|
||||
name: rabbitmq
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 12.x.x
|
||||
version: 13.x.x
|
||||
- condition: mariadb.enabled
|
||||
name: mariadb
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
tags:
|
||||
- dataflow-database
|
||||
version: 15.x.x
|
||||
version: 18.x.x
|
||||
- condition: kafka.enabled
|
||||
name: kafka
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 26.x.x
|
||||
version: 28.x.x
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
tags:
|
||||
@@ -53,4 +53,4 @@ maintainers:
|
||||
name: spring-cloud-dataflow
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/spring-cloud-dataflow
|
||||
version: 26.13.2
|
||||
version: 27.0.0
|
||||
|
||||
@@ -233,12 +233,12 @@ As an alternative, you can use the preset configurations for pod affinity, pod a
|
||||
|
||||
### Global parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
|
||||
| `global.imageRegistry` | Global Docker image registry | `""` |
|
||||
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
|
||||
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
|
||||
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` |
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
|
||||
| `global.imageRegistry` | Global Docker image registry | `""` |
|
||||
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
|
||||
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
|
||||
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
|
||||
|
||||
### Common parameters
|
||||
|
||||
@@ -254,273 +254,274 @@ As an alternative, you can use the preset configurations for pod affinity, pod a
|
||||
|
||||
### Dataflow Server parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------ |
|
||||
| `server.image.registry` | Spring Cloud Dataflow image registry | `REGISTRY_NAME` |
|
||||
| `server.image.repository` | Spring Cloud Dataflow image repository | `REPOSITORY_NAME/spring-cloud-dataflow` |
|
||||
| `server.image.digest` | Spring Cloud Dataflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `server.image.pullPolicy` | Spring Cloud Dataflow image pull policy | `IfNotPresent` |
|
||||
| `server.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `server.image.debug` | Enable image debug mode | `false` |
|
||||
| `server.automountServiceAccountToken` | Mount Service Account token in pod | `true` |
|
||||
| `server.hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `server.composedTaskRunner.image.registry` | Spring Cloud Dataflow Composed Task Runner image registry | `REGISTRY_NAME` |
|
||||
| `server.composedTaskRunner.image.repository` | Spring Cloud Dataflow Composed Task Runner image repository | `REPOSITORY_NAME/spring-cloud-dataflow-composed-task-runner` |
|
||||
| `server.composedTaskRunner.image.digest` | Spring Cloud Dataflow Composed Task Runner image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `server.configuration.streamingEnabled` | Enables or disables streaming data processing | `true` |
|
||||
| `server.configuration.batchEnabled` | Enables or disables batch data (tasks and schedules) processing | `true` |
|
||||
| `server.configuration.accountName` | The name of the account to configure for the Kubernetes platform | `default` |
|
||||
| `server.configuration.trustK8sCerts` | Trust K8s certificates when querying the Kubernetes API | `false` |
|
||||
| `server.configuration.containerRegistries` | Container registries configuration | `{}` |
|
||||
| `server.configuration.grafanaInfo` | Endpoint to the grafana instance (Deprecated: use the metricsDashboard instead) | `""` |
|
||||
| `server.configuration.metricsDashboard` | Endpoint to the metricsDashboard instance | `""` |
|
||||
| `server.configuration.defaultSpringApplicationJSON` | Injects default values for environment variable SPRING_APPLICATION_JSON | `true` |
|
||||
| `server.existingConfigmap` | ConfigMap with Spring Cloud Dataflow Server Configuration | `""` |
|
||||
| `server.containerPorts.http` | Container HTTP port | `8080` |
|
||||
| `server.containerPorts.jdwp` | Container JDWP port | `5005` |
|
||||
| `server.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `server.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `server.lifecycleHooks` | for the Dataflow server container(s) to automate configuration before or after startup | `{}` |
|
||||
| `server.extraEnvVars` | Extra environment variables to be set on Dataflow server container | `[]` |
|
||||
| `server.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` |
|
||||
| `server.extraEnvVarsSecret` | Secret with extra environment variables | `""` |
|
||||
| `server.replicaCount` | Number of Dataflow server replicas to deploy | `1` |
|
||||
| `server.podAffinityPreset` | Dataflow server pod affinity preset. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `server.podAntiAffinityPreset` | Dataflow server pod anti-affinity preset. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `server.nodeAffinityPreset.type` | Dataflow server node affinity preset type. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `server.nodeAffinityPreset.key` | Dataflow server node label key to match Ignored if `server.affinity` is set. | `""` |
|
||||
| `server.nodeAffinityPreset.values` | Dataflow server node label values to match. Ignored if `server.affinity` is set. | `[]` |
|
||||
| `server.affinity` | Dataflow server affinity for pod assignment | `{}` |
|
||||
| `server.nodeSelector` | Dataflow server node labels for pod assignment | `{}` |
|
||||
| `server.tolerations` | Dataflow server tolerations for pod assignment | `[]` |
|
||||
| `server.podAnnotations` | Annotations for Dataflow server pods | `{}` |
|
||||
| `server.updateStrategy.type` | Deployment strategy type for Dataflow server pods. | `RollingUpdate` |
|
||||
| `server.podLabels` | Extra labels for Dataflow Server pods | `{}` |
|
||||
| `server.priorityClassName` | Dataflow Server pods' priority | `""` |
|
||||
| `server.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
|
||||
| `server.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
|
||||
| `server.podSecurityContext.enabled` | Enabled Dataflow Server pods' Security Context | `true` |
|
||||
| `server.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `server.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `server.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `server.podSecurityContext.fsGroup` | Group ID for the volumes of the pod | `1001` |
|
||||
| `server.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `server.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `server.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `server.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `server.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `server.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `server.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `server.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `server.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `server.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `server.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if server.resources is set (server.resources is recommended for production). | `none` |
|
||||
| `server.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `server.startupProbe.enabled` | Enable startupProbe | `false` |
|
||||
| `server.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
|
||||
| `server.startupProbe.periodSeconds` | Period seconds for startupProbe | `20` |
|
||||
| `server.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `server.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
|
||||
| `server.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `server.livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `server.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
|
||||
| `server.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
|
||||
| `server.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
|
||||
| `server.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `server.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `server.readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `server.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `120` |
|
||||
| `server.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` |
|
||||
| `server.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
|
||||
| `server.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `server.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `server.customStartupProbe` | Override default startup probe | `{}` |
|
||||
| `server.customLivenessProbe` | Override default liveness probe | `{}` |
|
||||
| `server.customReadinessProbe` | Override default readiness probe | `{}` |
|
||||
| `server.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
|
||||
| `server.networkPolicy.allowExternal` | Don't require client label for connections | `true` |
|
||||
| `server.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
|
||||
| `server.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` |
|
||||
| `server.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
|
||||
| `server.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||
| `server.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `server.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `server.service.type` | Kubernetes service type | `ClusterIP` |
|
||||
| `server.service.ports.http` | Server HTTP port | `8080` |
|
||||
| `server.service.nodePort` | Specify the nodePort value for the LoadBalancer and NodePort service types | `""` |
|
||||
| `server.service.clusterIP` | Dataflow server service cluster IP | `""` |
|
||||
| `server.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
|
||||
| `server.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` |
|
||||
| `server.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` |
|
||||
| `server.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
|
||||
| `server.service.annotations` | Provide any additional annotations which may be required. Evaluated as a template. | `{}` |
|
||||
| `server.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `server.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `server.ingress.enabled` | Enable ingress controller resource | `false` |
|
||||
| `server.ingress.path` | The Path to WordPress. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` |
|
||||
| `server.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` |
|
||||
| `server.ingress.pathType` | Ingress path type | `ImplementationSpecific` |
|
||||
| `server.ingress.hostname` | Default host for the ingress resource | `dataflow.local` |
|
||||
| `server.ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
|
||||
| `server.ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` |
|
||||
| `server.ingress.certManager` | Add the corresponding annotations for cert-manager integration | `false` |
|
||||
| `server.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` |
|
||||
| `server.ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` |
|
||||
| `server.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` |
|
||||
| `server.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` |
|
||||
| `server.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` |
|
||||
| `server.ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` |
|
||||
| `server.initContainers` | Add init containers to the Dataflow Server pods | `[]` |
|
||||
| `server.sidecars` | Add sidecars to the Dataflow Server pods | `[]` |
|
||||
| `server.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` |
|
||||
| `server.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` |
|
||||
| `server.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` |
|
||||
| `server.autoscaling.enabled` | Enable autoscaling for Dataflow server | `false` |
|
||||
| `server.autoscaling.minReplicas` | Minimum number of Dataflow server replicas | `""` |
|
||||
| `server.autoscaling.maxReplicas` | Maximum number of Dataflow server replicas | `""` |
|
||||
| `server.autoscaling.targetCPU` | Target CPU utilization percentage | `""` |
|
||||
| `server.autoscaling.targetMemory` | Target Memory utilization percentage | `""` |
|
||||
| `server.extraVolumes` | Extra Volumes to be set on the Dataflow Server Pod | `[]` |
|
||||
| `server.extraVolumeMounts` | Extra VolumeMounts to be set on the Dataflow Container | `[]` |
|
||||
| `server.jdwp.enabled` | Set to true to enable Java debugger | `false` |
|
||||
| `server.jdwp.port` | Specify port for remote debugging | `5005` |
|
||||
| `server.proxy` | Add proxy configuration for SCDF server | `{}` |
|
||||
| `server.applicationProperties` | Specify common application properties added by SCDF server to streams and/or tasks | `{}` |
|
||||
| `server.security.authorization` | Authorization customization | `{}` |
|
||||
| `server.security.oauth2` | OAuth 2.0 authentication configuration | `{}` |
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------ |
|
||||
| `server.image.registry` | Spring Cloud Dataflow image registry | `REGISTRY_NAME` |
|
||||
| `server.image.repository` | Spring Cloud Dataflow image repository | `REPOSITORY_NAME/spring-cloud-dataflow` |
|
||||
| `server.image.digest` | Spring Cloud Dataflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `server.image.pullPolicy` | Spring Cloud Dataflow image pull policy | `IfNotPresent` |
|
||||
| `server.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `server.image.debug` | Enable image debug mode | `false` |
|
||||
| `server.automountServiceAccountToken` | Mount Service Account token in pod | `true` |
|
||||
| `server.hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `server.composedTaskRunner.image.registry` | Spring Cloud Dataflow Composed Task Runner image registry | `REGISTRY_NAME` |
|
||||
| `server.composedTaskRunner.image.repository` | Spring Cloud Dataflow Composed Task Runner image repository | `REPOSITORY_NAME/spring-cloud-dataflow-composed-task-runner` |
|
||||
| `server.composedTaskRunner.image.digest` | Spring Cloud Dataflow Composed Task Runner image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `server.configuration.streamingEnabled` | Enables or disables streaming data processing | `true` |
|
||||
| `server.configuration.batchEnabled` | Enables or disables batch data (tasks and schedules) processing | `true` |
|
||||
| `server.configuration.accountName` | The name of the account to configure for the Kubernetes platform | `default` |
|
||||
| `server.configuration.trustK8sCerts` | Trust K8s certificates when querying the Kubernetes API | `false` |
|
||||
| `server.configuration.containerRegistries` | Container registries configuration | `{}` |
|
||||
| `server.configuration.grafanaInfo` | Endpoint to the grafana instance (Deprecated: use the metricsDashboard instead) | `""` |
|
||||
| `server.configuration.metricsDashboard` | Endpoint to the metricsDashboard instance | `""` |
|
||||
| `server.configuration.defaultSpringApplicationJSON` | Injects default values for environment variable SPRING_APPLICATION_JSON | `true` |
|
||||
| `server.existingConfigmap` | ConfigMap with Spring Cloud Dataflow Server Configuration | `""` |
|
||||
| `server.containerPorts.http` | Container HTTP port | `8080` |
|
||||
| `server.containerPorts.jdwp` | Container JDWP port | `5005` |
|
||||
| `server.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `server.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `server.lifecycleHooks` | for the Dataflow server container(s) to automate configuration before or after startup | `{}` |
|
||||
| `server.extraEnvVars` | Extra environment variables to be set on Dataflow server container | `[]` |
|
||||
| `server.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` |
|
||||
| `server.extraEnvVarsSecret` | Secret with extra environment variables | `""` |
|
||||
| `server.replicaCount` | Number of Dataflow server replicas to deploy | `1` |
|
||||
| `server.podAffinityPreset` | Dataflow server pod affinity preset. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `server.podAntiAffinityPreset` | Dataflow server pod anti-affinity preset. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `server.nodeAffinityPreset.type` | Dataflow server node affinity preset type. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `server.nodeAffinityPreset.key` | Dataflow server node label key to match Ignored if `server.affinity` is set. | `""` |
|
||||
| `server.nodeAffinityPreset.values` | Dataflow server node label values to match. Ignored if `server.affinity` is set. | `[]` |
|
||||
| `server.affinity` | Dataflow server affinity for pod assignment | `{}` |
|
||||
| `server.nodeSelector` | Dataflow server node labels for pod assignment | `{}` |
|
||||
| `server.tolerations` | Dataflow server tolerations for pod assignment | `[]` |
|
||||
| `server.podAnnotations` | Annotations for Dataflow server pods | `{}` |
|
||||
| `server.updateStrategy.type` | Deployment strategy type for Dataflow server pods. | `RollingUpdate` |
|
||||
| `server.podLabels` | Extra labels for Dataflow Server pods | `{}` |
|
||||
| `server.priorityClassName` | Dataflow Server pods' priority | `""` |
|
||||
| `server.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
|
||||
| `server.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
|
||||
| `server.podSecurityContext.enabled` | Enabled Dataflow Server pods' Security Context | `true` |
|
||||
| `server.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `server.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `server.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `server.podSecurityContext.fsGroup` | Group ID for the volumes of the pod | `1001` |
|
||||
| `server.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `server.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `server.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `server.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
|
||||
| `server.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `server.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `server.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `server.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `server.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `server.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `server.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if server.resources is set (server.resources is recommended for production). | `small` |
|
||||
| `server.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `server.startupProbe.enabled` | Enable startupProbe | `false` |
|
||||
| `server.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
|
||||
| `server.startupProbe.periodSeconds` | Period seconds for startupProbe | `20` |
|
||||
| `server.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `server.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
|
||||
| `server.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `server.livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `server.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
|
||||
| `server.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
|
||||
| `server.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
|
||||
| `server.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `server.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `server.readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `server.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `120` |
|
||||
| `server.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` |
|
||||
| `server.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
|
||||
| `server.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `server.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `server.customStartupProbe` | Override default startup probe | `{}` |
|
||||
| `server.customLivenessProbe` | Override default liveness probe | `{}` |
|
||||
| `server.customReadinessProbe` | Override default readiness probe | `{}` |
|
||||
| `server.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
|
||||
| `server.networkPolicy.allowExternal` | Don't require client label for connections | `true` |
|
||||
| `server.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
|
||||
| `server.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` |
|
||||
| `server.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
|
||||
| `server.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||
| `server.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `server.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `server.service.type` | Kubernetes service type | `ClusterIP` |
|
||||
| `server.service.ports.http` | Server HTTP port | `8080` |
|
||||
| `server.service.nodePort` | Specify the nodePort value for the LoadBalancer and NodePort service types | `""` |
|
||||
| `server.service.clusterIP` | Dataflow server service cluster IP | `""` |
|
||||
| `server.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
|
||||
| `server.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` |
|
||||
| `server.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` |
|
||||
| `server.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
|
||||
| `server.service.annotations` | Provide any additional annotations which may be required. Evaluated as a template. | `{}` |
|
||||
| `server.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `server.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `server.ingress.enabled` | Enable ingress controller resource | `false` |
|
||||
| `server.ingress.path` | The Path to WordPress. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` |
|
||||
| `server.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` |
|
||||
| `server.ingress.pathType` | Ingress path type | `ImplementationSpecific` |
|
||||
| `server.ingress.hostname` | Default host for the ingress resource | `dataflow.local` |
|
||||
| `server.ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
|
||||
| `server.ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` |
|
||||
| `server.ingress.certManager` | Add the corresponding annotations for cert-manager integration | `false` |
|
||||
| `server.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` |
|
||||
| `server.ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` |
|
||||
| `server.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` |
|
||||
| `server.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` |
|
||||
| `server.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` |
|
||||
| `server.ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` |
|
||||
| `server.initContainers` | Add init containers to the Dataflow Server pods | `[]` |
|
||||
| `server.sidecars` | Add sidecars to the Dataflow Server pods | `[]` |
|
||||
| `server.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` |
|
||||
| `server.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` |
|
||||
| `server.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` |
|
||||
| `server.autoscaling.enabled` | Enable autoscaling for Dataflow server | `false` |
|
||||
| `server.autoscaling.minReplicas` | Minimum number of Dataflow server replicas | `""` |
|
||||
| `server.autoscaling.maxReplicas` | Maximum number of Dataflow server replicas | `""` |
|
||||
| `server.autoscaling.targetCPU` | Target CPU utilization percentage | `""` |
|
||||
| `server.autoscaling.targetMemory` | Target Memory utilization percentage | `""` |
|
||||
| `server.extraVolumes` | Extra Volumes to be set on the Dataflow Server Pod | `[]` |
|
||||
| `server.extraVolumeMounts` | Extra VolumeMounts to be set on the Dataflow Container | `[]` |
|
||||
| `server.jdwp.enabled` | Set to true to enable Java debugger | `false` |
|
||||
| `server.jdwp.port` | Specify port for remote debugging | `5005` |
|
||||
| `server.proxy` | Add proxy configuration for SCDF server | `{}` |
|
||||
| `server.applicationProperties` | Specify common application properties added by SCDF server to streams and/or tasks | `{}` |
|
||||
| `server.security.authorization` | Authorization customization | `{}` |
|
||||
| `server.security.oauth2` | OAuth 2.0 authentication configuration | `{}` |
|
||||
|
||||
### Dataflow Skipper parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------- |
|
||||
| `skipper.enabled` | Enable Spring Cloud Skipper component | `true` |
|
||||
| `skipper.automountServiceAccountToken` | Mount Service Account token in pod | `true` |
|
||||
| `skipper.hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `skipper.image.registry` | Spring Cloud Skipper image registry | `REGISTRY_NAME` |
|
||||
| `skipper.image.repository` | Spring Cloud Skipper image repository | `REPOSITORY_NAME/spring-cloud-skipper` |
|
||||
| `skipper.image.digest` | Spring Cloud Skipper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `skipper.image.pullPolicy` | Spring Cloud Skipper image pull policy | `IfNotPresent` |
|
||||
| `skipper.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `skipper.image.debug` | Enable image debug mode | `false` |
|
||||
| `skipper.configuration.accountName` | The name of the account to configure for the Kubernetes platform | `default` |
|
||||
| `skipper.configuration.trustK8sCerts` | Trust K8s certificates when querying the Kubernetes API | `false` |
|
||||
| `skipper.existingConfigmap` | Name of existing ConfigMap with Skipper server configuration | `""` |
|
||||
| `skipper.containerPorts.http` | Container HTTP port | `7577` |
|
||||
| `skipper.containerPorts.jdwp` | Container JDWP port | `5005` |
|
||||
| `skipper.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `skipper.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `skipper.lifecycleHooks` | for the Skipper container(s) to automate configuration before or after startup | `{}` |
|
||||
| `skipper.extraEnvVars` | Extra environment variables to be set on Skipper server container | `[]` |
|
||||
| `skipper.extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables | `""` |
|
||||
| `skipper.extraEnvVarsSecret` | Name of existing Secret containing extra environment variables | `""` |
|
||||
| `skipper.replicaCount` | Number of Skipper server replicas to deploy | `1` |
|
||||
| `skipper.podAffinityPreset` | Skipper pod affinity preset. Ignored if `skipper.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `skipper.podAntiAffinityPreset` | Skipper pod anti-affinity preset. Ignored if `skipper.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `skipper.nodeAffinityPreset.type` | Skipper node affinity preset type. Ignored if `skipper.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `skipper.nodeAffinityPreset.key` | Skipper node label key to match Ignored if `skipper.affinity` is set. | `""` |
|
||||
| `skipper.nodeAffinityPreset.values` | Skipper node label values to match. Ignored if `skipper.affinity` is set. | `[]` |
|
||||
| `skipper.affinity` | Skipper affinity for pod assignment | `{}` |
|
||||
| `skipper.nodeSelector` | Skipper node labels for pod assignment | `{}` |
|
||||
| `skipper.tolerations` | Skipper tolerations for pod assignment | `[]` |
|
||||
| `skipper.podAnnotations` | Annotations for Skipper server pods | `{}` |
|
||||
| `skipper.updateStrategy.type` | Deployment strategy type for Skipper server pods. | `RollingUpdate` |
|
||||
| `skipper.podLabels` | Extra labels for Skipper pods | `{}` |
|
||||
| `skipper.priorityClassName` | Controller priorityClassName | `""` |
|
||||
| `skipper.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
|
||||
| `skipper.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
|
||||
| `skipper.podSecurityContext.enabled` | Enabled Skipper pods' Security Context | `true` |
|
||||
| `skipper.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `skipper.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `skipper.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `skipper.podSecurityContext.fsGroup` | Group ID for the volumes of the pod | `1001` |
|
||||
| `skipper.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `skipper.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `skipper.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `skipper.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `skipper.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `skipper.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `skipper.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `skipper.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `skipper.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `skipper.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `skipper.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if skipper.resources is set (skipper.resources is recommended for production). | `none` |
|
||||
| `skipper.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `skipper.startupProbe.enabled` | Enable startupProbe | `false` |
|
||||
| `skipper.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
|
||||
| `skipper.startupProbe.periodSeconds` | Period seconds for startupProbe | `20` |
|
||||
| `skipper.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `skipper.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
|
||||
| `skipper.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `skipper.livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `skipper.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
|
||||
| `skipper.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
|
||||
| `skipper.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
|
||||
| `skipper.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `skipper.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `skipper.readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `skipper.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `120` |
|
||||
| `skipper.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` |
|
||||
| `skipper.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
|
||||
| `skipper.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `skipper.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `skipper.customStartupProbe` | Override default startup probe | `{}` |
|
||||
| `skipper.customLivenessProbe` | Override default liveness probe | `{}` |
|
||||
| `skipper.customReadinessProbe` | Override default readiness probe | `{}` |
|
||||
| `skipper.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
|
||||
| `skipper.networkPolicy.allowExternal` | Don't require client label for connections | `true` |
|
||||
| `skipper.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
|
||||
| `skipper.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` |
|
||||
| `skipper.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
|
||||
| `skipper.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||
| `skipper.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `skipper.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `skipper.service.type` | Kubernetes service type | `ClusterIP` |
|
||||
| `skipper.service.ports.http` | Skipper HTTP port | `80` |
|
||||
| `skipper.service.nodePort` | Service HTTP node port | `""` |
|
||||
| `skipper.service.clusterIP` | Skipper server service cluster IP | `""` |
|
||||
| `skipper.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
|
||||
| `skipper.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` |
|
||||
| `skipper.service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` |
|
||||
| `skipper.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
|
||||
| `skipper.service.annotations` | Annotations for Skipper server service | `{}` |
|
||||
| `skipper.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `skipper.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `skipper.initContainers` | Add init containers to the Dataflow Skipper pods | `[]` |
|
||||
| `skipper.sidecars` | Add sidecars to the Skipper pods | `[]` |
|
||||
| `skipper.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` |
|
||||
| `skipper.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` |
|
||||
| `skipper.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` |
|
||||
| `skipper.autoscaling.enabled` | Enable autoscaling for Skipper server | `false` |
|
||||
| `skipper.autoscaling.minReplicas` | Minimum number of Skipper server replicas | `""` |
|
||||
| `skipper.autoscaling.maxReplicas` | Maximum number of Skipper server replicas | `""` |
|
||||
| `skipper.autoscaling.targetCPU` | Target CPU utilization percentage | `""` |
|
||||
| `skipper.autoscaling.targetMemory` | Target Memory utilization percentage | `""` |
|
||||
| `skipper.extraVolumes` | Extra Volumes to be set on the Skipper Pod | `[]` |
|
||||
| `skipper.extraVolumeMounts` | Extra VolumeMounts to be set on the Skipper Container | `[]` |
|
||||
| `skipper.jdwp.enabled` | Enable Java Debug Wire Protocol (JDWP) | `false` |
|
||||
| `skipper.jdwp.port` | JDWP TCP port for remote debugging | `5005` |
|
||||
| `externalSkipper.host` | Host of a external Skipper Server | `localhost` |
|
||||
| `externalSkipper.port` | External Skipper Server port number | `7577` |
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------- |
|
||||
| `skipper.enabled` | Enable Spring Cloud Skipper component | `true` |
|
||||
| `skipper.automountServiceAccountToken` | Mount Service Account token in pod | `true` |
|
||||
| `skipper.hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `skipper.image.registry` | Spring Cloud Skipper image registry | `REGISTRY_NAME` |
|
||||
| `skipper.image.repository` | Spring Cloud Skipper image repository | `REPOSITORY_NAME/spring-cloud-skipper` |
|
||||
| `skipper.image.digest` | Spring Cloud Skipper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `skipper.image.pullPolicy` | Spring Cloud Skipper image pull policy | `IfNotPresent` |
|
||||
| `skipper.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `skipper.image.debug` | Enable image debug mode | `false` |
|
||||
| `skipper.configuration.accountName` | The name of the account to configure for the Kubernetes platform | `default` |
|
||||
| `skipper.configuration.trustK8sCerts` | Trust K8s certificates when querying the Kubernetes API | `false` |
|
||||
| `skipper.existingConfigmap` | Name of existing ConfigMap with Skipper server configuration | `""` |
|
||||
| `skipper.containerPorts.http` | Container HTTP port | `7577` |
|
||||
| `skipper.containerPorts.jdwp` | Container JDWP port | `5005` |
|
||||
| `skipper.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `skipper.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `skipper.lifecycleHooks` | for the Skipper container(s) to automate configuration before or after startup | `{}` |
|
||||
| `skipper.extraEnvVars` | Extra environment variables to be set on Skipper server container | `[]` |
|
||||
| `skipper.extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables | `""` |
|
||||
| `skipper.extraEnvVarsSecret` | Name of existing Secret containing extra environment variables | `""` |
|
||||
| `skipper.replicaCount` | Number of Skipper server replicas to deploy | `1` |
|
||||
| `skipper.podAffinityPreset` | Skipper pod affinity preset. Ignored if `skipper.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `skipper.podAntiAffinityPreset` | Skipper pod anti-affinity preset. Ignored if `skipper.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `skipper.nodeAffinityPreset.type` | Skipper node affinity preset type. Ignored if `skipper.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `skipper.nodeAffinityPreset.key` | Skipper node label key to match Ignored if `skipper.affinity` is set. | `""` |
|
||||
| `skipper.nodeAffinityPreset.values` | Skipper node label values to match. Ignored if `skipper.affinity` is set. | `[]` |
|
||||
| `skipper.affinity` | Skipper affinity for pod assignment | `{}` |
|
||||
| `skipper.nodeSelector` | Skipper node labels for pod assignment | `{}` |
|
||||
| `skipper.tolerations` | Skipper tolerations for pod assignment | `[]` |
|
||||
| `skipper.podAnnotations` | Annotations for Skipper server pods | `{}` |
|
||||
| `skipper.updateStrategy.type` | Deployment strategy type for Skipper server pods. | `RollingUpdate` |
|
||||
| `skipper.podLabels` | Extra labels for Skipper pods | `{}` |
|
||||
| `skipper.priorityClassName` | Controller priorityClassName | `""` |
|
||||
| `skipper.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
|
||||
| `skipper.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
|
||||
| `skipper.podSecurityContext.enabled` | Enabled Skipper pods' Security Context | `true` |
|
||||
| `skipper.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `skipper.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `skipper.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `skipper.podSecurityContext.fsGroup` | Group ID for the volumes of the pod | `1001` |
|
||||
| `skipper.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `skipper.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `skipper.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `skipper.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
|
||||
| `skipper.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `skipper.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `skipper.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `skipper.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `skipper.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `skipper.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `skipper.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if skipper.resources is set (skipper.resources is recommended for production). | `small` |
|
||||
| `skipper.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `skipper.startupProbe.enabled` | Enable startupProbe | `false` |
|
||||
| `skipper.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` |
|
||||
| `skipper.startupProbe.periodSeconds` | Period seconds for startupProbe | `20` |
|
||||
| `skipper.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `skipper.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
|
||||
| `skipper.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `skipper.livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `skipper.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
|
||||
| `skipper.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
|
||||
| `skipper.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
|
||||
| `skipper.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `skipper.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `skipper.readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `skipper.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `120` |
|
||||
| `skipper.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` |
|
||||
| `skipper.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
|
||||
| `skipper.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `skipper.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `skipper.customStartupProbe` | Override default startup probe | `{}` |
|
||||
| `skipper.customLivenessProbe` | Override default liveness probe | `{}` |
|
||||
| `skipper.customReadinessProbe` | Override default readiness probe | `{}` |
|
||||
| `skipper.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
|
||||
| `skipper.networkPolicy.allowExternal` | Don't require client label for connections | `true` |
|
||||
| `skipper.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
|
||||
| `skipper.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` |
|
||||
| `skipper.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
|
||||
| `skipper.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||
| `skipper.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `skipper.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `skipper.service.type` | Kubernetes service type | `ClusterIP` |
|
||||
| `skipper.service.ports.http` | Skipper HTTP port | `80` |
|
||||
| `skipper.service.nodePort` | Service HTTP node port | `""` |
|
||||
| `skipper.service.clusterIP` | Skipper server service cluster IP | `""` |
|
||||
| `skipper.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
|
||||
| `skipper.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` |
|
||||
| `skipper.service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` |
|
||||
| `skipper.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
|
||||
| `skipper.service.annotations` | Annotations for Skipper server service | `{}` |
|
||||
| `skipper.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `skipper.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `skipper.initContainers` | Add init containers to the Dataflow Skipper pods | `[]` |
|
||||
| `skipper.sidecars` | Add sidecars to the Skipper pods | `[]` |
|
||||
| `skipper.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` |
|
||||
| `skipper.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` |
|
||||
| `skipper.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` |
|
||||
| `skipper.autoscaling.enabled` | Enable autoscaling for Skipper server | `false` |
|
||||
| `skipper.autoscaling.minReplicas` | Minimum number of Skipper server replicas | `""` |
|
||||
| `skipper.autoscaling.maxReplicas` | Maximum number of Skipper server replicas | `""` |
|
||||
| `skipper.autoscaling.targetCPU` | Target CPU utilization percentage | `""` |
|
||||
| `skipper.autoscaling.targetMemory` | Target Memory utilization percentage | `""` |
|
||||
| `skipper.extraVolumes` | Extra Volumes to be set on the Skipper Pod | `[]` |
|
||||
| `skipper.extraVolumeMounts` | Extra VolumeMounts to be set on the Skipper Container | `[]` |
|
||||
| `skipper.jdwp.enabled` | Enable Java Debug Wire Protocol (JDWP) | `false` |
|
||||
| `skipper.jdwp.port` | JDWP TCP port for remote debugging | `5005` |
|
||||
| `externalSkipper.host` | Host of a external Skipper Server | `localhost` |
|
||||
| `externalSkipper.port` | External Skipper Server port number | `7577` |
|
||||
|
||||
### Deployer parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- |
|
||||
| `deployer.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if deployer.resources is set (deployer.resources is recommended for production). | `none` |
|
||||
| `deployer.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `deployer.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `120` |
|
||||
| `deployer.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `90` |
|
||||
| `deployer.nodeSelector` | The node selectors to apply to the streaming applications deployments in "key:value" format | `""` |
|
||||
| `deployer.tolerations` | Streaming applications tolerations | `[]` |
|
||||
| `deployer.volumeMounts` | Streaming applications extra volume mounts | `[]` |
|
||||
| `deployer.volumes` | Streaming applications extra volumes | `[]` |
|
||||
| `deployer.environmentVariables` | Streaming applications environment variables | `[]` |
|
||||
| `deployer.podSecurityContext.enabled` | Enabled pods' Security Context of the deployed pods batch or stream pods | `true` |
|
||||
| `deployer.podSecurityContext.runAsUser` | Set Dataflow Streams container's Security Context runAsUser | `1001` |
|
||||
| `deployer.imagePullSecrets` | Streaming applications imagePullSecrets | `[]` |
|
||||
| `deployer.secretRefs` | Streaming applications secretRefs | `[]` |
|
||||
| `deployer.entryPointStyle` | An entry point style affects how application properties are passed to the container to be deployed. Allowed values: exec (default), shell, boot | `exec` |
|
||||
| `deployer.imagePullPolicy` | An image pull policy defines when a Docker image should be pulled to the local registry. Allowed values: IfNotPresent (default), Always, Never | `IfNotPresent` |
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- |
|
||||
| `deployer.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if deployer.resources is set (deployer.resources is recommended for production). | `small` |
|
||||
| `deployer.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `deployer.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `120` |
|
||||
| `deployer.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `90` |
|
||||
| `deployer.nodeSelector` | The node selectors to apply to the streaming applications deployments in "key:value" format | `""` |
|
||||
| `deployer.tolerations` | Streaming applications tolerations | `[]` |
|
||||
| `deployer.volumeMounts` | Streaming applications extra volume mounts | `[]` |
|
||||
| `deployer.volumes` | Streaming applications extra volumes | `[]` |
|
||||
| `deployer.environmentVariables` | Streaming applications environment variables | `[]` |
|
||||
| `deployer.podSecurityContext.enabled` | Enabled pods' Security Context of the deployed pods batch or stream pods | `true` |
|
||||
| `deployer.podSecurityContext.runAsUser` | Set Dataflow Streams container's Security Context runAsUser | `1001` |
|
||||
| `deployer.podSecurityContext.fsGroup` | Set Dataflow Streams container's Security Context fsGroup | `1001` |
|
||||
| `deployer.imagePullSecrets` | Streaming applications imagePullSecrets | `[]` |
|
||||
| `deployer.secretRefs` | Streaming applications secretRefs | `[]` |
|
||||
| `deployer.entryPointStyle` | An entry point style affects how application properties are passed to the container to be deployed. Allowed values: exec (default), shell, boot | `exec` |
|
||||
| `deployer.imagePullPolicy` | An image pull policy defines when a Docker image should be pulled to the local registry. Allowed values: IfNotPresent (default), Always, Never | `IfNotPresent` |
|
||||
|
||||
### RBAC parameters
|
||||
|
||||
@@ -534,208 +535,214 @@ As an alternative, you can use the preset configurations for pod affinity, pod a
|
||||
|
||||
### Metrics parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------ |
|
||||
| `metrics.enabled` | Enable Prometheus metrics | `false` |
|
||||
| `metrics.image.registry` | Prometheus Rsocket Proxy image registry | `REGISTRY_NAME` |
|
||||
| `metrics.image.repository` | Prometheus Rsocket Proxy image repository | `REPOSITORY_NAME/prometheus-rsocket-proxy` |
|
||||
| `metrics.image.digest` | Prometheus Rsocket Proxy image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | Prometheus Rsocket Proxy image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `none` |
|
||||
| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `metrics.replicaCount` | Number of Prometheus Rsocket Proxy replicas to deploy | `1` |
|
||||
| `metrics.podAffinityPreset` | Prometheus Rsocket Proxy pod affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `metrics.podAntiAffinityPreset` | Prometheus Rsocket Proxy pod anti-affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `metrics.nodeAffinityPreset.type` | Prometheus Rsocket Proxy node affinity preset type. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `metrics.nodeAffinityPreset.key` | Prometheus Rsocket Proxy node label key to match Ignored if `metrics.affinity` is set. | `""` |
|
||||
| `metrics.nodeAffinityPreset.values` | Prometheus Rsocket Proxy node label values to match. Ignored if `metrics.affinity` is set. | `[]` |
|
||||
| `metrics.affinity` | Prometheus Rsocket Proxy affinity for pod assignment | `{}` |
|
||||
| `metrics.nodeSelector` | Prometheus Rsocket Proxy node labels for pod assignment | `{}` |
|
||||
| `metrics.automountServiceAccountToken` | Mount Service Account token in pod | `true` |
|
||||
| `metrics.hostAliases` | Prometheus Proxy pods host aliases | `[]` |
|
||||
| `metrics.tolerations` | Prometheus Rsocket Proxy tolerations for pod assignment | `[]` |
|
||||
| `metrics.podAnnotations` | Annotations for Prometheus Rsocket Proxy pods | `{}` |
|
||||
| `metrics.podLabels` | Extra labels for Prometheus Proxy pods | `{}` |
|
||||
| `metrics.podSecurityContext.enabled` | Enabled Prometheus Proxy pods' Security Context | `true` |
|
||||
| `metrics.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `metrics.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `metrics.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `metrics.podSecurityContext.fsGroup` | Set Prometheus Proxy pod's Security Context fsGroup | `1001` |
|
||||
| `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `metrics.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `metrics.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `metrics.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `metrics.lifecycleHooks` | for the Prometheus Proxy container(s) to automate configuration before or after startup | `{}` |
|
||||
| `metrics.extraEnvVars` | Array with extra environment variables to add to Prometheus Proxy nodes | `[]` |
|
||||
| `metrics.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Prometheus Proxy nodes | `""` |
|
||||
| `metrics.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Prometheus Proxy nodes | `""` |
|
||||
| `metrics.extraVolumes` | Optionally specify extra list of additional volumes for the Prometheus Proxy pod(s) | `[]` |
|
||||
| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Prometheus Proxy container(s) | `[]` |
|
||||
| `metrics.containerPorts.http` | Prometheus Proxy HTTP container port | `8080` |
|
||||
| `metrics.containerPorts.rsocket` | Prometheus Proxy Rsocket container port | `7001` |
|
||||
| `metrics.startupProbe.enabled` | Enable startupProbe on Prometheus Proxy nodes | `false` |
|
||||
| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
|
||||
| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` |
|
||||
| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `metrics.livenessProbe.enabled` | Enable livenessProbe on Prometheus Proxy nodes | `true` |
|
||||
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` |
|
||||
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
|
||||
| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
|
||||
| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `metrics.readinessProbe.enabled` | Enable readinessProbe on Prometheus Proxy nodes | `true` |
|
||||
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` |
|
||||
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
|
||||
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
||||
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `metrics.sidecars` | Add additional sidecar containers to the Prometheus Proxy pod(s) | `[]` |
|
||||
| `metrics.initContainers` | Add additional init containers to the Prometheus Proxy pod(s) | `[]` |
|
||||
| `metrics.updateStrategy.type` | Prometheus Proxy deployment strategy type. | `RollingUpdate` |
|
||||
| `metrics.priorityClassName` | Prometheus Rsocket Proxy pods' priority. | `""` |
|
||||
| `metrics.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
|
||||
| `metrics.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
|
||||
| `metrics.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
|
||||
| `metrics.networkPolicy.allowExternal` | Don't require client label for connections | `true` |
|
||||
| `metrics.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
|
||||
| `metrics.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
|
||||
| `metrics.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||
| `metrics.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `metrics.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `metrics.service.type` | Prometheus Proxy service type | `ClusterIP` |
|
||||
| `metrics.service.ports.http` | Prometheus Rsocket Proxy HTTP port | `8080` |
|
||||
| `metrics.service.ports.rsocket` | Prometheus Rsocket Proxy Rsocket port | `7001` |
|
||||
| `metrics.service.nodePorts.http` | Node port for HTTP | `""` |
|
||||
| `metrics.service.nodePorts.rsocket` | Node port for Rsocket | `""` |
|
||||
| `metrics.service.clusterIP` | Prometheys Proxy service Cluster IP | `""` |
|
||||
| `metrics.service.loadBalancerIP` | Prometheys Proxy service Load Balancer IP | `""` |
|
||||
| `metrics.service.loadBalancerSourceRanges` | Prometheys Proxy service Load Balancer sources | `[]` |
|
||||
| `metrics.service.externalTrafficPolicy` | Prometheys Proxy service external traffic policy | `Cluster` |
|
||||
| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
|
||||
| `metrics.service.annotations` | Annotations for the Prometheus Rsocket Proxy service | `{}` |
|
||||
| `metrics.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `metrics.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` |
|
||||
| `metrics.serviceMonitor.namespace` | Namespace in which ServiceMonitor is created if different from release | `""` |
|
||||
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
|
||||
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` |
|
||||
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
|
||||
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
|
||||
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
|
||||
| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` |
|
||||
| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` |
|
||||
| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` |
|
||||
| `metrics.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` |
|
||||
| `metrics.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` |
|
||||
| `metrics.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` |
|
||||
| `metrics.autoscaling.enabled` | Enable autoscaling for Prometheus Rsocket Proxy | `false` |
|
||||
| `metrics.autoscaling.minReplicas` | Minimum number of Prometheus Rsocket Proxy replicas | `""` |
|
||||
| `metrics.autoscaling.maxReplicas` | Maximum number of Prometheus Rsocket Proxy replicas | `""` |
|
||||
| `metrics.autoscaling.targetCPU` | Target CPU utilization percentage | `""` |
|
||||
| `metrics.autoscaling.targetMemory` | Target Memory utilization percentage | `""` |
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------ |
|
||||
| `metrics.enabled` | Enable Prometheus metrics | `false` |
|
||||
| `metrics.image.registry` | Prometheus Rsocket Proxy image registry | `REGISTRY_NAME` |
|
||||
| `metrics.image.repository` | Prometheus Rsocket Proxy image repository | `REPOSITORY_NAME/prometheus-rsocket-proxy` |
|
||||
| `metrics.image.digest` | Prometheus Rsocket Proxy image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | Prometheus Rsocket Proxy image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `nano` |
|
||||
| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `metrics.replicaCount` | Number of Prometheus Rsocket Proxy replicas to deploy | `1` |
|
||||
| `metrics.podAffinityPreset` | Prometheus Rsocket Proxy pod affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `metrics.podAntiAffinityPreset` | Prometheus Rsocket Proxy pod anti-affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `metrics.nodeAffinityPreset.type` | Prometheus Rsocket Proxy node affinity preset type. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `metrics.nodeAffinityPreset.key` | Prometheus Rsocket Proxy node label key to match Ignored if `metrics.affinity` is set. | `""` |
|
||||
| `metrics.nodeAffinityPreset.values` | Prometheus Rsocket Proxy node label values to match. Ignored if `metrics.affinity` is set. | `[]` |
|
||||
| `metrics.affinity` | Prometheus Rsocket Proxy affinity for pod assignment | `{}` |
|
||||
| `metrics.nodeSelector` | Prometheus Rsocket Proxy node labels for pod assignment | `{}` |
|
||||
| `metrics.automountServiceAccountToken` | Mount Service Account token in pod | `true` |
|
||||
| `metrics.hostAliases` | Prometheus Proxy pods host aliases | `[]` |
|
||||
| `metrics.tolerations` | Prometheus Rsocket Proxy tolerations for pod assignment | `[]` |
|
||||
| `metrics.podAnnotations` | Annotations for Prometheus Rsocket Proxy pods | `{}` |
|
||||
| `metrics.podLabels` | Extra labels for Prometheus Proxy pods | `{}` |
|
||||
| `metrics.podSecurityContext.enabled` | Enabled Prometheus Proxy pods' Security Context | `true` |
|
||||
| `metrics.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
| `metrics.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
|
||||
| `metrics.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
|
||||
| `metrics.podSecurityContext.fsGroup` | Set Prometheus Proxy pod's Security Context fsGroup | `1001` |
|
||||
| `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `metrics.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
|
||||
| `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `metrics.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `metrics.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `metrics.lifecycleHooks` | for the Prometheus Proxy container(s) to automate configuration before or after startup | `{}` |
|
||||
| `metrics.extraEnvVars` | Array with extra environment variables to add to Prometheus Proxy nodes | `[]` |
|
||||
| `metrics.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Prometheus Proxy nodes | `""` |
|
||||
| `metrics.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Prometheus Proxy nodes | `""` |
|
||||
| `metrics.extraVolumes` | Optionally specify extra list of additional volumes for the Prometheus Proxy pod(s) | `[]` |
|
||||
| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Prometheus Proxy container(s) | `[]` |
|
||||
| `metrics.containerPorts.http` | Prometheus Proxy HTTP container port | `8080` |
|
||||
| `metrics.containerPorts.rsocket` | Prometheus Proxy Rsocket container port | `7001` |
|
||||
| `metrics.startupProbe.enabled` | Enable startupProbe on Prometheus Proxy nodes | `false` |
|
||||
| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
|
||||
| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` |
|
||||
| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `metrics.livenessProbe.enabled` | Enable livenessProbe on Prometheus Proxy nodes | `true` |
|
||||
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` |
|
||||
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
|
||||
| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
|
||||
| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `metrics.readinessProbe.enabled` | Enable readinessProbe on Prometheus Proxy nodes | `true` |
|
||||
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` |
|
||||
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
|
||||
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
||||
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `metrics.sidecars` | Add additional sidecar containers to the Prometheus Proxy pod(s) | `[]` |
|
||||
| `metrics.initContainers` | Add additional init containers to the Prometheus Proxy pod(s) | `[]` |
|
||||
| `metrics.updateStrategy.type` | Prometheus Proxy deployment strategy type. | `RollingUpdate` |
|
||||
| `metrics.priorityClassName` | Prometheus Rsocket Proxy pods' priority. | `""` |
|
||||
| `metrics.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
|
||||
| `metrics.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
|
||||
| `metrics.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
|
||||
| `metrics.networkPolicy.allowExternal` | Don't require client label for connections | `true` |
|
||||
| `metrics.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
|
||||
| `metrics.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
|
||||
| `metrics.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
|
||||
| `metrics.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `metrics.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
|
||||
| `metrics.service.type` | Prometheus Proxy service type | `ClusterIP` |
|
||||
| `metrics.service.ports.http` | Prometheus Rsocket Proxy HTTP port | `8080` |
|
||||
| `metrics.service.ports.rsocket` | Prometheus Rsocket Proxy Rsocket port | `7001` |
|
||||
| `metrics.service.nodePorts.http` | Node port for HTTP | `""` |
|
||||
| `metrics.service.nodePorts.rsocket` | Node port for Rsocket | `""` |
|
||||
| `metrics.service.clusterIP` | Prometheys Proxy service Cluster IP | `""` |
|
||||
| `metrics.service.loadBalancerIP` | Prometheys Proxy service Load Balancer IP | `""` |
|
||||
| `metrics.service.loadBalancerSourceRanges` | Prometheys Proxy service Load Balancer sources | `[]` |
|
||||
| `metrics.service.externalTrafficPolicy` | Prometheys Proxy service external traffic policy | `Cluster` |
|
||||
| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
|
||||
| `metrics.service.annotations` | Annotations for the Prometheus Rsocket Proxy service | `{}` |
|
||||
| `metrics.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
|
||||
| `metrics.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` |
|
||||
| `metrics.serviceMonitor.namespace` | Namespace in which ServiceMonitor is created if different from release | `""` |
|
||||
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
|
||||
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` |
|
||||
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
|
||||
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
|
||||
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
|
||||
| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` |
|
||||
| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` |
|
||||
| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` |
|
||||
| `metrics.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` |
|
||||
| `metrics.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` |
|
||||
| `metrics.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` |
|
||||
| `metrics.autoscaling.enabled` | Enable autoscaling for Prometheus Rsocket Proxy | `false` |
|
||||
| `metrics.autoscaling.minReplicas` | Minimum number of Prometheus Rsocket Proxy replicas | `""` |
|
||||
| `metrics.autoscaling.maxReplicas` | Maximum number of Prometheus Rsocket Proxy replicas | `""` |
|
||||
| `metrics.autoscaling.targetCPU` | Target CPU utilization percentage | `""` |
|
||||
| `metrics.autoscaling.targetMemory` | Target Memory utilization percentage | `""` |
|
||||
|
||||
### Init Container parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------- |
|
||||
| `waitForBackends.enabled` | Wait for the database and other services (such as Kafka or RabbitMQ) used when enabling streaming | `true` |
|
||||
| `waitForBackends.image.registry` | Init container wait-for-backend image registry | `REGISTRY_NAME` |
|
||||
| `waitForBackends.image.repository` | Init container wait-for-backend image name | `REPOSITORY_NAME/kubectl` |
|
||||
| `waitForBackends.image.digest` | Init container wait-for-backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `waitForBackends.image.pullPolicy` | Init container wait-for-backend image pull policy | `IfNotPresent` |
|
||||
| `waitForBackends.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `waitForBackends.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `waitForBackends.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `waitForBackends.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `waitForBackends.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `waitForBackends.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `waitForBackends.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `waitForBackends.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `waitForBackends.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `waitForBackends.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `waitForBackends.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `waitForBackends.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if waitForBackends.resources is set (waitForBackends.resources is recommended for production). | `none` |
|
||||
| `waitForBackends.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
|
||||
| `waitForBackends.enabled` | Wait for the database and other services (such as Kafka or RabbitMQ) used when enabling streaming | `true` |
|
||||
| `waitForBackends.image.registry` | Init container wait-for-backend image registry | `REGISTRY_NAME` |
|
||||
| `waitForBackends.image.repository` | Init container wait-for-backend image name | `REPOSITORY_NAME/kubectl` |
|
||||
| `waitForBackends.image.digest` | Init container wait-for-backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `waitForBackends.image.pullPolicy` | Init container wait-for-backend image pull policy | `IfNotPresent` |
|
||||
| `waitForBackends.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `waitForBackends.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `waitForBackends.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
|
||||
| `waitForBackends.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `waitForBackends.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
|
||||
| `waitForBackends.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `waitForBackends.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `waitForBackends.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `waitForBackends.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `waitForBackends.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `waitForBackends.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `waitForBackends.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if waitForBackends.resources is set (waitForBackends.resources is recommended for production). | `nano` |
|
||||
| `waitForBackends.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
|
||||
### Database parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
|
||||
| `mariadb.enabled` | Enable/disable MariaDB chart installation | `true` |
|
||||
| `mariadb.jdbcParameter.useMysqlMetadata` | Use MariaDB useMysqlMetadata parameter. | `true` |
|
||||
| `mariadb.image.registry` | MariaDB image registry | `REGISTRY_NAME` |
|
||||
| `mariadb.image.repository` | MariaDB image repository | `REPOSITORY_NAME/mariadb` |
|
||||
| `mariadb.image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `mariadb.architecture` | MariaDB architecture. Allowed values: `standalone` or `replication` | `standalone` |
|
||||
| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | `""` |
|
||||
| `mariadb.auth.username` | Username of new user to create | `dataflow` |
|
||||
| `mariadb.auth.password` | Password for the new user | `change-me` |
|
||||
| `mariadb.auth.database` | Database name to create | `dataflow` |
|
||||
| `mariadb.auth.forcePassword` | Force users to specify required passwords in the database | `false` |
|
||||
| `mariadb.auth.usePasswordFiles` | Mount credentials as a file instead of using an environment variable | `false` |
|
||||
| `mariadb.initdbScripts` | Specify dictionary of scripts to be run at first boot | `{}` |
|
||||
| `flyway.enabled` | Enable/disable flyway running Dataflow and Skipper Database creation scripts on startup | `true` |
|
||||
| `externalDatabase.host` | Host of the external database | `localhost` |
|
||||
| `externalDatabase.port` | External database port number | `3306` |
|
||||
| `externalDatabase.driver` | The fully qualified name of the JDBC Driver class | `""` |
|
||||
| `externalDatabase.scheme` | The scheme is a vendor-specific or shared protocol string that follows the "jdbc:" of the URL | `""` |
|
||||
| `externalDatabase.hibernateDialect` | Hibernate Dialect used by Dataflow/Skipper servers | `""` |
|
||||
| `externalDatabase.password` | External database password (DEPRECATED: use dataflow.password and skipper.password instead) | `""` |
|
||||
| `externalDatabase.existingPasswordSecret` | Existing secret with database password (DEPRECATED: use dataflow.existingSecret and skipper.existingSecret instead) | `""` |
|
||||
| `externalDatabase.existingPasswordKey` | Key of the existing secret with database password (DEPRECATED: use dataflow.existingSecretPasswordKey and skipper.existingSecretPasswordKey instead) | `""` |
|
||||
| `externalDatabase.dataflow.url` | JDBC URL for dataflow server. Overrides external scheme, host, port, password, and dataflow.database parameters. | `""` |
|
||||
| `externalDatabase.dataflow.database` | Name of the existing database to be used by Dataflow server. Ignored if url is provided | `dataflow` |
|
||||
| `externalDatabase.dataflow.username` | Existing username in the external db to be used by Dataflow server | `dataflow` |
|
||||
| `externalDatabase.dataflow.password` | Password for the above username. Ignored if existing secret is provided | `""` |
|
||||
| `externalDatabase.dataflow.existingSecret` | Name of the existing secret containing database credentials for Dataflow server | `""` |
|
||||
| `externalDatabase.dataflow.existingSecretPasswordKey` | Key of the above existing secret with database password, defaults to `datasource-password` | `""` |
|
||||
| `externalDatabase.skipper.url` | JDBC URL for skipper. Overrides external scheme, host, port, database, and skipper.database parameters. | `""` |
|
||||
| `externalDatabase.skipper.database` | Name of the existing database to be used by Skipper server. Ignored if url is provided | `skipper` |
|
||||
| `externalDatabase.skipper.username` | Existing username in the external db to be used by Skipper server | `skipper` |
|
||||
| `externalDatabase.skipper.password` | Password for the above username. Ignored if existing secret is provided | `""` |
|
||||
| `externalDatabase.skipper.existingSecret` | Name of the existing secret containing database credentials for Skipper server | `""` |
|
||||
| `externalDatabase.skipper.existingSecretPasswordKey` | Key of the above existing secret with database password, defaults to `datasource-password` | `""` |
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
|
||||
| `mariadb.enabled` | Enable/disable MariaDB chart installation | `true` |
|
||||
| `mariadb.jdbcParameter.useMysqlMetadata` | Use MariaDB useMysqlMetadata parameter. | `true` |
|
||||
| `mariadb.image.registry` | MariaDB image registry | `REGISTRY_NAME` |
|
||||
| `mariadb.image.repository` | MariaDB image repository | `REPOSITORY_NAME/mariadb` |
|
||||
| `mariadb.image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `mariadb.architecture` | MariaDB architecture. Allowed values: `standalone` or `replication` | `standalone` |
|
||||
| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | `""` |
|
||||
| `mariadb.auth.username` | Username of new user to create | `dataflow` |
|
||||
| `mariadb.auth.password` | Password for the new user | `change-me` |
|
||||
| `mariadb.auth.database` | Database name to create | `dataflow` |
|
||||
| `mariadb.auth.forcePassword` | Force users to specify required passwords in the database | `false` |
|
||||
| `mariadb.auth.usePasswordFiles` | Mount credentials as a file instead of using an environment variable | `false` |
|
||||
| `mariadb.initdbScripts` | Specify dictionary of scripts to be run at first boot | `{}` |
|
||||
| `mariadb.primary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production). | `micro` |
|
||||
| `mariadb.primary.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `flyway.enabled` | Enable/disable flyway running Dataflow and Skipper Database creation scripts on startup | `true` |
|
||||
| `externalDatabase.host` | Host of the external database | `localhost` |
|
||||
| `externalDatabase.port` | External database port number | `3306` |
|
||||
| `externalDatabase.driver` | The fully qualified name of the JDBC Driver class | `""` |
|
||||
| `externalDatabase.scheme` | The scheme is a vendor-specific or shared protocol string that follows the "jdbc:" of the URL | `""` |
|
||||
| `externalDatabase.hibernateDialect` | Hibernate Dialect used by Dataflow/Skipper servers | `""` |
|
||||
| `externalDatabase.password` | External database password (DEPRECATED: use dataflow.password and skipper.password instead) | `""` |
|
||||
| `externalDatabase.existingPasswordSecret` | Existing secret with database password (DEPRECATED: use dataflow.existingSecret and skipper.existingSecret instead) | `""` |
|
||||
| `externalDatabase.existingPasswordKey` | Key of the existing secret with database password (DEPRECATED: use dataflow.existingSecretPasswordKey and skipper.existingSecretPasswordKey instead) | `""` |
|
||||
| `externalDatabase.dataflow.url` | JDBC URL for dataflow server. Overrides external scheme, host, port, password, and dataflow.database parameters. | `""` |
|
||||
| `externalDatabase.dataflow.database` | Name of the existing database to be used by Dataflow server. Ignored if url is provided | `dataflow` |
|
||||
| `externalDatabase.dataflow.username` | Existing username in the external db to be used by Dataflow server | `dataflow` |
|
||||
| `externalDatabase.dataflow.password` | Password for the above username. Ignored if existing secret is provided | `""` |
|
||||
| `externalDatabase.dataflow.existingSecret` | Name of the existing secret containing database credentials for Dataflow server | `""` |
|
||||
| `externalDatabase.dataflow.existingSecretPasswordKey` | Key of the above existing secret with database password, defaults to `datasource-password` | `""` |
|
||||
| `externalDatabase.skipper.url` | JDBC URL for skipper. Overrides external scheme, host, port, database, and skipper.database parameters. | `""` |
|
||||
| `externalDatabase.skipper.database` | Name of the existing database to be used by Skipper server. Ignored if url is provided | `skipper` |
|
||||
| `externalDatabase.skipper.username` | Existing username in the external db to be used by Skipper server | `skipper` |
|
||||
| `externalDatabase.skipper.password` | Password for the above username. Ignored if existing secret is provided | `""` |
|
||||
| `externalDatabase.skipper.existingSecret` | Name of the existing secret containing database credentials for Skipper server | `""` |
|
||||
| `externalDatabase.skipper.existingSecretPasswordKey` | Key of the above existing secret with database password, defaults to `datasource-password` | `""` |
|
||||
|
||||
### RabbitMQ chart parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------------- | ------------------------------------------------------------------------------------------------ | ----------- |
|
||||
| `rabbitmq.enabled` | Enable/disable RabbitMQ chart installation | `true` |
|
||||
| `rabbitmq.auth.username` | RabbitMQ username | `user` |
|
||||
| `externalRabbitmq.enabled` | Enable/disable external RabbitMQ | `false` |
|
||||
| `externalRabbitmq.host` | Host of the external RabbitMQ | `localhost` |
|
||||
| `externalRabbitmq.port` | External RabbitMQ port number | `5672` |
|
||||
| `externalRabbitmq.username` | External RabbitMQ username | `guest` |
|
||||
| `externalRabbitmq.password` | External RabbitMQ password. It will be saved in a kubernetes secret | `guest` |
|
||||
| `externalRabbitmq.vhost` | External RabbitMQ virtual host. It will be saved in a kubernetes secret | `""` |
|
||||
| `externalRabbitmq.existingPasswordSecret` | Existing secret with RabbitMQ password (DEPRECATED: use externalRabbitmq.existingSecret instead) | `""` |
|
||||
| `externalRabbitmq.existingSecret` | Name of the existing secret containing RabbitMQ credentials | `""` |
|
||||
| `externalRabbitmq.existingSecretPasswordKey` | Key of the above existing secret with RabbitMQ password, defaults to `password` | `""` |
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
|
||||
| `rabbitmq.enabled` | Enable/disable RabbitMQ chart installation | `true` |
|
||||
| `rabbitmq.auth.username` | RabbitMQ username | `user` |
|
||||
| `rabbitmq.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
|
||||
| `rabbitmq.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `externalRabbitmq.enabled` | Enable/disable external RabbitMQ | `false` |
|
||||
| `externalRabbitmq.host` | Host of the external RabbitMQ | `localhost` |
|
||||
| `externalRabbitmq.port` | External RabbitMQ port number | `5672` |
|
||||
| `externalRabbitmq.username` | External RabbitMQ username | `guest` |
|
||||
| `externalRabbitmq.password` | External RabbitMQ password. It will be saved in a kubernetes secret | `guest` |
|
||||
| `externalRabbitmq.vhost` | External RabbitMQ virtual host. It will be saved in a kubernetes secret | `""` |
|
||||
| `externalRabbitmq.existingPasswordSecret` | Existing secret with RabbitMQ password (DEPRECATED: use externalRabbitmq.existingSecret instead) | `""` |
|
||||
| `externalRabbitmq.existingSecret` | Name of the existing secret containing RabbitMQ credentials | `""` |
|
||||
| `externalRabbitmq.existingSecretPasswordKey` | Key of the above existing secret with RabbitMQ password, defaults to `password` | `""` |
|
||||
|
||||
### Kafka chart parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------- | ------------------------------------------------------------ | ------------------------------------ |
|
||||
| `kafka.enabled` | Enable/disable Kafka chart installation | `false` |
|
||||
| `kafka.controller.replicaCount` | Number of Kafka controller+brokers nodes | `1` |
|
||||
| `kafka.extraConfig` | Kafka extra configuration to be appended to dynamic settings | `offsets.topic.replication.factor=1` |
|
||||
| `externalKafka.enabled` | Enable/disable external Kafka | `false` |
|
||||
| `externalKafka.brokers` | External Kafka brokers | `localhost:9092` |
|
||||
| `externalKafka.zkNodes` | External Zookeeper nodes | `localhost:2181` |
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ |
|
||||
| `kafka.enabled` | Enable/disable Kafka chart installation | `false` |
|
||||
| `kafka.controller.replicaCount` | Number of Kafka controller+brokers nodes | `1` |
|
||||
| `kafka.controller.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if controller.resources is set (controller.resources is recommended for production). | `small` |
|
||||
| `kafka.controller.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `kafka.extraConfig` | Kafka extra configuration to be appended to dynamic settings | `offsets.topic.replication.factor=1` |
|
||||
| `externalKafka.enabled` | Enable/disable external Kafka | `false` |
|
||||
| `externalKafka.brokers` | External Kafka brokers | `localhost:9092` |
|
||||
| `externalKafka.zkNodes` | External Zookeeper nodes | `localhost:2181` |
|
||||
|
||||
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
|
||||
|
||||
@@ -764,6 +771,19 @@ Find more information about how to deal with common errors related to Bitnami He
|
||||
|
||||
If you enabled RabbitMQ chart to be used as the messaging solution for Skipper to manage streaming content, then it's necessary to set the `rabbitmq.auth.password` and `rabbitmq.auth.erlangCookie` parameters when upgrading for readiness/liveness probes to work properly. Inspect the RabbitMQ secret to obtain the password and the Erlang cookie, then you can upgrade your chart using the command below:
|
||||
|
||||
### To 27.0.0
|
||||
|
||||
This major bump changes the following security defaults:
|
||||
|
||||
- `runAsGroup` is changed from `0` to `1001`
|
||||
- `readOnlyRootFilesystem` is set to `true`
|
||||
- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case).
|
||||
- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`.
|
||||
|
||||
This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones.
|
||||
|
||||
Also, this major release bumps the MariaDB chart version to [18.x.x](https://github.com/bitnami/charts/pull/24804); no major issues are expected during the upgrade.
|
||||
|
||||
### To 25.0.0
|
||||
|
||||
This major updates the Kafka subchart to its newest major, 26.0.0. For more information on this subchart's major, please refer to [Kafka upgrade notes](https://github.com/bitnami/charts/tree/main/bitnami/kafka#to-2600).
|
||||
|
||||
@@ -74,7 +74,7 @@ data:
|
||||
volumes: {{- include "common.tplvalues.render" (dict "value" .Values.deployer.volumes "context" $) | nindent 22 }}
|
||||
{{- end }}
|
||||
{{- if .Values.deployer.podSecurityContext.enabled }}
|
||||
podSecurityContext: {{- omit .Values.deployer.podSecurityContext "enabled" | toYaml | nindent 22 }}
|
||||
podSecurityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.deployer.podSecurityContext "context" $) | nindent 22 }}
|
||||
{{- end }}
|
||||
{{- if .Values.deployer.imagePullSecrets }}
|
||||
imagePullSecrets: {{- include "common.tplvalues.render" (dict "value" .Values.deployer.imagePullSecrets "context" $) | nindent 22 }}
|
||||
|
||||
@@ -103,7 +103,7 @@ data:
|
||||
volumes: {{- include "common.tplvalues.render" (dict "value" .Values.deployer.volumes "context" $) | nindent 22 }}
|
||||
{{- end }}
|
||||
{{- if .Values.deployer.podSecurityContext.enabled }}
|
||||
podSecurityContext: {{- omit .Values.deployer.podSecurityContext "enabled" | toYaml | nindent 22 }}
|
||||
podSecurityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.deployer.podSecurityContext "context" $) | nindent 22 }}
|
||||
{{- end }}
|
||||
{{- if .Values.deployer.imagePullSecrets }}
|
||||
imagePullSecrets: {{- include "common.tplvalues.render" (dict "value" .Values.deployer.imagePullSecrets "context" $) | nindent 22 }}
|
||||
|
||||
@@ -26,7 +26,7 @@ global:
|
||||
openshift:
|
||||
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
|
||||
##
|
||||
adaptSecurityContext: disabled
|
||||
adaptSecurityContext: auto
|
||||
## @section Common parameters
|
||||
|
||||
## @param nameOverride String to partially override common.names.fullname template (will maintain the release name).
|
||||
@@ -284,12 +284,12 @@ server:
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: null
|
||||
seLinuxOptions: {}
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsGroup: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
@@ -304,7 +304,7 @@ server:
|
||||
## @param server.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if server.resources is set (server.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "none"
|
||||
resourcesPreset: "small"
|
||||
## @param server.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
@@ -865,12 +865,12 @@ skipper:
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: null
|
||||
seLinuxOptions: {}
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsGroup: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
@@ -885,7 +885,7 @@ skipper:
|
||||
## @param skipper.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if skipper.resources is set (skipper.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "none"
|
||||
resourcesPreset: "small"
|
||||
## @param skipper.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
@@ -1155,7 +1155,7 @@ deployer:
|
||||
## @param deployer.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if deployer.resources is set (deployer.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "none"
|
||||
resourcesPreset: "small"
|
||||
## @param deployer.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
@@ -1205,9 +1205,11 @@ deployer:
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param deployer.podSecurityContext.enabled Enabled pods' Security Context of the deployed pods batch or stream pods
|
||||
## @param deployer.podSecurityContext.runAsUser Set Dataflow Streams container's Security Context runAsUser
|
||||
## @param deployer.podSecurityContext.fsGroup Set Dataflow Streams container's Security Context fsGroup
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
fsGroup: 1001
|
||||
## @param deployer.imagePullSecrets Streaming applications imagePullSecrets
|
||||
##
|
||||
imagePullSecrets: []
|
||||
@@ -1286,7 +1288,7 @@ metrics:
|
||||
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "none"
|
||||
resourcesPreset: "nano"
|
||||
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
@@ -1385,12 +1387,12 @@ metrics:
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: null
|
||||
seLinuxOptions: {}
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsGroup: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
@@ -1762,12 +1764,12 @@ waitForBackends:
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: null
|
||||
seLinuxOptions: {}
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsGroup: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
@@ -1782,7 +1784,7 @@ waitForBackends:
|
||||
## @param waitForBackends.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if waitForBackends.resources is set (waitForBackends.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "none"
|
||||
resourcesPreset: "nano"
|
||||
## @param waitForBackends.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
@@ -1855,6 +1857,28 @@ mariadb:
|
||||
CREATE DATABASE IF NOT EXISTS `skipper`;
|
||||
GRANT ALL ON skipper.* to 'skipper'@'%';
|
||||
FLUSH PRIVILEGES;
|
||||
primary:
|
||||
## MariaDB primary container's resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
||||
## We usually recommend not to specify default resources and to leave this as a conscious
|
||||
## choice for the user. This also increases chances charts run on environments with little
|
||||
## resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
## @param mariadb.primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "micro"
|
||||
## @param mariadb.primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
## requests:
|
||||
## cpu: 2
|
||||
## memory: 512Mi
|
||||
## limits:
|
||||
## cpu: 3
|
||||
## memory: 1024Mi
|
||||
##
|
||||
resources: {}
|
||||
## Flyway Configuration
|
||||
## @param flyway.enabled Enable/disable flyway running Dataflow and Skipper Database creation scripts on startup
|
||||
## All database creation scripts are ignored on startup when flyway.enabled is set to false
|
||||
@@ -1955,6 +1979,27 @@ rabbitmq:
|
||||
##
|
||||
auth:
|
||||
username: user
|
||||
## RabbitMQ containers' resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
||||
## We usually recommend not to specify default resources and to leave this as a conscious
|
||||
## choice for the user. This also increases chances charts run on environments with little
|
||||
## resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
## @param rabbitmq.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "micro"
|
||||
## @param rabbitmq.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
## requests:
|
||||
## cpu: 2
|
||||
## memory: 512Mi
|
||||
## limits:
|
||||
## cpu: 3
|
||||
## memory: 1024Mi
|
||||
##
|
||||
resources: {}
|
||||
## External RabbitMQ Configuration
|
||||
## All of these values are ignored when rabbitmq.enabled is set to true
|
||||
##
|
||||
@@ -2001,6 +2046,23 @@ kafka:
|
||||
##
|
||||
controller:
|
||||
replicaCount: 1
|
||||
## Kafka resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
||||
## @param kafka.controller.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if controller.resources is set (controller.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "small"
|
||||
## @param kafka.controller.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
## requests:
|
||||
## cpu: 2
|
||||
## memory: 512Mi
|
||||
## limits:
|
||||
## cpu: 3
|
||||
## memory: 1024Mi
|
||||
##
|
||||
resources: {}
|
||||
## @param kafka.extraConfig Kafka extra configuration to be appended to dynamic settings
|
||||
##
|
||||
extraConfig: |-
|
||||
|
||||
Reference in New Issue
Block a user