# Copyright Broadcom, Inc. All Rights Reserved. # SPDX-License-Identifier: APACHE-2.0 ## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass ## ## @param global.imageRegistry Global Docker image registry ## @param global.imagePullSecrets Global Docker registry secret names as an array ## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s) ## global: imageRegistry: "" ## E.g. ## imagePullSecrets: ## - myRegistryKeySecretName ## imagePullSecrets: [] defaultStorageClass: "" ## Security parameters ## security: ## @param global.security.allowInsecureImages Allows skipping image verification allowInsecureImages: false ## Compatibility adaptations for Kubernetes platforms ## compatibility: ## Compatibility adaptations for Openshift ## openshift: ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) ## adaptSecurityContext: auto ## @section Common parameters ## ## @param kubeVersion Override Kubernetes version ## kubeVersion: "" ## @param apiVersions Override Kubernetes API versions reported by .Capabilities ## apiVersions: [] ## @param nameOverride String to partially override common.names.name ## nameOverride: "" ## @param fullnameOverride String to fully override common.names.fullname ## fullnameOverride: "" ## @param namespaceOverride String to fully override common.names.namespace ## namespaceOverride: "" ## @param commonLabels Labels to add to all deployed objects ## commonLabels: {} ## @param commonAnnotations Annotations to add to all deployed objects ## commonAnnotations: {} ## @param clusterDomain Kubernetes cluster domain name ## clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] ## Enable diagnostic mode in the deployment ## diagnosticMode: ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) ## enabled: false ## @param diagnosticMode.command Command to override all containers in the deployment ## command: - sleep ## @param diagnosticMode.args Args to override all containers in the deployment ## args: - infinity ## @param configOverrides Overwrite or add extra configuration options to the chart default ## Example: ## configOverrides: ## MEM_MAX_SPANS: 500000 ## configOverrides: {} ## @param secretConfigOverrides Overwrite or add extra configuration options to the chart default (these will be added in a secret) ## Example: ## secretConfigOverrides: ## CASSANDRA_PASSWORD: test123 ## secretConfigOverrides: {} ## @param existingConfigmap The name of an existing ConfigMap with your custom configuration for zipkin ## NOTE: By providing a ConfigMap, other settings provided using values may be ignored. ## existingConfigmap: "" ## @param existingSecret The name of an existing Secret with your custom sensitive configuration for zipkin ## existingSecret: "" ## @param javaOpts Set extra Java Options when launching zipkin ## javaOpts: "" ## Bitnami zipkin image ## ref: https://hub.docker.com/r/bitnami/zipkin/tags/ ## @param image.registry [default: REGISTRY_NAME] zipkin image registry ## @param image.repository [default: REPOSITORY_NAME/zipkin] zipkin image repository ## @skip image.tag zipkin image tag (immutable tags are recommended) ## @param image.digest zipkin image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) ## @param image.pullPolicy zipkin image pull policy ## @param image.pullSecrets zipkin image pull secrets ## @param image.debug Enable zipkin image debug mode ## image: registry: docker.io repository: bitnami/zipkin tag: 3.5.1-debian-12-r5 digest: "" ## Specify a imagePullPolicy ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Enable debug mode ## debug: false ## @param replicaCount Number of zipkin replicas to deploy ## replicaCount: 1 ## @param containerPorts.http zipkin http server container port ## containerPorts: http: 9411 ## @param extraContainerPorts Optionally specify extra list of additional container ports ## e.g: ## extraContainerPorts: ## - name: myservice ## containerPort: 9090 ## extraContainerPorts: [] ## @param deploymentLabels Add extra labels to the Deployment object ## deploymentLabels: {} ## @param deploymentAnnotations Add extra annotations to the Deployment object ## deploymentAnnotations: {} ## @param logLevel Set application log level ## logLevel: INFO ## @param usePasswordFiles Mount all sensitive information as files ## usePasswordFiles: true ## @param storageType Set version store type. The chart natively supports cassandra3, mem or other. Any other type requires you to add the configuration in configOverrides and secretConfigOverrides. ## storageType: cassandra3 ## TLS/SSL parameters ## @param tls.enabled Enable TLS ## @param tls.usePemCerts Use certificates in .pem format ## @param tls.existingSecret Name of a secret containing the certificate files ## @param tls.certFilename Filename inside the secret of the .crt file (when usePemCerts=true) ## @param tls.certKeyFilename Filename inside the secret of the .key file (when usePemCerts=true) ## @param tls.keystoreFilename Filename inside the secret of the .jks file (when usePemCerts=false) ## @param tls.password Password of the Java keystore ## @param tls.passwordSecret Name of a secret containing the password of the Java keystore ## tls: enabled: false usePemCerts: true existingSecret: "" certFilename: tls.crt certKeyFilename: tls.key keystoreFilename: zipkin.jks password: "" passwordSecret: "" ## @param tls.autoGenerated.enabled Enable automatic generation of certificates for TLS ## @param tls.autoGenerated.engine Mechanism to generate the certificates (allowed values: helm, cert-manager) autoGenerated: enabled: true engine: helm ## @param tls.autoGenerated.certManager.existingIssuer The name of an existing Issuer to use for generating the certificates (only for `cert-manager` engine) ## @param tls.autoGenerated.certManager.existingIssuerKind Existing Issuer kind, defaults to Issuer (only for `cert-manager` engine) ## @param tls.autoGenerated.certManager.keyAlgorithm Key algorithm for the certificates (only for `cert-manager` engine) ## @param tls.autoGenerated.certManager.keySize Key size for the certificates (only for `cert-manager` engine) ## @param tls.autoGenerated.certManager.duration Duration for the certificates (only for `cert-manager` engine) ## @param tls.autoGenerated.certManager.renewBefore Renewal period for the certificates (only for `cert-manager` engine) certManager: existingIssuer: "" existingIssuerKind: "" keySize: 2048 keyAlgorithm: RSA duration: 2160h renewBefore: 360h ## Configure extra options for zipkin containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param livenessProbe.enabled Enable livenessProbe on zipkin containers ## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param livenessProbe.periodSeconds Period seconds for livenessProbe ## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 ## @param readinessProbe.enabled Enable readinessProbe on zipkin containers ## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param readinessProbe.periodSeconds Period seconds for readinessProbe ## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 ## @param startupProbe.enabled Enable startupProbe on zipkin containers ## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param startupProbe.periodSeconds Period seconds for startupProbe ## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param startupProbe.failureThreshold Failure threshold for startupProbe ## @param startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 90 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 ## @param customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## zipkin resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. ## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (secondary.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "small" ## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param podSecurityContext.enabled Enable security context for zipkin pods ## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy ## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface ## @param podSecurityContext.supplementalGroups Set filesystem extra groups ## @param podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem ## podSecurityContext: enabled: true fsGroupChangePolicy: Always sysctls: [] supplementalGroups: [] fsGroup: 1001 ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param containerSecurityContext.enabled zipkin container securityContext ## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param containerSecurityContext.runAsUser User ID for the zipkin container ## @param containerSecurityContext.runAsGroup Group ID for the zipkin container ## @param containerSecurityContext.runAsNonRoot Set secondary container's Security Context runAsNonRoot ## @param containerSecurityContext.privileged Set secondary container's Security Context privileged ## @param containerSecurityContext.allowPrivilegeEscalation Set secondary container's Security Context allowPrivilegeEscalation ## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem ## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped ## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## containerSecurityContext: enabled: true seLinuxOptions: {} runAsUser: 1001 runAsGroup: 1001 runAsNonRoot: true privileged: false allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## @param command Override default container command (useful when using custom images) ## command: [] ## @param args Override default container args (useful when using custom images) ## args: [] ## @param hostAliases zipkin pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param annotations Annotations for zipkin deployment/statefulset ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## annotations: {} ## @param podLabels Extra labels for zipkin pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param podAnnotations Annotations for zipkin pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## @param pdb.create Enable/disable a Pod Disruption Budget creation ## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled ## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable ## pdb: create: true minAvailable: "" maxUnavailable: "" ## Node affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set ## key: "" ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param affinity Affinity for zipkin pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set ## affinity: {} ## @param automountServiceAccountToken Mount Service Account token in pod ## automountServiceAccountToken: false ## @param nodeSelector Node labels for zipkin pods assignment ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param tolerations Tolerations for zipkin pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param updateStrategy.type zipkin strategy type ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## updateStrategy: ## StrategyType ## Can be set to RollingUpdate or Recreate ## type: RollingUpdate ## @param priorityClassName zipkin pods' priorityClassName ## priorityClassName: "" ## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param schedulerName Name of the k8s scheduler (other than default) for zipkin pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: "" ## @param lifecycleHooks for the zipkin container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param extraEnvVars Array with extra environment variables to add to zipkin nodes ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for zipkin nodes ## extraEnvVarsCM: "" ## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for zipkin nodes ## extraEnvVarsSecret: "" ## @param extraVolumes Optionally specify extra list of additional volumes for the zipkin pod(s) ## extraVolumes: [] ## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the zipkin container(s) ## extraVolumeMounts: [] ## @param sidecars Add additional sidecar containers to the zipkin pod(s) ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param initContainers Add additional init containers to the zipkin pod(s) ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] ## @section Autoscaling ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## autoscaling: vpa: ## @param autoscaling.vpa.enabled Enable VPA ## enabled: false ## @param autoscaling.vpa.annotations Annotations for VPA resource ## annotations: {} ## @param autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory ## controlledResources: [] ## @param autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod ## cpu: 200m ## memory: 100Mi maxAllowed: {} ## @param autoscaling.vpa.minAllowed VPA Min allowed resources for the pod ## cpu: 200m ## memory: 100Mi minAllowed: {} ## @section VPA update policy ## updatePolicy: ## @param autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod ## Possible values are "Off", "Initial", "Recreate", and "Auto". ## updateMode: Auto hpa: ## @param autoscaling.hpa.enabled Enable HPA ## enabled: false ## @param autoscaling.hpa.minReplicas Minimum number of replicas ## minReplicas: "" ## @param autoscaling.hpa.maxReplicas Maximum number of replicas ## maxReplicas: "" ## @param autoscaling.hpa.targetCPU Target CPU utilization percentage ## targetCPU: "" ## @param autoscaling.hpa.targetMemory Target Memory utilization percentage ## targetMemory: "" ## @section Traffic Exposure Parameters ## ## zipkin service parameters ## service: ## @param service.type zipkin service type ## type: ClusterIP ## @param service.ports.http zipkin service http port ## ports: http: 9411 ## Node ports to expose ## @param service.nodePorts.http Node port for Gremlin ## NOTE: choose port between <30000-32767> ## nodePorts: http: "" ## @param service.clusterIP zipkin service Cluster IP ## e.g.: ## clusterIP: None ## clusterIP: "" ## @param service.loadBalancerIP zipkin service Load Balancer IP ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer ## loadBalancerIP: "" ## @param service.loadBalancerSourceRanges zipkin service Load Balancer sources ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param service.externalTrafficPolicy zipkin service external traffic policy ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip ## externalTrafficPolicy: Cluster ## @param service.annotations Additional custom annotations for zipkin service ## annotations: {} ## @param service.extraPorts Extra ports to expose in zipkin service (normally used with the `sidecars` value) ## extraPorts: [] ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin ## Values: ClientIP or None ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ ## sessionAffinity: None ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity ## sessionAffinityConfig: ## clientIP: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} ## Configure the ingress resource that allows you to access the ## zipkin installation. Set up the URL ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ## ingress: ## @param ingress.enabled Set to true to enable ingress record generation ## enabled: false ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm ## selfSigned: false ## @param ingress.pathType Ingress path type ## pathType: ImplementationSpecific ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) ## apiVersion: "" ## @param ingress.hostname Default host for the ingress resource ## hostname: zipkin.local ## @param ingress.path The Path to Nginx. You may need to set this to '/*' in order to use this with ALB ingress controllers. ## path: / ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations ## ## e.g: ## annotations: ## kubernetes.io/ingress.class: nginx ## cert-manager.io/cluster-issuer: cluster-issuer-name ## annotations: {} ## @param ingress.ingressClassName Set the ingerssClassName on the ingress record for k8s 1.18+ ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ ## ingressClassName: "" ## @param ingress.tls Create TLS Secret ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it ## tls: false ## @param ingress.tlsWwwPrefix Adds www subdomain to default cert ## Creates tls host with ingress.hostname: {{ print "www.%s" .Values.ingress.hostname }} ## Is enabled if "nginx.ingress.kubernetes.io/from-to-www-redirect" is "true" tlsWwwPrefix: false ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array ## extraHosts: ## - name: zipkin.local ## path: / ## extraHosts: [] ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. ## extraPaths: ## - path: /* ## backend: ## serviceName: ssl-redirect ## servicePort: use-annotation ## extraPaths: [] ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: ## - hosts: ## - zipkin.local ## secretName: zipkin.local-tls ## extraTls: [] ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or ## -----BEGIN RSA PRIVATE KEY----- ## ## name should line up with a tlsSecret set further up ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set ## ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information ## e.g: ## - name: zipkin.local-tls ## key: ## certificate: ## secrets: [] ## @param ingress.extraRules The list of additional rules to be added to this ingress record. Evaluated as a template ## Useful when looking for additional customization, such as using different backend ## extraRules: [] ## @section Other Parameters ## ## ServiceAccount configuration ## serviceAccount: ## @param serviceAccount.create Specifies whether a ServiceAccount should be created ## create: true ## @param serviceAccount.name The name of the ServiceAccount to use. ## If not set and create is true, a name is generated using the common.names.fullname template ## name: "" ## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template) ## annotations: {} ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account ## automountServiceAccountToken: false ## @section Default Init Container Parameters ## defaultInitContainers: ## Init container that waits for backends to be ready ## waitForCassandra: ## @param defaultInitContainers.waitForCassandra.enabled Enable init container that waits for backends to be ready ## enabled: true ## Cassandra image ## ref: https://hub.docker.com/r/bitnami/cassandra/tags/ ## @param defaultInitContainers.waitForCassandra.image.registry [default: REGISTRY_NAME] Cassandra image registry ## @param defaultInitContainers.waitForCassandra.image.repository [default: REPOSITORY_NAME/cassandra] Cassandra image repository ## @skip defaultInitContainers.waitForCassandra.image.tag Cassandra image tag (immutable tags are recommended) ## @param defaultInitContainers.waitForCassandra.image.pullPolicy Cassandra image pull policy ## @param defaultInitContainers.waitForCassandra.image.pullSecrets Cassandra image pull secrets ## @param defaultInitContainers.waitForCassandra.image.debug Enable debug output ## image: registry: docker.io repository: bitnami/cassandra tag: 5.0.5-debian-12-r7 pullPolicy: IfNotPresent pullSecrets: [] debug: false ## Init container's resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param defaultInitContainers.waitForCassandra.resourcesPreset Set init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "nano" ## @param defaultInitContainers.waitForCassandra.resources Set init container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Init container Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param defaultInitContainers.waitForCassandra.containerSecurityContext.enabled Enabled Init container' Security Context ## @param defaultInitContainers.waitForCassandra.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in Init container ## @param defaultInitContainers.waitForCassandra.containerSecurityContext.runAsUser Set runAsUser in Init container' Security Context ## @param defaultInitContainers.waitForCassandra.containerSecurityContext.runAsGroup Set runAsGroup in Init container' Security Context ## @param defaultInitContainers.waitForCassandra.containerSecurityContext.runAsNonRoot Set runAsNonRoot in Init container' Security Context ## @param defaultInitContainers.waitForCassandra.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in Init container' Security Context ## @param defaultInitContainers.waitForCassandra.containerSecurityContext.privileged Set privileged in Init container' Security Context ## @param defaultInitContainers.waitForCassandra.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in Init container' Security Context ## @param defaultInitContainers.waitForCassandra.containerSecurityContext.capabilities.drop List of capabilities to be dropped in Init container ## @param defaultInitContainers.waitForCassandra.containerSecurityContext.seccompProfile.type Set seccomp profile in Init container ## containerSecurityContext: enabled: true seLinuxOptions: {} runAsUser: 1001 runAsGroup: 1001 runAsNonRoot: true readOnlyRootFilesystem: true privileged: false allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## Init container that initializes the Java keystore with the TLS certificates (requires tls.enabled=true) ## initCerts: ## @param defaultInitContainers.initCerts.enabled Enable init container that initializes the Java keystore with the TLS certificates (requires tls.enabled=true) ## enabled: true ## Init container's resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param defaultInitContainers.initCerts.resourcesPreset Set init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "nano" ## @param defaultInitContainers.initCerts.resources Set init container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Init container Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param defaultInitContainers.initCerts.containerSecurityContext.enabled Enabled Init container' Security Context ## @param defaultInitContainers.initCerts.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in Init container ## @param defaultInitContainers.initCerts.containerSecurityContext.runAsUser Set runAsUser in Init container' Security Context ## @param defaultInitContainers.initCerts.containerSecurityContext.runAsGroup Set runAsGroup in Init container' Security Context ## @param defaultInitContainers.initCerts.containerSecurityContext.runAsNonRoot Set runAsNonRoot in Init container' Security Context ## @param defaultInitContainers.initCerts.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in Init container' Security Context ## @param defaultInitContainers.initCerts.containerSecurityContext.privileged Set privileged in Init container' Security Context ## @param defaultInitContainers.initCerts.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in Init container' Security Context ## @param defaultInitContainers.initCerts.containerSecurityContext.capabilities.drop List of capabilities to be dropped in Init container ## @param defaultInitContainers.initCerts.containerSecurityContext.seccompProfile.type Set seccomp profile in Init container ## containerSecurityContext: enabled: true seLinuxOptions: {} runAsUser: 1001 runAsGroup: 1001 runAsNonRoot: true readOnlyRootFilesystem: true privileged: false allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## @section NetworkPolicy parameters ## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources ## enabled: true ## @param networkPolicy.allowExternal The Policy model to apply ## When set to false, only pods with the correct client label will have network access to the ports zipkin is ## listening on. When true, zipkin will accept connections from any source (with the correct destination port). ## allowExternal: true ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. ## allowExternalEgress: true ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy ## e.g: ## extraIngress: ## - ports: ## - port: 1234 ## from: ## - podSelector: ## - matchLabels: ## - role: frontend ## - podSelector: ## - matchExpressions: ## - key: role ## operator: In ## values: ## - frontend ## extraIngress: [] ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy ## e.g: ## extraEgress: ## - ports: ## - port: 1234 ## to: ## - podSelector: ## - matchLabels: ## - role: frontend ## - podSelector: ## - matchExpressions: ## - key: role ## operator: In ## values: ## - frontend ## extraEgress: [] ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} ## @section Metrics parameters ## metrics: ## @param metrics.enabled Enable metrics ## enabled: false ## @param metrics.annotations [object] Annotations for the server service in order to scrape metrics annotations: {} ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator ## enabled: false ## @param metrics.serviceMonitor.annotations Annotations for the ServiceMonitor Resource ## annotations: "" ## @param metrics.serviceMonitor.namespace Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) ## namespace: "" ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## interval: "" ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## scrapeTimeout: "" ## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus ## labels: {} ## @param metrics.serviceMonitor.selector Prometheus instance selector labels ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration ## selector: {} ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping ## relabelings: [] ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion ## metricRelabelings: [] ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint ## honorLabels: false ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. ## jobLabel: "" ## @section Database parameters ## externalDatabase: ## @param externalDatabase.host External database host host: "" ## @param externalDatabase.port External database port port: 9042 ## Database credentials ## @param externalDatabase.user Cassandra admin user ## @param externalDatabase.password Password for `dbUser.user`. Randomly generated if empty ## user: bn_zipkin password: "" ## @param externalDatabase.existingSecret Name of existing secret containing the database secret ## existingSecret: "" ## @param externalDatabase.existingSecretPasswordKey Name of existing secret key containing the database password secret key ## existingSecretPasswordKey: "" ## Cluster parameters ## @param externalDatabase.cluster.datacenter Name for cassandra's zipkin datacenter ## cluster: datacenter: "datacenter1" ## @param externalDatabase.keyspace Name for cassandra's zipkin keyspace ## keyspace: "bitnami_zipkin" ## @section Cassandra storage sub-chart ## cassandra: ## @param cassandra.enabled Enables cassandra storage pod ## enabled: true ## Cluster parameters ## @param cassandra.cluster.datacenter Name for cassandra's zipkin datacenter ## cluster: datacenter: "datacenter1" ## @param cassandra.keyspace Name for cassandra's zipkin keyspace ## keyspace: "bitnami_zipkin" ## Database credentials ## @param cassandra.dbUser.user Cassandra admin user ## @param cassandra.dbUser.password Password for `dbUser.user`. Randomly generated if empty ## @param cassandra.dbUser.existingSecret Name of an existing secret containing the user password. ## dbUser: user: bn_zipkin password: "" existingSecret: "" ## Cassandra service port ## @param cassandra.service.ports.cql Cassandra cql port service: ports: cql: 9042 ## Cassandra pods' resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## Minimum memory for development is 4GB and 2 CPU cores ## Minimum memory for production is 8GB and 4 CPU cores ## ref: http://docs.datastax.com/en/archived/cassandra/2.0/cassandra/architecture/architecturePlanningHardware_c.html ## ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. ## @param cassandra.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "medium" ## @param cassandra.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## @param cassandra.initDB [object] Init script for initializing the instance ## initDB: create_keyspace.cql: | CREATE KEYSPACE {{ include "zipkin.cassandra.keyspace" . }} WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 }; ## @param cassandra.extraEnvVars [array] Add extra env variables to the Cassandra installation ## Note: Zipkin requires SASI indexes extraEnvVars: - name: CASSANDRA_CFG_YAML_SASI_INDEXES_ENABLED value: "true"