commit
34adf40058
assets
crowdstrike
datadog
haproxy
harbor
hashicorp
kasten
kong
nats
redpanda
speedscale
sysdig
charts
amd/amd-gpu
argo/argo-cd
templates
argocd-applicationset
argocd-notifications
argocd-repo-server
argocd-server
bitnami
cassandra
postgresql
tomcat
wordpress
zookeeper
crowdstrike/falcon-sensor
datadog/datadog
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,6 +1,6 @@
|
|||
dependencies:
|
||||
- name: node-feature-discovery
|
||||
repository: https://kubernetes-sigs.github.io/node-feature-discovery/charts
|
||||
version: 0.13.3
|
||||
digest: sha256:a4f46d22c9ecd5b82cc2ed17da0c34b0e4936f6365bb61b474ec2780e9af3636
|
||||
generated: "2023-08-23T02:41:44.856348249Z"
|
||||
version: 0.14.3
|
||||
digest: sha256:a1651e3e727f3f60f286930ab341af1009cce742b181d19b9ec75d392c5c339b
|
||||
generated: "2023-11-03T05:15:42.351779792Z"
|
||||
|
|
|
@ -4,7 +4,7 @@ annotations:
|
|||
catalog.cattle.io/kube-version: '>= 1.18.0-0'
|
||||
catalog.cattle.io/release-name: amd-gpu
|
||||
apiVersion: v2
|
||||
appVersion: 1.25.2.4
|
||||
appVersion: 1.25.2.5
|
||||
dependencies:
|
||||
- condition: nfd.enabled
|
||||
name: node-feature-discovery
|
||||
|
@ -25,4 +25,4 @@ name: amd-gpu
|
|||
sources:
|
||||
- https://github.com/RadeonOpenCompute/k8s-device-plugin
|
||||
type: application
|
||||
version: 0.9.0
|
||||
version: 0.10.0
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# AMD GPU Helm Chart
|
||||
|
||||
![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.2.4](https://img.shields.io/badge/AppVersion-1.25.2.4-informational?style=flat-square)
|
||||
![Version: 0.10.0](https://img.shields.io/badge/Version-0.10.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.2.5](https://img.shields.io/badge/AppVersion-1.25.2.5-informational?style=flat-square)
|
||||
|
||||
A Helm chart for deploying Kubernetes AMD GPU device plugin
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
apiVersion: v2
|
||||
appVersion: v0.13.3
|
||||
appVersion: v0.14.3
|
||||
description: 'Detects hardware features available on each node in a Kubernetes cluster,
|
||||
and advertises those features using node labels. '
|
||||
home: https://github.com/kubernetes-sigs/node-feature-discovery
|
||||
|
@ -11,4 +11,4 @@ name: node-feature-discovery
|
|||
sources:
|
||||
- https://github.com/kubernetes-sigs/node-feature-discovery
|
||||
type: application
|
||||
version: 0.13.3
|
||||
version: 0.14.3
|
||||
|
|
|
@ -6,5 +6,5 @@ labels. NFD provides flexible configuration and extension points for a wide
|
|||
range of vendor and application specific node labeling needs.
|
||||
|
||||
See
|
||||
[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.13/deployment/helm.html)
|
||||
[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.14/deployment/helm.html)
|
||||
for deployment instructions.
|
||||
|
|
|
@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.9.2
|
||||
creationTimestamp: null
|
||||
controller-gen.kubebuilder.io/version: v0.12.1
|
||||
name: nodefeatures.nfd.k8s-sigs.io
|
||||
spec:
|
||||
group: nfd.k8s-sigs.io
|
||||
|
@ -114,8 +113,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.9.2
|
||||
creationTimestamp: null
|
||||
controller-gen.kubebuilder.io/version: v0.12.1
|
||||
name: nodefeaturerules.nfd.k8s-sigs.io
|
||||
spec:
|
||||
group: nfd.k8s-sigs.io
|
||||
|
|
|
@ -96,12 +96,12 @@ Create the name of the service account which topologyUpdater will use
|
|||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account which topologyGC will use
|
||||
Create the name of the service account which nfd-gc will use
|
||||
*/}}
|
||||
{{- define "node-feature-discovery.topologyGC.serviceAccountName" -}}
|
||||
{{- if .Values.topologyGC.serviceAccount.create -}}
|
||||
{{ default (printf "%s-topology-gc" (include "node-feature-discovery.fullname" .)) .Values.topologyGC.serviceAccount.name }}
|
||||
{{- define "node-feature-discovery.gc.serviceAccountName" -}}
|
||||
{{- if .Values.gc.serviceAccount.create -}}
|
||||
{{ default (printf "%s-gc" (include "node-feature-discovery.fullname" .)) .Values.gc.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.topologyGC.serviceAccount.name }}
|
||||
{{ default "default" .Values.gc.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
|
@ -25,10 +25,25 @@ rules:
|
|||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- coordination.k8s.io
|
||||
resources:
|
||||
- leases
|
||||
verbs:
|
||||
- create
|
||||
- apiGroups:
|
||||
- coordination.k8s.io
|
||||
resources:
|
||||
- leases
|
||||
resourceNames:
|
||||
- "nfd-master.nfd.kubernetes.io"
|
||||
verbs:
|
||||
- get
|
||||
- update
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
|
@ -65,12 +80,12 @@ rules:
|
|||
- update
|
||||
{{- end }}
|
||||
|
||||
{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
|
||||
---
|
||||
{{- if and .Values.topologyGC.enable .Values.topologyGC.rbac.create .Values.topologyUpdater.enable }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ include "node-feature-discovery.fullname" . }}-topology-gc
|
||||
name: {{ include "node-feature-discovery.fullname" . }}-gc
|
||||
labels:
|
||||
{{- include "node-feature-discovery.labels" . | nindent 4 }}
|
||||
rules:
|
||||
|
@ -94,4 +109,11 @@ rules:
|
|||
verbs:
|
||||
- delete
|
||||
- list
|
||||
- apiGroups:
|
||||
- nfd.k8s-sigs.io
|
||||
resources:
|
||||
- nodefeatures
|
||||
verbs:
|
||||
- delete
|
||||
- list
|
||||
{{- end }}
|
||||
|
|
|
@ -15,8 +15,8 @@ subjects:
|
|||
namespace: {{ include "node-feature-discovery.namespace" . }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
|
@ -33,20 +33,20 @@ subjects:
|
|||
namespace: {{ include "node-feature-discovery.namespace" . }}
|
||||
{{- end }}
|
||||
|
||||
{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
|
||||
---
|
||||
{{- if and .Values.topologyGC.enable .Values.topologyGC.rbac.create .Values.topologyUpdater.enable }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ include "node-feature-discovery.fullname" . }}-topology-gc
|
||||
name: {{ include "node-feature-discovery.fullname" . }}-gc
|
||||
labels:
|
||||
{{- include "node-feature-discovery.labels" . | nindent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ include "node-feature-discovery.fullname" . }}-topology-gc
|
||||
name: {{ include "node-feature-discovery.fullname" . }}-gc
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Values.topologyGC.serviceAccount.name | default "nfd-topology-gc" }}
|
||||
name: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
|
||||
namespace: {{ include "node-feature-discovery.namespace" . }}
|
||||
{{- end }}
|
||||
|
|
|
@ -6,8 +6,10 @@ metadata:
|
|||
labels:
|
||||
{{- include "node-feature-discovery.labels" . | nindent 4 }}
|
||||
role: master
|
||||
{{- with .Values.master.deploymentAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml .Values.master.deploymentAnnotations | nindent 4 }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: {{ .Values.master.replicaCount }}
|
||||
selector:
|
||||
|
@ -19,8 +21,10 @@ spec:
|
|||
labels:
|
||||
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
|
||||
role: master
|
||||
{{- with .Values.master.annotations }}
|
||||
annotations:
|
||||
{{- toYaml .Values.master.annotations | nindent 8 }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
|
@ -66,6 +70,8 @@ spec:
|
|||
ports:
|
||||
- containerPort: {{ .Values.master.port | default "8080" }}
|
||||
name: grpc
|
||||
- containerPort: {{ .Values.master.metricsPort | default "8081" }}
|
||||
name: metrics
|
||||
env:
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
|
@ -80,8 +86,10 @@ spec:
|
|||
- "-instance={{ .Values.master.instance }}"
|
||||
{{- end }}
|
||||
- "-port={{ .Values.master.port | default "8080" }}"
|
||||
{{- if .Values.enableNodeFeatureApi }}
|
||||
- "-enable-nodefeature-api"
|
||||
{{- if not .Values.enableNodeFeatureApi }}
|
||||
- "-enable-nodefeature-api=false"
|
||||
{{- else if gt (int .Values.master.replicaCount) 1 }}
|
||||
- "-enable-leader-election"
|
||||
{{- end }}
|
||||
{{- if .Values.master.extraLabelNs | empty | not }}
|
||||
- "-extra-label-ns={{- join "," .Values.master.extraLabelNs }}"
|
||||
|
@ -99,16 +107,23 @@ spec:
|
|||
- "-crd-controller={{ .Values.master.crdController }}"
|
||||
{{- else }}
|
||||
## By default, disable crd controller for other than the default instances
|
||||
- "-featurerules-controller={{ .Values.master.instance | empty }}"
|
||||
- "-crd-controller={{ .Values.master.instance | empty }}"
|
||||
{{- end }}
|
||||
{{- if .Values.master.featureRulesController | kindIs "invalid" | not }}
|
||||
- "-featurerules-controller={{ .Values.master.featureRulesController }}"
|
||||
{{- end }}
|
||||
{{- if .Values.master.resyncPeriod }}
|
||||
- "-resync-period={{ .Values.master.resyncPeriod }}"
|
||||
{{- end }}
|
||||
{{- if .Values.master.nfdApiParallelism | empty | not }}
|
||||
- "-nfd-api-parallelism={{ .Values.master.nfdApiParallelism }}"
|
||||
{{- end }}
|
||||
{{- if .Values.tls.enable }}
|
||||
- "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
|
||||
- "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
|
||||
- "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
|
||||
{{- end }}
|
||||
- "-metrics={{ .Values.master.metricsPort | default "8081" }}"
|
||||
volumeMounts:
|
||||
{{- if .Values.tls.enable }}
|
||||
- name: nfd-master-cert
|
||||
|
@ -130,7 +145,6 @@ spec:
|
|||
items:
|
||||
- key: nfd-master.conf
|
||||
path: nfd-master.conf
|
||||
|
||||
{{- with .Values.master.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
|
|
|
@ -1,36 +1,42 @@
|
|||
{{- if and .Values.topologyGC.enable .Values.topologyUpdater.enable -}}
|
||||
{{- if and .Values.gc.enable (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) -}}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "node-feature-discovery.fullname" . }}-topology-gc
|
||||
name: {{ include "node-feature-discovery.fullname" . }}-gc
|
||||
namespace: {{ include "node-feature-discovery.namespace" . }}
|
||||
labels:
|
||||
{{- include "node-feature-discovery.labels" . | nindent 4 }}
|
||||
role: topology-gc
|
||||
role: gc
|
||||
{{- with .Values.gc.deploymentAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: {{ .Values.topologyGC.replicaCount | default 1 }}
|
||||
replicas: {{ .Values.gc.replicaCount | default 1 }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
|
||||
role: topology-gc
|
||||
role: gc
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
|
||||
role: topology-gc
|
||||
role: gc
|
||||
{{- with .Values.gc.annotations }}
|
||||
annotations:
|
||||
{{- toYaml .Values.topologyGC.annotations | nindent 8 }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
serviceAccountName: {{ .Values.topologyGC.serviceAccountName | default "nfd-topology-gc" }}
|
||||
serviceAccountName: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.topologyGC.podSecurityContext | nindent 8 }}
|
||||
{{- toYaml .Values.gc.podSecurityContext | nindent 8 }}
|
||||
containers:
|
||||
- name: topology-gc
|
||||
- name: gc
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
|
||||
env:
|
||||
|
@ -39,25 +45,29 @@ spec:
|
|||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
command:
|
||||
- "nfd-topology-gc"
|
||||
- "nfd-gc"
|
||||
args:
|
||||
{{- if .Values.topologyGC.interval | empty | not }}
|
||||
- "-gc-interval={{ .Values.topologyGC.interval }}"
|
||||
{{- if .Values.gc.interval | empty | not }}
|
||||
- "-gc-interval={{ .Values.gc.interval }}"
|
||||
{{- end }}
|
||||
resources:
|
||||
{{- toYaml .Values.topologyGC.resources | nindent 12 }}
|
||||
{{- toYaml .Values.gc.resources | nindent 12 }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.topologyGC.securityContext | nindent 12 }}
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: [ "ALL" ]
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
|
||||
{{- with .Values.topologyGC.nodeSelector }}
|
||||
{{- with .Values.gc.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.topologyGC.affinity }}
|
||||
{{- with .Values.gc.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.topologyGC.tolerations }}
|
||||
{{- with .Values.gc.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,26 @@
|
|||
{{- if .Values.prometheus.enable }}
|
||||
# Prometheus Monitor Service (Metrics)
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PodMonitor
|
||||
metadata:
|
||||
name: {{ include "node-feature-discovery.fullname" . }}
|
||||
labels:
|
||||
{{- include "node-feature-discovery.selectorLabels" . | nindent 4 }}
|
||||
{{- with .Values.prometheus.labels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
podMetricsEndpoints:
|
||||
- honorLabels: true
|
||||
interval: 10s
|
||||
path: /metrics
|
||||
port: metrics
|
||||
scheme: http
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ include "node-feature-discovery.namespace" . }}
|
||||
selector:
|
||||
matchExpressions:
|
||||
- {key: app.kubernetes.io/instance, operator: In, values: ["{{ .Release.Name }}"]}
|
||||
- {key: app.kubernetes.io/name, operator: In, values: ["{{ include "node-feature-discovery.name" . }}"]}
|
||||
{{- end }}
|
|
@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: Role
|
||||
metadata:
|
||||
name: {{ include "node-feature-discovery.fullname" . }}-worker
|
||||
namespace: {{ include "node-feature-discovery.namespace" . }}
|
||||
labels:
|
||||
{{- include "node-feature-discovery.labels" . | nindent 4 }}
|
||||
rules:
|
||||
|
|
|
@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ include "node-feature-discovery.fullname" . }}-worker
|
||||
namespace: {{ include "node-feature-discovery.namespace" . }}
|
||||
labels:
|
||||
{{- include "node-feature-discovery.labels" . | nindent 4 }}
|
||||
roleRef:
|
||||
|
|
|
@ -12,8 +12,8 @@ metadata:
|
|||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.serviceAccount.create }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
|
@ -27,23 +27,23 @@ metadata:
|
|||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if and .Values.gc.enable .Values.gc.serviceAccount.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
|
||||
---
|
||||
{{- if and .Values.topologyGC.enable .Values.topologyGC.serviceAccount.create .Values.topologyUpdater.enable }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ .Values.topologyGC.serviceAccount.name | default "nfd-topology-gc" }}
|
||||
name: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
|
||||
namespace: {{ include "node-feature-discovery.namespace" . }}
|
||||
labels:
|
||||
{{- include "node-feature-discovery.labels" . | nindent 4 }}
|
||||
{{- with .Values.topologyUpdater.serviceAccount.annotations }}
|
||||
{{- with .Values.gc.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
{{- if .Values.worker.serviceAccount.create }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
|
|
|
@ -7,6 +7,10 @@ metadata:
|
|||
labels:
|
||||
{{- include "node-feature-discovery.labels" . | nindent 4 }}
|
||||
role: topology-updater
|
||||
{{- with .Values.topologyUpdater.daemonsetAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
|
@ -17,8 +21,10 @@ spec:
|
|||
labels:
|
||||
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
|
||||
role: topology-updater
|
||||
{{- with .Values.topologyUpdater.annotations }}
|
||||
annotations:
|
||||
{{- toYaml .Values.topologyUpdater.annotations | nindent 8 }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
serviceAccountName: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
|
@ -37,6 +43,10 @@ spec:
|
|||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: NODE_ADDRESS
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
command:
|
||||
- "nfd-topology-updater"
|
||||
args:
|
||||
|
@ -66,6 +76,10 @@ spec:
|
|||
# Disable kubelet state tracking by giving an empty path
|
||||
- "-kubelet-state-dir="
|
||||
{{- end }}
|
||||
- -metrics={{ .Values.topologyUpdater.metricsPort | default "8081"}}
|
||||
ports:
|
||||
- name: metrics
|
||||
containerPort: {{ .Values.topologyUpdater.metricsPort | default "8081"}}
|
||||
volumeMounts:
|
||||
{{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
|
||||
- name: kubelet-config
|
||||
|
|
|
@ -6,8 +6,10 @@ metadata:
|
|||
labels:
|
||||
{{- include "node-feature-discovery.labels" . | nindent 4 }}
|
||||
role: worker
|
||||
{{- with .Values.worker.daemonsetAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml .Values.worker.daemonsetAnnotations | nindent 4 }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
|
@ -18,8 +20,10 @@ spec:
|
|||
labels:
|
||||
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
|
||||
role: worker
|
||||
{{- with .Values.worker.annotations }}
|
||||
annotations:
|
||||
{{- toYaml .Values.worker.annotations | nindent 8 }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
|
@ -46,14 +50,18 @@ spec:
|
|||
- "nfd-worker"
|
||||
args:
|
||||
- "-server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}"
|
||||
{{- if .Values.enableNodeFeatureApi }}
|
||||
- "-enable-nodefeature-api"
|
||||
{{- if not .Values.enableNodeFeatureApi }}
|
||||
- "-enable-nodefeature-api=false"
|
||||
{{- end }}
|
||||
{{- if .Values.tls.enable }}
|
||||
- "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
|
||||
- "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
|
||||
- "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
|
||||
{{- end }}
|
||||
- "-metrics={{ .Values.worker.metricsPort | default "8081"}}"
|
||||
ports:
|
||||
- name: metrics
|
||||
containerPort: {{ .Values.worker.metricsPort | default "8081"}}
|
||||
volumeMounts:
|
||||
- name: host-boot
|
||||
mountPath: "/host-boot"
|
||||
|
|
|
@ -10,7 +10,7 @@ nameOverride: ""
|
|||
fullnameOverride: ""
|
||||
namespaceOverride: ""
|
||||
|
||||
enableNodeFeatureApi: false
|
||||
enableNodeFeatureApi: true
|
||||
|
||||
master:
|
||||
config: ### <NFD-MASTER-CONF-START-DO-NOT-REMOVE>
|
||||
|
@ -20,17 +20,43 @@ master:
|
|||
# resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"]
|
||||
# enableTaints: false
|
||||
# labelWhiteList: "foo"
|
||||
# resyncPeriod: "2h"
|
||||
# klog:
|
||||
# addDirHeader: false
|
||||
# alsologtostderr: false
|
||||
# logBacktraceAt:
|
||||
# logtostderr: true
|
||||
# skipHeaders: false
|
||||
# stderrthreshold: 2
|
||||
# v: 0
|
||||
# vmodule:
|
||||
## NOTE: the following options are not dynamically run-time configurable
|
||||
## and require a nfd-master restart to take effect after being changed
|
||||
# logDir:
|
||||
# logFile:
|
||||
# logFileMaxSize: 1800
|
||||
# skipLogHeaders: false
|
||||
# leaderElection:
|
||||
# leaseDuration: 15s
|
||||
# # this value has to be lower than leaseDuration and greater than retryPeriod*1.2
|
||||
# renewDeadline: 10s
|
||||
# # this value has to be greater than 0
|
||||
# retryPeriod: 2s
|
||||
# nfdApiParallelism: 10
|
||||
### <NFD-MASTER-CONF-END-DO-NOT-REMOVE>
|
||||
# The TCP port that nfd-master listens for incoming requests. Default: 8080
|
||||
port: 8080
|
||||
metricsPort: 8081
|
||||
instance:
|
||||
featureApi:
|
||||
resyncPeriod:
|
||||
denyLabelNs: []
|
||||
extraLabelNs: []
|
||||
resourceLabels: []
|
||||
enableTaints: false
|
||||
crdController: null
|
||||
featureRulesController: null
|
||||
nfdApiParallelism: null
|
||||
deploymentAnnotations: {}
|
||||
replicaCount: 1
|
||||
|
||||
|
@ -154,6 +180,7 @@ worker:
|
|||
# - "SSE4"
|
||||
# - "SSE42"
|
||||
# - "SSSE3"
|
||||
# - "TDX_GUEST"
|
||||
# attributeWhitelist:
|
||||
# kernel:
|
||||
# kconfigFile: "/path/to/kconfig"
|
||||
|
@ -183,7 +210,7 @@ worker:
|
|||
# - "vendor"
|
||||
# - "device"
|
||||
# local:
|
||||
# hooksEnabled: true
|
||||
# hooksEnabled: false
|
||||
# custom:
|
||||
# # The following feature demonstrates the capabilities of the matchFeatures
|
||||
# - name: "my custom rule"
|
||||
|
@ -332,6 +359,7 @@ worker:
|
|||
#
|
||||
### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
|
||||
|
||||
metricsPort: 8081
|
||||
daemonsetAnnotations: {}
|
||||
podSecurityContext: {}
|
||||
# fsGroup: 2000
|
||||
|
@ -404,6 +432,7 @@ topologyUpdater:
|
|||
rbac:
|
||||
create: true
|
||||
|
||||
metricsPort: 8081
|
||||
kubeletConfigPath:
|
||||
kubeletPodResourcesSockPath:
|
||||
updateInterval: 60s
|
||||
|
@ -433,10 +462,11 @@ topologyUpdater:
|
|||
nodeSelector: {}
|
||||
tolerations: []
|
||||
annotations: {}
|
||||
daemonsetAnnotations: {}
|
||||
affinity: {}
|
||||
podSetFingerprint: true
|
||||
|
||||
topologyGC:
|
||||
gc:
|
||||
enable: true
|
||||
replicaCount: 1
|
||||
|
||||
|
@ -450,12 +480,6 @@ topologyGC:
|
|||
interval: 1h
|
||||
|
||||
podSecurityContext: {}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: [ "ALL" ]
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
|
||||
resources: {}
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
|
@ -472,6 +496,7 @@ topologyGC:
|
|||
nodeSelector: {}
|
||||
tolerations: []
|
||||
annotations: {}
|
||||
deploymentAnnotations: {}
|
||||
affinity: {}
|
||||
|
||||
# Optionally use encryption for worker <--> master comms
|
||||
|
@ -482,3 +507,7 @@ topologyGC:
|
|||
tls:
|
||||
enable: false
|
||||
certManager: false
|
||||
|
||||
prometheus:
|
||||
enable: false
|
||||
labels: {}
|
||||
|
|
|
@ -10,13 +10,13 @@ dp:
|
|||
image:
|
||||
repository: docker.io/rocm/k8s-device-plugin
|
||||
# Overrides the image tag whose default is the chart appVersion.
|
||||
tag: "1.25.2.4"
|
||||
tag: "1.25.2.5"
|
||||
resources: {}
|
||||
|
||||
lbl:
|
||||
image:
|
||||
repository: docker.io/rocm/k8s-device-plugin
|
||||
tag: "labeller-1.25.2.4"
|
||||
tag: "labeller-1.25.2.5"
|
||||
resources: {}
|
||||
|
||||
imagePullSecrets: []
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
annotations:
|
||||
artifacthub.io/changes: |
|
||||
- kind: added
|
||||
description: Add notification cluster role support
|
||||
- kind: changed
|
||||
description: Upgrade Argo CD to v2.9.0
|
||||
artifacthub.io/signKey: |
|
||||
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
|
||||
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
|
||||
|
@ -11,7 +11,7 @@ annotations:
|
|||
catalog.cattle.io/kube-version: '>=1.23.0-0'
|
||||
catalog.cattle.io/release-name: argo-cd
|
||||
apiVersion: v2
|
||||
appVersion: v2.8.5
|
||||
appVersion: v2.9.0
|
||||
dependencies:
|
||||
- condition: redis-ha.enabled
|
||||
name: redis-ha
|
||||
|
@ -33,4 +33,4 @@ name: argo-cd
|
|||
sources:
|
||||
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
|
||||
- https://github.com/argoproj/argo-cd
|
||||
version: 5.49.0
|
||||
version: 5.51.0
|
||||
|
|
|
@ -90,6 +90,18 @@ spec:
|
|||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: applicationsetcontroller.global.preserved.annotations
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: applicationsetcontroller.global.preserved.labels
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{{- if .Values.createClusterRoles }}
|
||||
{{- if and .Values.notifications.enabled .Values.createClusterRoles }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{{- if .Values.createClusterRoles }}
|
||||
{{- if and .Values.notifications.enabled .Values.createClusterRoles }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
|
|
|
@ -231,6 +231,18 @@ spec:
|
|||
key: reposerver.streamed.manifest.max.extracted.size
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: reposerver.helm.manifest.max.extracted.size
|
||||
name: argocd-cmd-params-cm
|
||||
optional: true
|
||||
- name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: argocd-cmd-params-cm
|
||||
key: reposerver.disable.helm.manifest.max.extracted.size
|
||||
optional: true
|
||||
- name: ARGOCD_GIT_MODULES_ENABLED
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
|
|
|
@ -40,6 +40,7 @@ rules:
|
|||
- argoproj.io
|
||||
resources:
|
||||
- applications
|
||||
- applicationsets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
|
|
|
@ -359,6 +359,37 @@ spec:
|
|||
description: Namespace sets the namespace that Kustomize
|
||||
adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas
|
||||
override specifications
|
||||
|
@ -657,6 +688,37 @@ spec:
|
|||
description: Namespace sets the namespace that Kustomize
|
||||
adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas
|
||||
override specifications
|
||||
|
@ -797,7 +859,8 @@ spec:
|
|||
properties:
|
||||
name:
|
||||
description: Name is an alternate way of specifying the target
|
||||
cluster by its symbolic name
|
||||
cluster by its symbolic name. This must be set if Server is
|
||||
not set.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace specifies the target namespace for the
|
||||
|
@ -805,8 +868,9 @@ spec:
|
|||
namespace-scoped resources that have not set a value for .metadata.namespace
|
||||
type: string
|
||||
server:
|
||||
description: Server specifies the URL of the target cluster and
|
||||
must be set to the Kubernetes control plane API
|
||||
description: Server specifies the URL of the target cluster's
|
||||
Kubernetes control plane API. This must be set if Name is not
|
||||
set.
|
||||
type: string
|
||||
type: object
|
||||
ignoreDifferences:
|
||||
|
@ -1067,6 +1131,37 @@ spec:
|
|||
description: Namespace sets the namespace that Kustomize adds
|
||||
to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas override
|
||||
specifications
|
||||
|
@ -1355,6 +1450,37 @@ spec:
|
|||
description: Namespace sets the namespace that Kustomize
|
||||
adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas override
|
||||
specifications
|
||||
|
@ -1796,6 +1922,37 @@ spec:
|
|||
description: Namespace sets the namespace that Kustomize
|
||||
adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas
|
||||
override specifications
|
||||
|
@ -2097,6 +2254,37 @@ spec:
|
|||
description: Namespace sets the namespace that Kustomize
|
||||
adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas
|
||||
override specifications
|
||||
|
@ -2542,6 +2730,37 @@ spec:
|
|||
description: Namespace sets the namespace that
|
||||
Kustomize adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas
|
||||
override specifications
|
||||
|
@ -2860,6 +3079,38 @@ spec:
|
|||
description: Namespace sets the namespace that
|
||||
Kustomize adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize
|
||||
patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize
|
||||
Replicas override specifications
|
||||
|
@ -3292,6 +3543,37 @@ spec:
|
|||
description: Namespace sets the namespace that Kustomize
|
||||
adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas
|
||||
override specifications
|
||||
|
@ -3603,6 +3885,37 @@ spec:
|
|||
description: Namespace sets the namespace that Kustomize
|
||||
adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas
|
||||
override specifications
|
||||
|
@ -3804,7 +4117,8 @@ spec:
|
|||
properties:
|
||||
name:
|
||||
description: Name is an alternate way of specifying the
|
||||
target cluster by its symbolic name
|
||||
target cluster by its symbolic name. This must be set
|
||||
if Server is not set.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace specifies the target namespace
|
||||
|
@ -3813,8 +4127,9 @@ spec:
|
|||
not set a value for .metadata.namespace
|
||||
type: string
|
||||
server:
|
||||
description: Server specifies the URL of the target cluster
|
||||
and must be set to the Kubernetes control plane API
|
||||
description: Server specifies the URL of the target cluster's
|
||||
Kubernetes control plane API. This must be set if Name
|
||||
is not set.
|
||||
type: string
|
||||
type: object
|
||||
ignoreDifferences:
|
||||
|
@ -4056,6 +4371,37 @@ spec:
|
|||
description: Namespace sets the namespace that Kustomize
|
||||
adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas
|
||||
override specifications
|
||||
|
@ -4367,6 +4713,37 @@ spec:
|
|||
description: Namespace sets the namespace that Kustomize
|
||||
adds to all resources
|
||||
type: string
|
||||
patches:
|
||||
description: Patches is a list of Kustomize patches
|
||||
items:
|
||||
properties:
|
||||
options:
|
||||
additionalProperties:
|
||||
type: boolean
|
||||
type: object
|
||||
patch:
|
||||
type: string
|
||||
path:
|
||||
type: string
|
||||
target:
|
||||
properties:
|
||||
annotationSelector:
|
||||
type: string
|
||||
group:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
labelSelector:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
replicas:
|
||||
description: Replicas is a list of Kustomize Replicas
|
||||
override specifications
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -50,4 +50,4 @@ maintainers:
|
|||
name: airflow
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/airflow
|
||||
version: 16.0.7
|
||||
version: 16.1.0
|
||||
|
|
|
@ -108,209 +108,221 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
|
||||
### Airflow web parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------- |
|
||||
| `web.image.registry` | Airflow image registry | `REGISTRY_NAME` |
|
||||
| `web.image.repository` | Airflow image repository | `REPOSITORY_NAME/airflow` |
|
||||
| `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `web.image.pullPolicy` | Airflow image pull policy | `IfNotPresent` |
|
||||
| `web.image.pullSecrets` | Airflow image pull secrets | `[]` |
|
||||
| `web.image.debug` | Enable image debug mode | `false` |
|
||||
| `web.baseUrl` | URL used to access to Airflow web ui | `""` |
|
||||
| `web.existingConfigmap` | Name of an existing config map containing the Airflow web config file | `""` |
|
||||
| `web.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `web.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `web.extraEnvVars` | Array with extra environment variables to add Airflow web pods | `[]` |
|
||||
| `web.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow web pods | `""` |
|
||||
| `web.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow web pods | `""` |
|
||||
| `web.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow web pods | `[]` |
|
||||
| `web.containerPorts.http` | Airflow web HTTP container port | `8080` |
|
||||
| `web.replicaCount` | Number of Airflow web replicas | `1` |
|
||||
| `web.livenessProbe.enabled` | Enable livenessProbe on Airflow web containers | `true` |
|
||||
| `web.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` |
|
||||
| `web.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
|
||||
| `web.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `web.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `web.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `web.readinessProbe.enabled` | Enable readinessProbe on Airflow web containers | `true` |
|
||||
| `web.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
|
||||
| `web.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `web.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `web.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `web.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `web.startupProbe.enabled` | Enable startupProbe on Airflow web containers | `false` |
|
||||
| `web.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` |
|
||||
| `web.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `web.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `web.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
|
||||
| `web.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `web.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `web.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `web.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `web.resources.limits` | The resources limits for the Airflow web containers | `{}` |
|
||||
| `web.resources.requests` | The requested resources for the Airflow web containers | `{}` |
|
||||
| `web.podSecurityContext.enabled` | Enabled Airflow web pods' Security Context | `true` |
|
||||
| `web.podSecurityContext.fsGroup` | Set Airflow web pod's Security Context fsGroup | `1001` |
|
||||
| `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` |
|
||||
| `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` |
|
||||
| `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` |
|
||||
| `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` |
|
||||
| `web.hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `web.podLabels` | Add extra labels to the Airflow web pods | `{}` |
|
||||
| `web.podAnnotations` | Add extra annotations to the Airflow web pods | `{}` |
|
||||
| `web.affinity` | Affinity for Airflow web pods assignment (evaluated as a template) | `{}` |
|
||||
| `web.nodeAffinityPreset.key` | Node label key to match. Ignored if `web.affinity` is set. | `""` |
|
||||
| `web.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `web.nodeAffinityPreset.values` | Node label values to match. Ignored if `web.affinity` is set. | `[]` |
|
||||
| `web.nodeSelector` | Node labels for Airflow web pods assignment | `{}` |
|
||||
| `web.podAffinityPreset` | Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `""` |
|
||||
| `web.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `soft` |
|
||||
| `web.tolerations` | Tolerations for Airflow web pods assignment | `[]` |
|
||||
| `web.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `web.priorityClassName` | Priority Class Name | `""` |
|
||||
| `web.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
|
||||
| `web.terminationGracePeriodSeconds` | Seconds Airflow web pod needs to terminate gracefully | `""` |
|
||||
| `web.updateStrategy.type` | Airflow web deployment strategy type | `RollingUpdate` |
|
||||
| `web.updateStrategy.rollingUpdate` | Airflow web deployment rolling update configuration parameters | `{}` |
|
||||
| `web.sidecars` | Add additional sidecar containers to the Airflow web pods | `[]` |
|
||||
| `web.initContainers` | Add additional init containers to the Airflow web pods | `[]` |
|
||||
| `web.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow web pods | `[]` |
|
||||
| `web.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow web pods | `[]` |
|
||||
| `web.pdb.create` | Deploy a pdb object for the Airflow web pods | `false` |
|
||||
| `web.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow web replicas | `1` |
|
||||
| `web.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow web replicas | `""` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------- |
|
||||
| `web.image.registry` | Airflow image registry | `REGISTRY_NAME` |
|
||||
| `web.image.repository` | Airflow image repository | `REPOSITORY_NAME/airflow` |
|
||||
| `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `web.image.pullPolicy` | Airflow image pull policy | `IfNotPresent` |
|
||||
| `web.image.pullSecrets` | Airflow image pull secrets | `[]` |
|
||||
| `web.image.debug` | Enable image debug mode | `false` |
|
||||
| `web.baseUrl` | URL used to access to Airflow web ui | `""` |
|
||||
| `web.existingConfigmap` | Name of an existing config map containing the Airflow web config file | `""` |
|
||||
| `web.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `web.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `web.extraEnvVars` | Array with extra environment variables to add Airflow web pods | `[]` |
|
||||
| `web.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow web pods | `""` |
|
||||
| `web.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow web pods | `""` |
|
||||
| `web.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow web pods | `[]` |
|
||||
| `web.containerPorts.http` | Airflow web HTTP container port | `8080` |
|
||||
| `web.replicaCount` | Number of Airflow web replicas | `1` |
|
||||
| `web.livenessProbe.enabled` | Enable livenessProbe on Airflow web containers | `true` |
|
||||
| `web.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` |
|
||||
| `web.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
|
||||
| `web.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `web.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `web.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `web.readinessProbe.enabled` | Enable readinessProbe on Airflow web containers | `true` |
|
||||
| `web.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
|
||||
| `web.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `web.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `web.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `web.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `web.startupProbe.enabled` | Enable startupProbe on Airflow web containers | `false` |
|
||||
| `web.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` |
|
||||
| `web.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `web.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `web.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
|
||||
| `web.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `web.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `web.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `web.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `web.resources.limits` | The resources limits for the Airflow web containers | `{}` |
|
||||
| `web.resources.requests` | The requested resources for the Airflow web containers | `{}` |
|
||||
| `web.podSecurityContext.enabled` | Enabled Airflow web pods' Security Context | `true` |
|
||||
| `web.podSecurityContext.fsGroup` | Set Airflow web pod's Security Context fsGroup | `1001` |
|
||||
| `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` |
|
||||
| `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` |
|
||||
| `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` |
|
||||
| `web.containerSecurityContext.privileged` | Set web container's Security Context privileged | `false` |
|
||||
| `web.containerSecurityContext.allowPrivilegeEscalation` | Set web container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `web.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `web.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` |
|
||||
| `web.hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `web.podLabels` | Add extra labels to the Airflow web pods | `{}` |
|
||||
| `web.podAnnotations` | Add extra annotations to the Airflow web pods | `{}` |
|
||||
| `web.affinity` | Affinity for Airflow web pods assignment (evaluated as a template) | `{}` |
|
||||
| `web.nodeAffinityPreset.key` | Node label key to match. Ignored if `web.affinity` is set. | `""` |
|
||||
| `web.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `web.nodeAffinityPreset.values` | Node label values to match. Ignored if `web.affinity` is set. | `[]` |
|
||||
| `web.nodeSelector` | Node labels for Airflow web pods assignment | `{}` |
|
||||
| `web.podAffinityPreset` | Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `""` |
|
||||
| `web.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `soft` |
|
||||
| `web.tolerations` | Tolerations for Airflow web pods assignment | `[]` |
|
||||
| `web.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `web.priorityClassName` | Priority Class Name | `""` |
|
||||
| `web.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
|
||||
| `web.terminationGracePeriodSeconds` | Seconds Airflow web pod needs to terminate gracefully | `""` |
|
||||
| `web.updateStrategy.type` | Airflow web deployment strategy type | `RollingUpdate` |
|
||||
| `web.updateStrategy.rollingUpdate` | Airflow web deployment rolling update configuration parameters | `{}` |
|
||||
| `web.sidecars` | Add additional sidecar containers to the Airflow web pods | `[]` |
|
||||
| `web.initContainers` | Add additional init containers to the Airflow web pods | `[]` |
|
||||
| `web.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow web pods | `[]` |
|
||||
| `web.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow web pods | `[]` |
|
||||
| `web.pdb.create` | Deploy a pdb object for the Airflow web pods | `false` |
|
||||
| `web.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow web replicas | `1` |
|
||||
| `web.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow web replicas | `""` |
|
||||
|
||||
### Airflow scheduler parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ----------------------------------- |
|
||||
| `scheduler.image.registry` | Airflow Scheduler image registry | `REGISTRY_NAME` |
|
||||
| `scheduler.image.repository` | Airflow Scheduler image repository | `REPOSITORY_NAME/airflow-scheduler` |
|
||||
| `scheduler.image.digest` | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `scheduler.image.pullPolicy` | Airflow Scheduler image pull policy | `IfNotPresent` |
|
||||
| `scheduler.image.pullSecrets` | Airflow Scheduler image pull secrets | `[]` |
|
||||
| `scheduler.image.debug` | Enable image debug mode | `false` |
|
||||
| `scheduler.replicaCount` | Number of scheduler replicas | `1` |
|
||||
| `scheduler.command` | Override cmd | `[]` |
|
||||
| `scheduler.args` | Override args | `[]` |
|
||||
| `scheduler.extraEnvVars` | Add extra environment variables | `[]` |
|
||||
| `scheduler.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` |
|
||||
| `scheduler.extraEnvVarsSecret` | Secret with extra environment variables | `""` |
|
||||
| `scheduler.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow scheduler pods | `[]` |
|
||||
| `scheduler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `scheduler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `scheduler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `scheduler.resources.limits` | The resources limits for the Airflow scheduler containers | `{}` |
|
||||
| `scheduler.resources.requests` | The requested resources for the Airflow scheduler containers | `{}` |
|
||||
| `scheduler.podSecurityContext.enabled` | Enabled Airflow scheduler pods' Security Context | `true` |
|
||||
| `scheduler.podSecurityContext.fsGroup` | Set Airflow scheduler pod's Security Context fsGroup | `1001` |
|
||||
| `scheduler.containerSecurityContext.enabled` | Enabled Airflow scheduler containers' Security Context | `true` |
|
||||
| `scheduler.containerSecurityContext.runAsUser` | Set Airflow scheduler containers' Security Context runAsUser | `1001` |
|
||||
| `scheduler.containerSecurityContext.runAsNonRoot` | Set Airflow scheduler containers' Security Context runAsNonRoot | `true` |
|
||||
| `scheduler.lifecycleHooks` | for the Airflow scheduler container(s) to automate configuration before or after startup | `{}` |
|
||||
| `scheduler.hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `scheduler.podLabels` | Add extra labels to the Airflow scheduler pods | `{}` |
|
||||
| `scheduler.podAnnotations` | Add extra annotations to the Airflow scheduler pods | `{}` |
|
||||
| `scheduler.affinity` | Affinity for Airflow scheduler pods assignment (evaluated as a template) | `{}` |
|
||||
| `scheduler.nodeAffinityPreset.key` | Node label key to match. Ignored if `scheduler.affinity` is set. | `""` |
|
||||
| `scheduler.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `scheduler.nodeAffinityPreset.values` | Node label values to match. Ignored if `scheduler.affinity` is set. | `[]` |
|
||||
| `scheduler.nodeSelector` | Node labels for Airflow scheduler pods assignment | `{}` |
|
||||
| `scheduler.podAffinityPreset` | Pod affinity preset. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard`. | `""` |
|
||||
| `scheduler.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard`. | `soft` |
|
||||
| `scheduler.tolerations` | Tolerations for Airflow scheduler pods assignment | `[]` |
|
||||
| `scheduler.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `scheduler.priorityClassName` | Priority Class Name | `""` |
|
||||
| `scheduler.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
|
||||
| `scheduler.terminationGracePeriodSeconds` | Seconds Airflow scheduler pod needs to terminate gracefully | `""` |
|
||||
| `scheduler.updateStrategy.type` | Airflow scheduler deployment strategy type | `RollingUpdate` |
|
||||
| `scheduler.updateStrategy.rollingUpdate` | Airflow scheduler deployment rolling update configuration parameters | `{}` |
|
||||
| `scheduler.sidecars` | Add additional sidecar containers to the Airflow scheduler pods | `[]` |
|
||||
| `scheduler.initContainers` | Add additional init containers to the Airflow scheduler pods | `[]` |
|
||||
| `scheduler.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow scheduler pods | `[]` |
|
||||
| `scheduler.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow scheduler pods | `[]` |
|
||||
| `scheduler.pdb.create` | Deploy a pdb object for the Airflow scheduler pods | `false` |
|
||||
| `scheduler.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow scheduler replicas | `1` |
|
||||
| `scheduler.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow scheduler replicas | `""` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ----------------------------------- |
|
||||
| `scheduler.image.registry` | Airflow Scheduler image registry | `REGISTRY_NAME` |
|
||||
| `scheduler.image.repository` | Airflow Scheduler image repository | `REPOSITORY_NAME/airflow-scheduler` |
|
||||
| `scheduler.image.digest` | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `scheduler.image.pullPolicy` | Airflow Scheduler image pull policy | `IfNotPresent` |
|
||||
| `scheduler.image.pullSecrets` | Airflow Scheduler image pull secrets | `[]` |
|
||||
| `scheduler.image.debug` | Enable image debug mode | `false` |
|
||||
| `scheduler.replicaCount` | Number of scheduler replicas | `1` |
|
||||
| `scheduler.command` | Override cmd | `[]` |
|
||||
| `scheduler.args` | Override args | `[]` |
|
||||
| `scheduler.extraEnvVars` | Add extra environment variables | `[]` |
|
||||
| `scheduler.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` |
|
||||
| `scheduler.extraEnvVarsSecret` | Secret with extra environment variables | `""` |
|
||||
| `scheduler.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow scheduler pods | `[]` |
|
||||
| `scheduler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `scheduler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `scheduler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `scheduler.resources.limits` | The resources limits for the Airflow scheduler containers | `{}` |
|
||||
| `scheduler.resources.requests` | The requested resources for the Airflow scheduler containers | `{}` |
|
||||
| `scheduler.podSecurityContext.enabled` | Enabled Airflow scheduler pods' Security Context | `true` |
|
||||
| `scheduler.podSecurityContext.fsGroup` | Set Airflow scheduler pod's Security Context fsGroup | `1001` |
|
||||
| `scheduler.containerSecurityContext.enabled` | Enabled Airflow scheduler containers' Security Context | `true` |
|
||||
| `scheduler.containerSecurityContext.runAsUser` | Set Airflow scheduler containers' Security Context runAsUser | `1001` |
|
||||
| `scheduler.containerSecurityContext.runAsNonRoot` | Set Airflow scheduler containers' Security Context runAsNonRoot | `true` |
|
||||
| `scheduler.containerSecurityContext.privileged` | Set scheduler container's Security Context privileged | `false` |
|
||||
| `scheduler.containerSecurityContext.allowPrivilegeEscalation` | Set scheduler container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `scheduler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `scheduler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `scheduler.lifecycleHooks` | for the Airflow scheduler container(s) to automate configuration before or after startup | `{}` |
|
||||
| `scheduler.hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `scheduler.podLabels` | Add extra labels to the Airflow scheduler pods | `{}` |
|
||||
| `scheduler.podAnnotations` | Add extra annotations to the Airflow scheduler pods | `{}` |
|
||||
| `scheduler.affinity` | Affinity for Airflow scheduler pods assignment (evaluated as a template) | `{}` |
|
||||
| `scheduler.nodeAffinityPreset.key` | Node label key to match. Ignored if `scheduler.affinity` is set. | `""` |
|
||||
| `scheduler.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `scheduler.nodeAffinityPreset.values` | Node label values to match. Ignored if `scheduler.affinity` is set. | `[]` |
|
||||
| `scheduler.nodeSelector` | Node labels for Airflow scheduler pods assignment | `{}` |
|
||||
| `scheduler.podAffinityPreset` | Pod affinity preset. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard`. | `""` |
|
||||
| `scheduler.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard`. | `soft` |
|
||||
| `scheduler.tolerations` | Tolerations for Airflow scheduler pods assignment | `[]` |
|
||||
| `scheduler.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `scheduler.priorityClassName` | Priority Class Name | `""` |
|
||||
| `scheduler.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
|
||||
| `scheduler.terminationGracePeriodSeconds` | Seconds Airflow scheduler pod needs to terminate gracefully | `""` |
|
||||
| `scheduler.updateStrategy.type` | Airflow scheduler deployment strategy type | `RollingUpdate` |
|
||||
| `scheduler.updateStrategy.rollingUpdate` | Airflow scheduler deployment rolling update configuration parameters | `{}` |
|
||||
| `scheduler.sidecars` | Add additional sidecar containers to the Airflow scheduler pods | `[]` |
|
||||
| `scheduler.initContainers` | Add additional init containers to the Airflow scheduler pods | `[]` |
|
||||
| `scheduler.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow scheduler pods | `[]` |
|
||||
| `scheduler.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow scheduler pods | `[]` |
|
||||
| `scheduler.pdb.create` | Deploy a pdb object for the Airflow scheduler pods | `false` |
|
||||
| `scheduler.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow scheduler replicas | `1` |
|
||||
| `scheduler.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow scheduler replicas | `""` |
|
||||
|
||||
### Airflow worker parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------------------- |
|
||||
| `worker.image.registry` | Airflow Worker image registry | `REGISTRY_NAME` |
|
||||
| `worker.image.repository` | Airflow Worker image repository | `REPOSITORY_NAME/airflow-worker` |
|
||||
| `worker.image.digest` | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `worker.image.pullPolicy` | Airflow Worker image pull policy | `IfNotPresent` |
|
||||
| `worker.image.pullSecrets` | Airflow Worker image pull secrets | `[]` |
|
||||
| `worker.image.debug` | Enable image debug mode | `false` |
|
||||
| `worker.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `worker.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `worker.extraEnvVars` | Array with extra environment variables to add Airflow worker pods | `[]` |
|
||||
| `worker.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow worker pods | `""` |
|
||||
| `worker.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow worker pods | `""` |
|
||||
| `worker.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow worker pods | `[]` |
|
||||
| `worker.containerPorts.http` | Airflow worker HTTP container port | `8793` |
|
||||
| `worker.replicaCount` | Number of Airflow worker replicas | `1` |
|
||||
| `worker.livenessProbe.enabled` | Enable livenessProbe on Airflow worker containers | `true` |
|
||||
| `worker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` |
|
||||
| `worker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
|
||||
| `worker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `worker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `worker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `worker.readinessProbe.enabled` | Enable readinessProbe on Airflow worker containers | `true` |
|
||||
| `worker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
|
||||
| `worker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `worker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `worker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `worker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `worker.startupProbe.enabled` | Enable startupProbe on Airflow worker containers | `false` |
|
||||
| `worker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` |
|
||||
| `worker.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `worker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `worker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
|
||||
| `worker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `worker.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `worker.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `worker.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `worker.resources.limits` | The resources limits for the Airflow worker containers | `{}` |
|
||||
| `worker.resources.requests` | The requested resources for the Airflow worker containers | `{}` |
|
||||
| `worker.podSecurityContext.enabled` | Enabled Airflow worker pods' Security Context | `true` |
|
||||
| `worker.podSecurityContext.fsGroup` | Set Airflow worker pod's Security Context fsGroup | `1001` |
|
||||
| `worker.containerSecurityContext.enabled` | Enabled Airflow worker containers' Security Context | `true` |
|
||||
| `worker.containerSecurityContext.runAsUser` | Set Airflow worker containers' Security Context runAsUser | `1001` |
|
||||
| `worker.containerSecurityContext.runAsNonRoot` | Set Airflow worker containers' Security Context runAsNonRoot | `true` |
|
||||
| `worker.lifecycleHooks` | for the Airflow worker container(s) to automate configuration before or after startup | `{}` |
|
||||
| `worker.hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `worker.podLabels` | Add extra labels to the Airflow worker pods | `{}` |
|
||||
| `worker.podAnnotations` | Add extra annotations to the Airflow worker pods | `{}` |
|
||||
| `worker.affinity` | Affinity for Airflow worker pods assignment (evaluated as a template) | `{}` |
|
||||
| `worker.nodeAffinityPreset.key` | Node label key to match. Ignored if `worker.affinity` is set. | `""` |
|
||||
| `worker.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `worker.nodeAffinityPreset.values` | Node label values to match. Ignored if `worker.affinity` is set. | `[]` |
|
||||
| `worker.nodeSelector` | Node labels for Airflow worker pods assignment | `{}` |
|
||||
| `worker.podAffinityPreset` | Pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. | `""` |
|
||||
| `worker.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. | `soft` |
|
||||
| `worker.tolerations` | Tolerations for Airflow worker pods assignment | `[]` |
|
||||
| `worker.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `worker.priorityClassName` | Priority Class Name | `""` |
|
||||
| `worker.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
|
||||
| `worker.terminationGracePeriodSeconds` | Seconds Airflow worker pod needs to terminate gracefully | `""` |
|
||||
| `worker.updateStrategy.type` | Airflow worker deployment strategy type | `RollingUpdate` |
|
||||
| `worker.updateStrategy.rollingUpdate` | Airflow worker deployment rolling update configuration parameters | `{}` |
|
||||
| `worker.sidecars` | Add additional sidecar containers to the Airflow worker pods | `[]` |
|
||||
| `worker.initContainers` | Add additional init containers to the Airflow worker pods | `[]` |
|
||||
| `worker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow worker pods | `[]` |
|
||||
| `worker.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow worker pods | `[]` |
|
||||
| `worker.extraVolumeClaimTemplates` | Optionally specify extra list of volumesClaimTemplates for the Airflow worker statefulset | `[]` |
|
||||
| `worker.podTemplate` | Template to replace the default one to be use when `executor=KubernetesExecutor` to create Airflow worker pods | `{}` |
|
||||
| `worker.pdb.create` | Deploy a pdb object for the Airflow worker pods | `false` |
|
||||
| `worker.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow worker replicas | `1` |
|
||||
| `worker.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow worker replicas | `""` |
|
||||
| `worker.autoscaling.enabled` | Whether enable horizontal pod autoscaler | `false` |
|
||||
| `worker.autoscaling.minReplicas` | Configure a minimum amount of pods | `1` |
|
||||
| `worker.autoscaling.maxReplicas` | Configure a maximum amount of pods | `3` |
|
||||
| `worker.autoscaling.targetCPU` | Define the CPU target to trigger the scaling actions (utilization percentage) | `80` |
|
||||
| `worker.autoscaling.targetMemory` | Define the memory target to trigger the scaling actions (utilization percentage) | `80` |
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------------------- |
|
||||
| `worker.image.registry` | Airflow Worker image registry | `REGISTRY_NAME` |
|
||||
| `worker.image.repository` | Airflow Worker image repository | `REPOSITORY_NAME/airflow-worker` |
|
||||
| `worker.image.digest` | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `worker.image.pullPolicy` | Airflow Worker image pull policy | `IfNotPresent` |
|
||||
| `worker.image.pullSecrets` | Airflow Worker image pull secrets | `[]` |
|
||||
| `worker.image.debug` | Enable image debug mode | `false` |
|
||||
| `worker.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `worker.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `worker.extraEnvVars` | Array with extra environment variables to add Airflow worker pods | `[]` |
|
||||
| `worker.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow worker pods | `""` |
|
||||
| `worker.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow worker pods | `""` |
|
||||
| `worker.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow worker pods | `[]` |
|
||||
| `worker.containerPorts.http` | Airflow worker HTTP container port | `8793` |
|
||||
| `worker.replicaCount` | Number of Airflow worker replicas | `1` |
|
||||
| `worker.livenessProbe.enabled` | Enable livenessProbe on Airflow worker containers | `true` |
|
||||
| `worker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` |
|
||||
| `worker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
|
||||
| `worker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `worker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `worker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `worker.readinessProbe.enabled` | Enable readinessProbe on Airflow worker containers | `true` |
|
||||
| `worker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
|
||||
| `worker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `worker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `worker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `worker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `worker.startupProbe.enabled` | Enable startupProbe on Airflow worker containers | `false` |
|
||||
| `worker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` |
|
||||
| `worker.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `worker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `worker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
|
||||
| `worker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `worker.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `worker.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `worker.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `worker.resources.limits` | The resources limits for the Airflow worker containers | `{}` |
|
||||
| `worker.resources.requests` | The requested resources for the Airflow worker containers | `{}` |
|
||||
| `worker.podSecurityContext.enabled` | Enabled Airflow worker pods' Security Context | `true` |
|
||||
| `worker.podSecurityContext.fsGroup` | Set Airflow worker pod's Security Context fsGroup | `1001` |
|
||||
| `worker.containerSecurityContext.enabled` | Enabled Airflow worker containers' Security Context | `true` |
|
||||
| `worker.containerSecurityContext.runAsUser` | Set Airflow worker containers' Security Context runAsUser | `1001` |
|
||||
| `worker.containerSecurityContext.runAsNonRoot` | Set Airflow worker containers' Security Context runAsNonRoot | `true` |
|
||||
| `worker.containerSecurityContext.privileged` | Set worker container's Security Context privileged | `false` |
|
||||
| `worker.containerSecurityContext.allowPrivilegeEscalation` | Set worker container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `worker.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `worker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `worker.lifecycleHooks` | for the Airflow worker container(s) to automate configuration before or after startup | `{}` |
|
||||
| `worker.hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `worker.podLabels` | Add extra labels to the Airflow worker pods | `{}` |
|
||||
| `worker.podAnnotations` | Add extra annotations to the Airflow worker pods | `{}` |
|
||||
| `worker.affinity` | Affinity for Airflow worker pods assignment (evaluated as a template) | `{}` |
|
||||
| `worker.nodeAffinityPreset.key` | Node label key to match. Ignored if `worker.affinity` is set. | `""` |
|
||||
| `worker.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `worker.nodeAffinityPreset.values` | Node label values to match. Ignored if `worker.affinity` is set. | `[]` |
|
||||
| `worker.nodeSelector` | Node labels for Airflow worker pods assignment | `{}` |
|
||||
| `worker.podAffinityPreset` | Pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. | `""` |
|
||||
| `worker.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. | `soft` |
|
||||
| `worker.tolerations` | Tolerations for Airflow worker pods assignment | `[]` |
|
||||
| `worker.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `worker.priorityClassName` | Priority Class Name | `""` |
|
||||
| `worker.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
|
||||
| `worker.terminationGracePeriodSeconds` | Seconds Airflow worker pod needs to terminate gracefully | `""` |
|
||||
| `worker.updateStrategy.type` | Airflow worker deployment strategy type | `RollingUpdate` |
|
||||
| `worker.updateStrategy.rollingUpdate` | Airflow worker deployment rolling update configuration parameters | `{}` |
|
||||
| `worker.sidecars` | Add additional sidecar containers to the Airflow worker pods | `[]` |
|
||||
| `worker.initContainers` | Add additional init containers to the Airflow worker pods | `[]` |
|
||||
| `worker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow worker pods | `[]` |
|
||||
| `worker.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow worker pods | `[]` |
|
||||
| `worker.extraVolumeClaimTemplates` | Optionally specify extra list of volumesClaimTemplates for the Airflow worker statefulset | `[]` |
|
||||
| `worker.podTemplate` | Template to replace the default one to be use when `executor=KubernetesExecutor` to create Airflow worker pods | `{}` |
|
||||
| `worker.pdb.create` | Deploy a pdb object for the Airflow worker pods | `false` |
|
||||
| `worker.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow worker replicas | `1` |
|
||||
| `worker.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow worker replicas | `""` |
|
||||
| `worker.autoscaling.enabled` | Whether enable horizontal pod autoscaler | `false` |
|
||||
| `worker.autoscaling.minReplicas` | Configure a minimum amount of pods | `1` |
|
||||
| `worker.autoscaling.maxReplicas` | Configure a maximum amount of pods | `3` |
|
||||
| `worker.autoscaling.targetCPU` | Define the CPU target to trigger the scaling actions (utilization percentage) | `80` |
|
||||
| `worker.autoscaling.targetMemory` | Define the memory target to trigger the scaling actions (utilization percentage) | `80` |
|
||||
|
||||
### Airflow git sync parameters
|
||||
|
||||
|
@ -404,52 +416,56 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
|
||||
### Airflow metrics parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ---------------------------------- |
|
||||
| `metrics.enabled` | Whether or not to create a standalone Airflow exporter to expose Airflow metrics | `false` |
|
||||
| `metrics.image.registry` | Airflow exporter image registry | `REGISTRY_NAME` |
|
||||
| `metrics.image.repository` | Airflow exporter image repository | `REPOSITORY_NAME/airflow-exporter` |
|
||||
| `metrics.image.digest` | Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | Airflow exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Airflow exporter image pull secrets | `[]` |
|
||||
| `metrics.extraEnvVars` | Array with extra environment variables to add Airflow exporter pods | `[]` |
|
||||
| `metrics.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow exporter pods | `""` |
|
||||
| `metrics.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow exporter pods | `""` |
|
||||
| `metrics.containerPorts.http` | Airflow exporter metrics container port | `9112` |
|
||||
| `metrics.resources.limits` | The resources limits for the container | `{}` |
|
||||
| `metrics.resources.requests` | The requested resources for the container | `{}` |
|
||||
| `metrics.podSecurityContext.enabled` | Enable security context for the pods | `true` |
|
||||
| `metrics.podSecurityContext.fsGroup` | Set Airflow exporter pod's Security Context fsGroup | `1001` |
|
||||
| `metrics.containerSecurityContext.enabled` | Enable Airflow exporter containers' Security Context | `true` |
|
||||
| `metrics.containerSecurityContext.runAsUser` | Set Airflow exporter containers' Security Context runAsUser | `1001` |
|
||||
| `metrics.containerSecurityContext.runAsNonRoot` | Set Airflow exporter containers' Security Context runAsNonRoot | `true` |
|
||||
| `metrics.lifecycleHooks` | for the Airflow exporter container(s) to automate configuration before or after startup | `{}` |
|
||||
| `metrics.hostAliases` | Airflow exporter pods host aliases | `[]` |
|
||||
| `metrics.podLabels` | Extra labels for Airflow exporter pods | `{}` |
|
||||
| `metrics.podAnnotations` | Extra annotations for Airflow exporter pods | `{}` |
|
||||
| `metrics.podAffinityPreset` | Pod affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `metrics.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `metrics.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `metrics.nodeAffinityPreset.key` | Node label key to match Ignored if `metrics.affinity` is set. | `""` |
|
||||
| `metrics.nodeAffinityPreset.values` | Node label values to match. Ignored if `metrics.affinity` is set. | `[]` |
|
||||
| `metrics.affinity` | Affinity for pod assignment | `{}` |
|
||||
| `metrics.nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `metrics.tolerations` | Tolerations for pod assignment | `[]` |
|
||||
| `metrics.schedulerName` | Name of the k8s scheduler (other than default) for Airflow exporter | `""` |
|
||||
| `metrics.service.ports.http` | Airflow exporter metrics service port | `9112` |
|
||||
| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` |
|
||||
| `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
|
||||
| `metrics.service.annotations` | Annotations for the Airflow exporter service | `{}` |
|
||||
| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (requires `metrics.enabled` to be `true`) | `false` |
|
||||
| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` |
|
||||
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `""` |
|
||||
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
|
||||
| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
|
||||
| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
|
||||
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
|
||||
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
|
||||
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
|
||||
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ---------------------------------- |
|
||||
| `metrics.enabled` | Whether or not to create a standalone Airflow exporter to expose Airflow metrics | `false` |
|
||||
| `metrics.image.registry` | Airflow exporter image registry | `REGISTRY_NAME` |
|
||||
| `metrics.image.repository` | Airflow exporter image repository | `REPOSITORY_NAME/airflow-exporter` |
|
||||
| `metrics.image.digest` | Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | Airflow exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Airflow exporter image pull secrets | `[]` |
|
||||
| `metrics.extraEnvVars` | Array with extra environment variables to add Airflow exporter pods | `[]` |
|
||||
| `metrics.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow exporter pods | `""` |
|
||||
| `metrics.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow exporter pods | `""` |
|
||||
| `metrics.containerPorts.http` | Airflow exporter metrics container port | `9112` |
|
||||
| `metrics.resources.limits` | The resources limits for the container | `{}` |
|
||||
| `metrics.resources.requests` | The requested resources for the container | `{}` |
|
||||
| `metrics.podSecurityContext.enabled` | Enable security context for the pods | `true` |
|
||||
| `metrics.podSecurityContext.fsGroup` | Set Airflow exporter pod's Security Context fsGroup | `1001` |
|
||||
| `metrics.containerSecurityContext.enabled` | Enable Airflow exporter containers' Security Context | `true` |
|
||||
| `metrics.containerSecurityContext.runAsUser` | Set Airflow exporter containers' Security Context runAsUser | `1001` |
|
||||
| `metrics.containerSecurityContext.runAsNonRoot` | Set Airflow exporter containers' Security Context runAsNonRoot | `true` |
|
||||
| `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` |
|
||||
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `metrics.lifecycleHooks` | for the Airflow exporter container(s) to automate configuration before or after startup | `{}` |
|
||||
| `metrics.hostAliases` | Airflow exporter pods host aliases | `[]` |
|
||||
| `metrics.podLabels` | Extra labels for Airflow exporter pods | `{}` |
|
||||
| `metrics.podAnnotations` | Extra annotations for Airflow exporter pods | `{}` |
|
||||
| `metrics.podAffinityPreset` | Pod affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `metrics.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `metrics.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `metrics.nodeAffinityPreset.key` | Node label key to match Ignored if `metrics.affinity` is set. | `""` |
|
||||
| `metrics.nodeAffinityPreset.values` | Node label values to match. Ignored if `metrics.affinity` is set. | `[]` |
|
||||
| `metrics.affinity` | Affinity for pod assignment | `{}` |
|
||||
| `metrics.nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `metrics.tolerations` | Tolerations for pod assignment | `[]` |
|
||||
| `metrics.schedulerName` | Name of the k8s scheduler (other than default) for Airflow exporter | `""` |
|
||||
| `metrics.service.ports.http` | Airflow exporter metrics service port | `9112` |
|
||||
| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` |
|
||||
| `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
|
||||
| `metrics.service.annotations` | Annotations for the Airflow exporter service | `{}` |
|
||||
| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (requires `metrics.enabled` to be `true`) | `false` |
|
||||
| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` |
|
||||
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `""` |
|
||||
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
|
||||
| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
|
||||
| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
|
||||
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
|
||||
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
|
||||
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
|
||||
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
|
||||
|
||||
### Airflow database parameters
|
||||
|
||||
|
|
|
@ -311,11 +311,21 @@ web:
|
|||
## @param web.containerSecurityContext.enabled Enabled Airflow web containers' Security Context
|
||||
## @param web.containerSecurityContext.runAsUser Set Airflow web containers' Security Context runAsUser
|
||||
## @param web.containerSecurityContext.runAsNonRoot Set Airflow web containers' Security Context runAsNonRoot
|
||||
## @param web.containerSecurityContext.privileged Set web container's Security Context privileged
|
||||
## @param web.containerSecurityContext.allowPrivilegeEscalation Set web container's Security Context allowPrivilegeEscalation
|
||||
## @param web.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param web.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## @param web.lifecycleHooks for the Airflow web container(s) to automate configuration before or after startup
|
||||
##
|
||||
lifecycleHooks: {}
|
||||
|
@ -515,11 +525,21 @@ scheduler:
|
|||
## @param scheduler.containerSecurityContext.enabled Enabled Airflow scheduler containers' Security Context
|
||||
## @param scheduler.containerSecurityContext.runAsUser Set Airflow scheduler containers' Security Context runAsUser
|
||||
## @param scheduler.containerSecurityContext.runAsNonRoot Set Airflow scheduler containers' Security Context runAsNonRoot
|
||||
## @param scheduler.containerSecurityContext.privileged Set scheduler container's Security Context privileged
|
||||
## @param scheduler.containerSecurityContext.allowPrivilegeEscalation Set scheduler container's Security Context allowPrivilegeEscalation
|
||||
## @param scheduler.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param scheduler.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## @param scheduler.lifecycleHooks for the Airflow scheduler container(s) to automate configuration before or after startup
|
||||
##
|
||||
lifecycleHooks: {}
|
||||
|
@ -767,11 +787,21 @@ worker:
|
|||
## @param worker.containerSecurityContext.enabled Enabled Airflow worker containers' Security Context
|
||||
## @param worker.containerSecurityContext.runAsUser Set Airflow worker containers' Security Context runAsUser
|
||||
## @param worker.containerSecurityContext.runAsNonRoot Set Airflow worker containers' Security Context runAsNonRoot
|
||||
## @param worker.containerSecurityContext.privileged Set worker container's Security Context privileged
|
||||
## @param worker.containerSecurityContext.allowPrivilegeEscalation Set worker container's Security Context allowPrivilegeEscalation
|
||||
## @param worker.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param worker.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## @param worker.lifecycleHooks for the Airflow worker container(s) to automate configuration before or after startup
|
||||
##
|
||||
lifecycleHooks: {}
|
||||
|
@ -1331,6 +1361,10 @@ metrics:
|
|||
## @param metrics.containerSecurityContext.enabled Enable Airflow exporter containers' Security Context
|
||||
## @param metrics.containerSecurityContext.runAsUser Set Airflow exporter containers' Security Context runAsUser
|
||||
## @param metrics.containerSecurityContext.runAsNonRoot Set Airflow exporter containers' Security Context runAsNonRoot
|
||||
## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged
|
||||
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set metrics container's Security Context allowPrivilegeEscalation
|
||||
## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
## e.g:
|
||||
## containerSecurityContext:
|
||||
## enabled: true
|
||||
|
@ -1342,6 +1376,12 @@ metrics:
|
|||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## @param metrics.lifecycleHooks for the Airflow exporter container(s) to automate configuration before or after startup
|
||||
##
|
||||
lifecycleHooks: {}
|
||||
|
|
|
@ -35,4 +35,4 @@ maintainers:
|
|||
name: cassandra
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/cassandra
|
||||
version: 10.5.8
|
||||
version: 10.6.0
|
||||
|
|
|
@ -11,16 +11,18 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
|
|||
## TL;DR
|
||||
|
||||
```console
|
||||
helm install my-release oci://registry-1.docker.io/bitnamicharts/cassandra
|
||||
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
## Introduction
|
||||
|
||||
This chart bootstraps an [Apache Cassandra](https://github.com/bitnami/containers/tree/main/bitnami/cassandra) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
||||
|
||||
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
|
||||
|
||||
Looking to use Apache Cassandra in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
|
||||
Looking to use Apache Cassandra in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
|
@ -33,9 +35,11 @@ Looking to use Apache Cassandra in production? Try [VMware Application Catalog](
|
|||
To install the chart with the release name `my-release`:
|
||||
|
||||
```console
|
||||
helm install my-release oci://registry-1.docker.io/bitnamicharts/cassandra
|
||||
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
These commands deploy one node with Apache Cassandra on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
|
||||
|
||||
> **Tip**: List all releases using `helm list`
|
||||
|
@ -77,108 +81,112 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
|
||||
### Cassandra parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------- | ---------------------------------------------------------------------------------------------------------------------- | --------------------- |
|
||||
| `image.registry` | Cassandra image registry | `docker.io` |
|
||||
| `image.repository` | Cassandra image repository | `bitnami/cassandra` |
|
||||
| `image.tag` | Cassandra image tag (immutable tags are recommended) | `4.1.3-debian-11-r71` |
|
||||
| `image.digest` | Cassandra image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Cassandra image pull secrets | `[]` |
|
||||
| `image.debug` | Enable image debug mode | `false` |
|
||||
| `dbUser.user` | Cassandra admin user | `cassandra` |
|
||||
| `dbUser.forcePassword` | Force the user to provide a non | `false` |
|
||||
| `dbUser.password` | Password for `dbUser.user`. Randomly generated if empty | `""` |
|
||||
| `dbUser.existingSecret` | Use an existing secret object for `dbUser.user` password (will ignore `dbUser.password`) | `""` |
|
||||
| `initDBConfigMap` | ConfigMap with cql scripts. Useful for creating a keyspace and pre-populating data | `""` |
|
||||
| `initDBSecret` | Secret with cql script (with sensitive data). Useful for creating a keyspace and pre-populating data | `""` |
|
||||
| `existingConfiguration` | ConfigMap with custom cassandra configuration files. This overrides any other Cassandra configuration set in the chart | `""` |
|
||||
| `cluster.name` | Cassandra cluster name | `cassandra` |
|
||||
| `cluster.seedCount` | Number of seed nodes | `1` |
|
||||
| `cluster.numTokens` | Number of tokens for each node | `256` |
|
||||
| `cluster.datacenter` | Datacenter name | `dc1` |
|
||||
| `cluster.rack` | Rack name | `rack1` |
|
||||
| `cluster.endpointSnitch` | Endpoint Snitch | `SimpleSnitch` |
|
||||
| `cluster.internodeEncryption` | DEPRECATED: use tls.internode and tls.client instead. Encryption values. | `none` |
|
||||
| `cluster.clientEncryption` | Client Encryption | `false` |
|
||||
| `cluster.extraSeeds` | For an external/second cassandra ring. | `[]` |
|
||||
| `cluster.enableUDF` | Enable User defined functions | `false` |
|
||||
| `jvm.extraOpts` | Set the value for Java Virtual Machine extra options | `""` |
|
||||
| `jvm.maxHeapSize` | Set Java Virtual Machine maximum heap size (MAX_HEAP_SIZE). Calculated automatically if `nil` | `""` |
|
||||
| `jvm.newHeapSize` | Set Java Virtual Machine new heap size (HEAP_NEWSIZE). Calculated automatically if `nil` | `""` |
|
||||
| `command` | Command for running the container (set to default if not set). Use array form | `[]` |
|
||||
| `args` | Args for running the container (set to default if not set). Use array form | `[]` |
|
||||
| `extraEnvVars` | Extra environment variables to be set on cassandra container | `[]` |
|
||||
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` |
|
||||
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` |
|
||||
| Name | Description | Value |
|
||||
| ----------------------------- | ---------------------------------------------------------------------------------------------------------------------- | --------------------------- |
|
||||
| `image.registry` | Cassandra image registry | `REGISTRY_NAME` |
|
||||
| `image.repository` | Cassandra image repository | `REPOSITORY_NAME/cassandra` |
|
||||
| `image.digest` | Cassandra image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Cassandra image pull secrets | `[]` |
|
||||
| `image.debug` | Enable image debug mode | `false` |
|
||||
| `dbUser.user` | Cassandra admin user | `cassandra` |
|
||||
| `dbUser.forcePassword` | Force the user to provide a non | `false` |
|
||||
| `dbUser.password` | Password for `dbUser.user`. Randomly generated if empty | `""` |
|
||||
| `dbUser.existingSecret` | Use an existing secret object for `dbUser.user` password (will ignore `dbUser.password`) | `""` |
|
||||
| `initDBConfigMap` | ConfigMap with cql scripts. Useful for creating a keyspace and pre-populating data | `""` |
|
||||
| `initDBSecret` | Secret with cql script (with sensitive data). Useful for creating a keyspace and pre-populating data | `""` |
|
||||
| `existingConfiguration` | ConfigMap with custom cassandra configuration files. This overrides any other Cassandra configuration set in the chart | `""` |
|
||||
| `cluster.name` | Cassandra cluster name | `cassandra` |
|
||||
| `cluster.seedCount` | Number of seed nodes | `1` |
|
||||
| `cluster.numTokens` | Number of tokens for each node | `256` |
|
||||
| `cluster.datacenter` | Datacenter name | `dc1` |
|
||||
| `cluster.rack` | Rack name | `rack1` |
|
||||
| `cluster.endpointSnitch` | Endpoint Snitch | `SimpleSnitch` |
|
||||
| `cluster.internodeEncryption` | DEPRECATED: use tls.internode and tls.client instead. Encryption values. | `none` |
|
||||
| `cluster.clientEncryption` | Client Encryption | `false` |
|
||||
| `cluster.extraSeeds` | For an external/second cassandra ring. | `[]` |
|
||||
| `cluster.enableUDF` | Enable User defined functions | `false` |
|
||||
| `jvm.extraOpts` | Set the value for Java Virtual Machine extra options | `""` |
|
||||
| `jvm.maxHeapSize` | Set Java Virtual Machine maximum heap size (MAX_HEAP_SIZE). Calculated automatically if `nil` | `""` |
|
||||
| `jvm.newHeapSize` | Set Java Virtual Machine new heap size (HEAP_NEWSIZE). Calculated automatically if `nil` | `""` |
|
||||
| `command` | Command for running the container (set to default if not set). Use array form | `[]` |
|
||||
| `args` | Args for running the container (set to default if not set). Use array form | `[]` |
|
||||
| `extraEnvVars` | Extra environment variables to be set on cassandra container | `[]` |
|
||||
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` |
|
||||
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` |
|
||||
|
||||
### Statefulset parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------- | ----------------------------------------------------------------------------------------- | --------------- |
|
||||
| `replicaCount` | Number of Cassandra replicas | `1` |
|
||||
| `updateStrategy.type` | updateStrategy for Cassandra statefulset | `RollingUpdate` |
|
||||
| `hostAliases` | Add deployment host aliases | `[]` |
|
||||
| `podManagementPolicy` | StatefulSet pod management policy | `OrderedReady` |
|
||||
| `priorityClassName` | Cassandra pods' priority. | `""` |
|
||||
| `podAnnotations` | Additional pod annotations | `{}` |
|
||||
| `podLabels` | Additional pod labels | `{}` |
|
||||
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
|
||||
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
|
||||
| `affinity` | Affinity for pod assignment | `{}` |
|
||||
| `nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `tolerations` | Tolerations for pod assignment | `[]` |
|
||||
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
|
||||
| `podSecurityContext.enabled` | Enabled Cassandra pods' Security Context | `true` |
|
||||
| `podSecurityContext.fsGroup` | Set Cassandra pod's Security Context fsGroup | `1001` |
|
||||
| `containerSecurityContext.enabled` | Enabled Cassandra containers' Security Context | `true` |
|
||||
| `containerSecurityContext.runAsUser` | Set Cassandra container's Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Force the container to be run as non root | `true` |
|
||||
| `resources.limits` | The resources limits for Cassandra containers | `{}` |
|
||||
| `resources.requests` | The requested resources for Cassandra containers | `{}` |
|
||||
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` |
|
||||
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` |
|
||||
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` |
|
||||
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
|
||||
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` |
|
||||
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` |
|
||||
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
|
||||
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `startupProbe.enabled` | Enable startupProbe | `false` |
|
||||
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` |
|
||||
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` |
|
||||
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `customStartupProbe` | Override default startup probe | `{}` |
|
||||
| `lifecycleHooks` | Override default etcd container hooks | `{}` |
|
||||
| `schedulerName` | Alternative scheduler | `""` |
|
||||
| `terminationGracePeriodSeconds` | In seconds, time the given to the Cassandra pod needs to terminate gracefully | `""` |
|
||||
| `extraVolumes` | Optionally specify extra list of additional volumes for cassandra container | `[]` |
|
||||
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for cassandra container | `[]` |
|
||||
| `initContainers` | Add additional init containers to the cassandra pods | `[]` |
|
||||
| `sidecars` | Add additional sidecar containers to the cassandra pods | `[]` |
|
||||
| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` |
|
||||
| `pdb.minAvailable` | Mininimum number of pods that must still be available after the eviction | `1` |
|
||||
| `pdb.maxUnavailable` | Max number of pods that can be unavailable after the eviction | `""` |
|
||||
| `hostNetwork` | Enable HOST Network | `false` |
|
||||
| `containerPorts.intra` | Intra Port on the Host and Container | `7000` |
|
||||
| `containerPorts.tls` | TLS Port on the Host and Container | `7001` |
|
||||
| `containerPorts.jmx` | JMX Port on the Host and Container | `7199` |
|
||||
| `containerPorts.cql` | CQL Port on the Host and Container | `9042` |
|
||||
| `hostPorts.intra` | Intra Port on the Host | `""` |
|
||||
| `hostPorts.tls` | TLS Port on the Host | `""` |
|
||||
| `hostPorts.jmx` | JMX Port on the Host | `""` |
|
||||
| `hostPorts.cql` | CQL Port on the Host | `""` |
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------------- | ----------------------------------------------------------------------------------------- | ---------------- |
|
||||
| `replicaCount` | Number of Cassandra replicas | `1` |
|
||||
| `updateStrategy.type` | updateStrategy for Cassandra statefulset | `RollingUpdate` |
|
||||
| `hostAliases` | Add deployment host aliases | `[]` |
|
||||
| `podManagementPolicy` | StatefulSet pod management policy | `OrderedReady` |
|
||||
| `priorityClassName` | Cassandra pods' priority. | `""` |
|
||||
| `podAnnotations` | Additional pod annotations | `{}` |
|
||||
| `podLabels` | Additional pod labels | `{}` |
|
||||
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
|
||||
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
|
||||
| `affinity` | Affinity for pod assignment | `{}` |
|
||||
| `nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `tolerations` | Tolerations for pod assignment | `[]` |
|
||||
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
|
||||
| `podSecurityContext.enabled` | Enabled Cassandra pods' Security Context | `true` |
|
||||
| `podSecurityContext.fsGroup` | Set Cassandra pod's Security Context fsGroup | `1001` |
|
||||
| `containerSecurityContext.enabled` | Enabled Cassandra containers' Security Context | `true` |
|
||||
| `containerSecurityContext.runAsUser` | Set Cassandra containers' Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.allowPrivilegeEscalation` | Set Cassandra containers' Security Context allowPrivilegeEscalation | `false` |
|
||||
| `containerSecurityContext.capabilities.drop` | Set Cassandra containers' Security Context capabilities to be dropped | `["ALL"]` |
|
||||
| `containerSecurityContext.readOnlyRootFilesystem` | Set Cassandra containers' Security Context readOnlyRootFilesystem | `false` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Set Cassandra containers' Security Context runAsNonRoot | `true` |
|
||||
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `resources.limits` | The resources limits for Cassandra containers | `{}` |
|
||||
| `resources.requests` | The requested resources for Cassandra containers | `{}` |
|
||||
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` |
|
||||
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` |
|
||||
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` |
|
||||
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
|
||||
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` |
|
||||
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` |
|
||||
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
|
||||
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `startupProbe.enabled` | Enable startupProbe | `false` |
|
||||
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` |
|
||||
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` |
|
||||
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `customStartupProbe` | Override default startup probe | `{}` |
|
||||
| `lifecycleHooks` | Override default etcd container hooks | `{}` |
|
||||
| `schedulerName` | Alternative scheduler | `""` |
|
||||
| `terminationGracePeriodSeconds` | In seconds, time the given to the Cassandra pod needs to terminate gracefully | `""` |
|
||||
| `extraVolumes` | Optionally specify extra list of additional volumes for cassandra container | `[]` |
|
||||
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for cassandra container | `[]` |
|
||||
| `initContainers` | Add additional init containers to the cassandra pods | `[]` |
|
||||
| `sidecars` | Add additional sidecar containers to the cassandra pods | `[]` |
|
||||
| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` |
|
||||
| `pdb.minAvailable` | Mininimum number of pods that must still be available after the eviction | `1` |
|
||||
| `pdb.maxUnavailable` | Max number of pods that can be unavailable after the eviction | `""` |
|
||||
| `hostNetwork` | Enable HOST Network | `false` |
|
||||
| `containerPorts.intra` | Intra Port on the Host and Container | `7000` |
|
||||
| `containerPorts.tls` | TLS Port on the Host and Container | `7001` |
|
||||
| `containerPorts.jmx` | JMX Port on the Host and Container | `7199` |
|
||||
| `containerPorts.cql` | CQL Port on the Host and Container | `9042` |
|
||||
| `hostPorts.intra` | Intra Port on the Host | `""` |
|
||||
| `hostPorts.tls` | TLS Port on the Host | `""` |
|
||||
| `hostPorts.jmx` | JMX Port on the Host | `""` |
|
||||
| `hostPorts.cql` | CQL Port on the Host | `""` |
|
||||
|
||||
### RBAC parameters
|
||||
|
||||
|
@ -227,54 +235,52 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
|
||||
### Volume Permissions parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------ |
|
||||
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume image registry | `docker.io` |
|
||||
| `volumePermissions.image.repository` | Init container volume image repository | `bitnami/os-shell` |
|
||||
| `volumePermissions.image.tag` | Init container volume image tag (immutable tags are recommended) | `11-debian-11-r90` |
|
||||
| `volumePermissions.image.digest` | Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `volumePermissions.resources.limits` | The resources limits for the container | `{}` |
|
||||
| `volumePermissions.resources.requests` | The requested resources for the container | `{}` |
|
||||
| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` |
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | -------------------------- |
|
||||
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume image registry | `REGISTRY_NAME` |
|
||||
| `volumePermissions.image.repository` | Init container volume image repository | `REPOSITORY_NAME/os-shell` |
|
||||
| `volumePermissions.image.digest` | Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `volumePermissions.resources.limits` | The resources limits for the container | `{}` |
|
||||
| `volumePermissions.resources.requests` | The requested resources for the container | `{}` |
|
||||
| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` |
|
||||
|
||||
### Metrics parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | ---------------------------- |
|
||||
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
|
||||
| `metrics.image.registry` | Cassandra exporter image registry | `docker.io` |
|
||||
| `metrics.image.repository` | Cassandra exporter image name | `bitnami/cassandra-exporter` |
|
||||
| `metrics.image.tag` | Cassandra exporter image tag | `2.3.8-debian-11-r429` |
|
||||
| `metrics.image.digest` | Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `metrics.resources.limits` | The resources limits for the container | `{}` |
|
||||
| `metrics.resources.requests` | The requested resources for the container | `{}` |
|
||||
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
|
||||
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `45` |
|
||||
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
||||
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for cassandra-exporter container | `[]` |
|
||||
| `metrics.podAnnotations` | Metrics exporter pod Annotation and Labels | `{}` |
|
||||
| `metrics.serviceMonitor.enabled` | If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` |
|
||||
| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `monitoring` |
|
||||
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` |
|
||||
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
|
||||
| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
|
||||
| `metrics.serviceMonitor.metricRelabelings` | Specify Metric Relabelings to add to the scrape endpoint | `[]` |
|
||||
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
|
||||
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
|
||||
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
|
||||
| `metrics.serviceMonitor.labels` | Used to pass Labels that are required by the installed Prometheus Operator | `{}` |
|
||||
| `metrics.containerPorts.http` | HTTP Port on the Host and Container | `8080` |
|
||||
| `metrics.containerPorts.jmx` | JMX Port on the Host and Container | `5555` |
|
||||
| `metrics.hostPorts.http` | HTTP Port on the Host | `""` |
|
||||
| `metrics.hostPorts.jmx` | JMX Port on the Host | `""` |
|
||||
| `metrics.configuration` | Configure Cassandra-exporter with a custom config.yml file | `""` |
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | ------------------------------------ |
|
||||
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
|
||||
| `metrics.image.registry` | Cassandra exporter image registry | `REGISTRY_NAME` |
|
||||
| `metrics.image.repository` | Cassandra exporter image name | `REPOSITORY_NAME/cassandra-exporter` |
|
||||
| `metrics.image.digest` | Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `metrics.resources.limits` | The resources limits for the container | `{}` |
|
||||
| `metrics.resources.requests` | The requested resources for the container | `{}` |
|
||||
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
|
||||
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `45` |
|
||||
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
||||
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for cassandra-exporter container | `[]` |
|
||||
| `metrics.podAnnotations` | Metrics exporter pod Annotation and Labels | `{}` |
|
||||
| `metrics.serviceMonitor.enabled` | If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` |
|
||||
| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `monitoring` |
|
||||
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` |
|
||||
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
|
||||
| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
|
||||
| `metrics.serviceMonitor.metricRelabelings` | Specify Metric Relabelings to add to the scrape endpoint | `[]` |
|
||||
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
|
||||
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
|
||||
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
|
||||
| `metrics.serviceMonitor.labels` | Used to pass Labels that are required by the installed Prometheus Operator | `{}` |
|
||||
| `metrics.containerPorts.http` | HTTP Port on the Host and Container | `8080` |
|
||||
| `metrics.containerPorts.jmx` | JMX Port on the Host and Container | `5555` |
|
||||
| `metrics.hostPorts.http` | HTTP Port on the Host | `""` |
|
||||
| `metrics.hostPorts.jmx` | JMX Port on the Host | `""` |
|
||||
| `metrics.configuration` | Configure Cassandra-exporter with a custom config.yml file | `""` |
|
||||
|
||||
### TLS/SSL parameters
|
||||
|
||||
|
@ -299,15 +305,18 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
|
|||
```console
|
||||
helm install my-release \
|
||||
--set dbUser.user=admin,dbUser.password=password \
|
||||
oci://registry-1.docker.io/bitnamicharts/cassandra
|
||||
oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
|
||||
|
||||
```console
|
||||
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/cassandra
|
||||
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
> **Tip**: You can use the default [values.yaml](values.yaml)
|
||||
|
||||
## Configuration and installation details
|
||||
|
@ -378,9 +387,11 @@ Find more information about how to deal with common errors related to Bitnami's
|
|||
It's necessary to set the `dbUser.password` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use. Please note down the password and run the command below to upgrade your chart:
|
||||
|
||||
```console
|
||||
helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/cassandra --set dbUser.password=[PASSWORD]
|
||||
helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/cassandra --set dbUser.password=[PASSWORD]
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
| Note: you need to substitute the placeholder *[PASSWORD]* with the value obtained in the installation notes.
|
||||
|
||||
### To 9.0.0
|
||||
|
|
|
@ -65,9 +65,9 @@ diagnosticMode:
|
|||
|
||||
## Bitnami Cassandra image
|
||||
## ref: https://hub.docker.com/r/bitnami/cassandra/tags/
|
||||
## @param image.registry Cassandra image registry
|
||||
## @param image.repository Cassandra image repository
|
||||
## @param image.tag Cassandra image tag (immutable tags are recommended)
|
||||
## @param image.registry [default: REGISTRY_NAME] Cassandra image registry
|
||||
## @param image.repository [default: REPOSITORY_NAME/cassandra] Cassandra image repository
|
||||
## @skip image.tag Cassandra image tag (immutable tags are recommended)
|
||||
## @param image.digest Cassandra image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||||
## @param image.pullPolicy image pull policy
|
||||
## @param image.pullSecrets Cassandra image pull secrets
|
||||
|
@ -287,13 +287,25 @@ podSecurityContext:
|
|||
## Configure Container Security Context (only main container)
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param containerSecurityContext.enabled Enabled Cassandra containers' Security Context
|
||||
## @param containerSecurityContext.runAsUser Set Cassandra container's Security Context runAsUser
|
||||
## @param containerSecurityContext.runAsNonRoot Force the container to be run as non root
|
||||
## @param containerSecurityContext.runAsUser Set Cassandra containers' Security Context runAsUser
|
||||
## @param containerSecurityContext.allowPrivilegeEscalation Set Cassandra containers' Security Context allowPrivilegeEscalation
|
||||
## @param containerSecurityContext.capabilities.drop Set Cassandra containers' Security Context capabilities to be dropped
|
||||
## @param containerSecurityContext.readOnlyRootFilesystem Set Cassandra containers' Security Context readOnlyRootFilesystem
|
||||
## @param containerSecurityContext.runAsNonRoot Set Cassandra containers' Security Context runAsNonRoot
|
||||
## @param containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: false
|
||||
## Cassandra pods' resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||||
## Minimum memory for development is 4GB and 2 CPU cores
|
||||
|
@ -606,9 +618,9 @@ volumePermissions:
|
|||
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume
|
||||
##
|
||||
enabled: false
|
||||
## @param volumePermissions.image.registry Init container volume image registry
|
||||
## @param volumePermissions.image.repository Init container volume image repository
|
||||
## @param volumePermissions.image.tag Init container volume image tag (immutable tags are recommended)
|
||||
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume image registry
|
||||
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume image repository
|
||||
## @skip volumePermissions.image.tag Init container volume image tag (immutable tags are recommended)
|
||||
## @param volumePermissions.image.digest Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||||
## @param volumePermissions.image.pullPolicy Init container volume pull policy
|
||||
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
|
||||
|
@ -674,9 +686,9 @@ metrics:
|
|||
enabled: false
|
||||
## Bitnami Cassandra Exporter image
|
||||
## ref: https://hub.docker.com/r/bitnami/cassandra-exporter/tags/
|
||||
## @param metrics.image.registry Cassandra exporter image registry
|
||||
## @param metrics.image.repository Cassandra exporter image name
|
||||
## @param metrics.image.tag Cassandra exporter image tag
|
||||
## @param metrics.image.registry [default: REGISTRY_NAME] Cassandra exporter image registry
|
||||
## @param metrics.image.repository [default: REPOSITORY_NAME/cassandra-exporter] Cassandra exporter image name
|
||||
## @skip metrics.image.tag Cassandra exporter image tag
|
||||
## @param metrics.image.digest Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||||
## @param metrics.image.pullPolicy image pull policy
|
||||
## @param metrics.image.pullSecrets Specify docker-registry secret names as an array
|
||||
|
|
|
@ -45,4 +45,4 @@ maintainers:
|
|||
name: kafka
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/kafka
|
||||
version: 26.2.0
|
||||
version: 26.2.1
|
||||
|
|
|
@ -22,7 +22,7 @@ This chart bootstraps a [Kafka](https://github.com/bitnami/containers/tree/main/
|
|||
|
||||
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
|
||||
|
||||
Looking to use Apache Kafka in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
|
||||
Looking to use Apache Kafka in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
|
@ -1169,9 +1169,9 @@ The changes introduced in this version are:
|
|||
- TLS settings have been moved from `auth.tls.*` to `tls.*`.
|
||||
- Zookeeper TLS settings have been moved from `auth.zookeeper*` to `tls.zookeeper.*`
|
||||
- Refactor externalAccess to support the new architecture:
|
||||
- `externalAccess.service.*` have been renamed to `externalAccess.controller.service.*` and `externalAccess.controller.service.*`.
|
||||
- Controller pods will not configure externalAccess unless:
|
||||
- `controller.controllerOnly=false` (default), meaning the pods are running as 'controller+broker' nodes.
|
||||
- `externalAccess.service.*` have been renamed to `externalAccess.controller.service.*` and `externalAccess.broker.service.*`.
|
||||
- Controller pods will not configure externalAccess unless either:
|
||||
- `controller.controllerOnly=false` (default), meaning the pods are running as 'controller+broker' nodes; or
|
||||
- `externalAccess.controller.service.forceExpose=true`, for use cases where controller-only nodes want to be exposed externally.
|
||||
|
||||
#### Upgrading from Kraft mode
|
||||
|
|
|
@ -825,7 +825,6 @@ controller:
|
|||
##
|
||||
broker:
|
||||
## @param broker.replicaCount Number of Kafka broker-only nodes
|
||||
## Ignore this section if running in Zookeeper mode.
|
||||
##
|
||||
replicaCount: 0
|
||||
## @param broker.minId Minimal node.id values for broker-only nodes. Do not change after first initialization.
|
||||
|
|
|
@ -36,4 +36,4 @@ maintainers:
|
|||
name: mysql
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/mysql
|
||||
version: 9.14.1
|
||||
version: 9.14.2
|
||||
|
|
|
@ -204,7 +204,7 @@ primary:
|
|||
##
|
||||
configuration: |-
|
||||
[mysqld]
|
||||
default_authentication_plugin={{- .Values.auth.defaultAuthPlugin | default "mysql_native_password" }}
|
||||
default_authentication_plugin={{- .Values.auth.defaultAuthenticationPlugin | default "mysql_native_password" }}
|
||||
skip-name-resolve
|
||||
explicit_defaults_for_timestamp
|
||||
basedir=/opt/bitnami/mysql
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 2.13.2
|
||||
digest: sha256:551ae9c020597fd0a1d62967d9899a3c57a12e92f49e7a3967b6a187efdcaead
|
||||
generated: "2023-10-05T15:32:13.375699946Z"
|
||||
version: 2.13.3
|
||||
digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83
|
||||
generated: "2023-11-03T20:45:06.276989379Z"
|
||||
|
|
|
@ -8,9 +8,9 @@ annotations:
|
|||
- name: os-shell
|
||||
image: docker.io/bitnami/os-shell:11-debian-11-r90
|
||||
- name: postgres-exporter
|
||||
image: docker.io/bitnami/postgres-exporter:0.14.0-debian-11-r15
|
||||
image: docker.io/bitnami/postgres-exporter:0.15.0-debian-11-r0
|
||||
- name: postgresql
|
||||
image: docker.io/bitnami/postgresql:16.0.0-debian-11-r13
|
||||
image: docker.io/bitnami/postgresql:16.0.0-debian-11-r14
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 16.0.0
|
||||
|
@ -38,4 +38,4 @@ maintainers:
|
|||
name: postgresql
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/postgresql
|
||||
version: 13.1.5
|
||||
version: 13.2.1
|
||||
|
|
|
@ -11,9 +11,11 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
|
|||
## TL;DR
|
||||
|
||||
```console
|
||||
helm install my-release oci://registry-1.docker.io/bitnamicharts/postgresql
|
||||
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/postgresql
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
## Introduction
|
||||
|
||||
This chart bootstraps a [PostgreSQL](https://github.com/bitnami/containers/tree/main/bitnami/postgresql) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
||||
|
@ -22,7 +24,7 @@ For HA, please see [this repo](https://github.com/bitnami/charts/tree/main/bitna
|
|||
|
||||
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
|
||||
|
||||
Looking to use PostgreSQL in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
|
||||
Looking to use PostgreSQL in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
|
@ -35,9 +37,11 @@ Looking to use PostgreSQL in production? Try [VMware Application Catalog](https:
|
|||
To install the chart with the release name `my-release`:
|
||||
|
||||
```console
|
||||
helm install my-release oci://registry-1.docker.io/bitnamicharts/postgresql
|
||||
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/postgresql
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
|
||||
|
||||
> **Tip**: List all releases using `helm list`
|
||||
|
@ -96,65 +100,64 @@ kubectl delete pvc -l release=my-release
|
|||
|
||||
### PostgreSQL common parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
|
||||
| `image.registry` | PostgreSQL image registry | `docker.io` |
|
||||
| `image.repository` | PostgreSQL image repository | `bitnami/postgresql` |
|
||||
| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `16.0.0-debian-11-r13` |
|
||||
| `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify image pull secrets | `[]` |
|
||||
| `image.debug` | Specify if debug values should be set | `false` |
|
||||
| `auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `true` |
|
||||
| `auth.postgresPassword` | Password for the "postgres" admin user. Ignored if `auth.existingSecret` is provided | `""` |
|
||||
| `auth.username` | Name for a custom user to create | `""` |
|
||||
| `auth.password` | Password for the custom user to create. Ignored if `auth.existingSecret` is provided | `""` |
|
||||
| `auth.database` | Name for a custom database to create | `""` |
|
||||
| `auth.replicationUsername` | Name of the replication user | `repl_user` |
|
||||
| `auth.replicationPassword` | Password for the replication user. Ignored if `auth.existingSecret` is provided | `""` |
|
||||
| `auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials. `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. | `""` |
|
||||
| `auth.secretKeys.adminPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `postgres-password` |
|
||||
| `auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `password` |
|
||||
| `auth.secretKeys.replicationPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `replication-password` |
|
||||
| `auth.usePasswordFiles` | Mount credentials as a files instead of using an environment variable | `false` |
|
||||
| `architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` |
|
||||
| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` |
|
||||
| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `readReplicas.replicaCount`. | `0` |
|
||||
| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` |
|
||||
| `containerPorts.postgresql` | PostgreSQL container port | `5432` |
|
||||
| `audit.logHostname` | Log client hostnames | `false` |
|
||||
| `audit.logConnections` | Add client log-in operations to the log file | `false` |
|
||||
| `audit.logDisconnections` | Add client log-outs operations to the log file | `false` |
|
||||
| `audit.pgAuditLog` | Add operations to log using the pgAudit extension | `""` |
|
||||
| `audit.pgAuditLogCatalog` | Log catalog using pgAudit | `off` |
|
||||
| `audit.clientMinMessages` | Message log level to share with the user | `error` |
|
||||
| `audit.logLinePrefix` | Template for log line prefix (default if not set) | `""` |
|
||||
| `audit.logTimezone` | Timezone for the log timestamps | `""` |
|
||||
| `ldap.enabled` | Enable LDAP support | `false` |
|
||||
| `ldap.server` | IP address or name of the LDAP server. | `""` |
|
||||
| `ldap.port` | Port number on the LDAP server to connect to | `""` |
|
||||
| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `""` |
|
||||
| `ldap.suffix` | String to append to the user name when forming the DN to bind | `""` |
|
||||
| `ldap.basedn` | Root DN to begin the search for the user in | `""` |
|
||||
| `ldap.binddn` | DN of user to bind to LDAP | `""` |
|
||||
| `ldap.bindpw` | Password for the user to bind to LDAP | `""` |
|
||||
| `ldap.searchAttribute` | Attribute to match against the user name in the search | `""` |
|
||||
| `ldap.searchFilter` | The search filter to use when doing search+bind authentication | `""` |
|
||||
| `ldap.scheme` | Set to `ldaps` to use LDAPS | `""` |
|
||||
| `ldap.tls.enabled` | Se to true to enable TLS encryption | `false` |
|
||||
| `ldap.uri` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn`. If provided, all the other LDAP parameters will be ignored. | `""` |
|
||||
| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql/data` |
|
||||
| `postgresqlSharedPreloadLibraries` | Shared preload libraries (comma-separated list) | `pgaudit` |
|
||||
| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for PostgreSQL pod(s) | `true` |
|
||||
| `shmVolume.sizeLimit` | Set this to enable a size limit on the shm tmpfs | `""` |
|
||||
| `tls.enabled` | Enable TLS traffic support | `false` |
|
||||
| `tls.autoGenerated` | Generate automatically self-signed TLS certificates | `false` |
|
||||
| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` |
|
||||
| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `""` |
|
||||
| `tls.certFilename` | Certificate filename | `""` |
|
||||
| `tls.certKeyFilename` | Certificate key filename | `""` |
|
||||
| `tls.certCAFilename` | CA Certificate filename | `""` |
|
||||
| `tls.crlFilename` | File containing a Certificate Revocation List | `""` |
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- |
|
||||
| `image.registry` | PostgreSQL image registry | `REGISTRY_NAME` |
|
||||
| `image.repository` | PostgreSQL image repository | `REPOSITORY_NAME/postgresql` |
|
||||
| `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify image pull secrets | `[]` |
|
||||
| `image.debug` | Specify if debug values should be set | `false` |
|
||||
| `auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `true` |
|
||||
| `auth.postgresPassword` | Password for the "postgres" admin user. Ignored if `auth.existingSecret` is provided | `""` |
|
||||
| `auth.username` | Name for a custom user to create | `""` |
|
||||
| `auth.password` | Password for the custom user to create. Ignored if `auth.existingSecret` is provided | `""` |
|
||||
| `auth.database` | Name for a custom database to create | `""` |
|
||||
| `auth.replicationUsername` | Name of the replication user | `repl_user` |
|
||||
| `auth.replicationPassword` | Password for the replication user. Ignored if `auth.existingSecret` is provided | `""` |
|
||||
| `auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials. `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. | `""` |
|
||||
| `auth.secretKeys.adminPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `postgres-password` |
|
||||
| `auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `password` |
|
||||
| `auth.secretKeys.replicationPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `replication-password` |
|
||||
| `auth.usePasswordFiles` | Mount credentials as a files instead of using an environment variable | `false` |
|
||||
| `architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` |
|
||||
| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` |
|
||||
| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `readReplicas.replicaCount`. | `0` |
|
||||
| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` |
|
||||
| `containerPorts.postgresql` | PostgreSQL container port | `5432` |
|
||||
| `audit.logHostname` | Log client hostnames | `false` |
|
||||
| `audit.logConnections` | Add client log-in operations to the log file | `false` |
|
||||
| `audit.logDisconnections` | Add client log-outs operations to the log file | `false` |
|
||||
| `audit.pgAuditLog` | Add operations to log using the pgAudit extension | `""` |
|
||||
| `audit.pgAuditLogCatalog` | Log catalog using pgAudit | `off` |
|
||||
| `audit.clientMinMessages` | Message log level to share with the user | `error` |
|
||||
| `audit.logLinePrefix` | Template for log line prefix (default if not set) | `""` |
|
||||
| `audit.logTimezone` | Timezone for the log timestamps | `""` |
|
||||
| `ldap.enabled` | Enable LDAP support | `false` |
|
||||
| `ldap.server` | IP address or name of the LDAP server. | `""` |
|
||||
| `ldap.port` | Port number on the LDAP server to connect to | `""` |
|
||||
| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `""` |
|
||||
| `ldap.suffix` | String to append to the user name when forming the DN to bind | `""` |
|
||||
| `ldap.basedn` | Root DN to begin the search for the user in | `""` |
|
||||
| `ldap.binddn` | DN of user to bind to LDAP | `""` |
|
||||
| `ldap.bindpw` | Password for the user to bind to LDAP | `""` |
|
||||
| `ldap.searchAttribute` | Attribute to match against the user name in the search | `""` |
|
||||
| `ldap.searchFilter` | The search filter to use when doing search+bind authentication | `""` |
|
||||
| `ldap.scheme` | Set to `ldaps` to use LDAPS | `""` |
|
||||
| `ldap.tls.enabled` | Se to true to enable TLS encryption | `false` |
|
||||
| `ldap.uri` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn`. If provided, all the other LDAP parameters will be ignored. | `""` |
|
||||
| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql/data` |
|
||||
| `postgresqlSharedPreloadLibraries` | Shared preload libraries (comma-separated list) | `pgaudit` |
|
||||
| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for PostgreSQL pod(s) | `true` |
|
||||
| `shmVolume.sizeLimit` | Set this to enable a size limit on the shm tmpfs | `""` |
|
||||
| `tls.enabled` | Enable TLS traffic support | `false` |
|
||||
| `tls.autoGenerated` | Generate automatically self-signed TLS certificates | `false` |
|
||||
| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` |
|
||||
| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `""` |
|
||||
| `tls.certFilename` | Certificate filename | `""` |
|
||||
| `tls.certKeyFilename` | Certificate key filename | `""` |
|
||||
| `tls.certCAFilename` | CA Certificate filename | `""` |
|
||||
| `tls.crlFilename` | File containing a Certificate Revocation List | `""` |
|
||||
|
||||
### PostgreSQL Primary parameters
|
||||
|
||||
|
@ -208,13 +211,14 @@ kubectl delete pvc -l release=my-release
|
|||
| `primary.resources.requests.cpu` | The requested cpu for the PostgreSQL Primary containers | `250m` |
|
||||
| `primary.podSecurityContext.enabled` | Enable security context | `true` |
|
||||
| `primary.podSecurityContext.fsGroup` | Group ID for the pod | `1001` |
|
||||
| `primary.containerSecurityContext.enabled` | Enable container security context | `true` |
|
||||
| `primary.containerSecurityContext.runAsUser` | User ID for the container | `1001` |
|
||||
| `primary.containerSecurityContext.runAsGroup` | Group ID for the container | `0` |
|
||||
| `primary.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot for the container | `true` |
|
||||
| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation for the container | `false` |
|
||||
| `primary.containerSecurityContext.seccompProfile.type` | Set seccompProfile.type for the container | `RuntimeDefault` |
|
||||
| `primary.containerSecurityContext.capabilities.drop` | Set capabilities.drop for the container | `["ALL"]` |
|
||||
| `primary.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `primary.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `primary.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `primary.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `primary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `primary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `primary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `primary.hostAliases` | PostgreSQL primary pods host aliases | `[]` |
|
||||
| `primary.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (postgresql primary) | `false` |
|
||||
| `primary.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` |
|
||||
|
@ -307,13 +311,14 @@ kubectl delete pvc -l release=my-release
|
|||
| `readReplicas.resources.requests.cpu` | The requested cpu for the PostgreSQL read only containers | `250m` |
|
||||
| `readReplicas.podSecurityContext.enabled` | Enable security context | `true` |
|
||||
| `readReplicas.podSecurityContext.fsGroup` | Group ID for the pod | `1001` |
|
||||
| `readReplicas.containerSecurityContext.enabled` | Enable container security context | `true` |
|
||||
| `readReplicas.containerSecurityContext.runAsUser` | User ID for the container | `1001` |
|
||||
| `readReplicas.containerSecurityContext.runAsGroup` | Group ID for the container | `0` |
|
||||
| `readReplicas.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot for the container | `true` |
|
||||
| `readReplicas.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation for the container | `false` |
|
||||
| `readReplicas.containerSecurityContext.seccompProfile.type` | Set seccompProfile.type for the container | `RuntimeDefault` |
|
||||
| `readReplicas.containerSecurityContext.capabilities.drop` | Set capabilities.drop for the container | `["ALL"]` |
|
||||
| `readReplicas.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `readReplicas.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `readReplicas.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `readReplicas.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `readReplicas.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `readReplicas.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `readReplicas.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `readReplicas.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `readReplicas.hostAliases` | PostgreSQL read only pods host aliases | `[]` |
|
||||
| `readReplicas.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (PostgreSQL read only) | `false` |
|
||||
| `readReplicas.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` |
|
||||
|
@ -382,14 +387,14 @@ kubectl delete pvc -l release=my-release
|
|||
| `backup.cronjob.restartPolicy` | Set the cronjob parameter restartPolicy | `OnFailure` |
|
||||
| `backup.cronjob.podSecurityContext.enabled` | Enable PodSecurityContext for CronJob/Backup | `true` |
|
||||
| `backup.cronjob.podSecurityContext.fsGroup` | Group ID for the CronJob | `1001` |
|
||||
| `backup.cronjob.containerSecurityContext.enabled` | Enable container security context | `true` |
|
||||
| `backup.cronjob.containerSecurityContext.runAsUser` | User ID for the backup container | `1001` |
|
||||
| `backup.cronjob.containerSecurityContext.runAsGroup` | Group ID for the backup container | `0` |
|
||||
| `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set backup container's Security Context runAsNonRoot | `true` |
|
||||
| `backup.cronjob.containerSecurityContext.readOnlyRootFilesystem` | Is the container itself readonly | `true` |
|
||||
| `backup.cronjob.containerSecurityContext.allowPrivilegeEscalation` | Is it possible to escalate backup pod(s) privileges | `false` |
|
||||
| `backup.cronjob.containerSecurityContext.seccompProfile.type` | Set backup container's Security Context seccompProfile type | `RuntimeDefault` |
|
||||
| `backup.cronjob.containerSecurityContext.capabilities.drop` | Set backup container's Security Context capabilities to drop | `["ALL"]` |
|
||||
| `backup.cronjob.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `backup.cronjob.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `backup.cronjob.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `backup.cronjob.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `backup.cronjob.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `backup.cronjob.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `backup.cronjob.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `backup.cronjob.command` | Set backup container's command to run | `["/bin/sh","-c","pg_dumpall --clean --if-exists --load-via-partition-root --quote-all-identifiers --no-password --file=${PGDUMP_DIR}/pg_dumpall-$(date '+%Y-%m-%d-%H-%M').pgdump"]` |
|
||||
| `backup.cronjob.labels` | Set the cronjob labels | `{}` |
|
||||
| `backup.cronjob.annotations` | Set the cronjob annotations | `{}` |
|
||||
|
@ -425,21 +430,20 @@ kubectl delete pvc -l release=my-release
|
|||
|
||||
### Volume Permissions parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ------------------ |
|
||||
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` |
|
||||
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
|
||||
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
|
||||
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
|
||||
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
|
||||
| `volumePermissions.containerSecurityContext.runAsGroup` | Group ID for the init container | `0` |
|
||||
| `volumePermissions.containerSecurityContext.runAsNonRoot` | runAsNonRoot for the init container | `false` |
|
||||
| `volumePermissions.containerSecurityContext.seccompProfile.type` | seccompProfile.type for the init container | `RuntimeDefault` |
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
|
||||
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
|
||||
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
|
||||
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
|
||||
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
|
||||
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
|
||||
| `volumePermissions.containerSecurityContext.runAsGroup` | Group ID for the init container | `0` |
|
||||
| `volumePermissions.containerSecurityContext.runAsNonRoot` | runAsNonRoot for the init container | `false` |
|
||||
| `volumePermissions.containerSecurityContext.seccompProfile.type` | seccompProfile.type for the init container | `RuntimeDefault` |
|
||||
|
||||
### Other Parameters
|
||||
|
||||
|
@ -456,75 +460,77 @@ kubectl delete pvc -l release=my-release
|
|||
|
||||
### Metrics Parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------------- |
|
||||
| `metrics.enabled` | Start a prometheus exporter | `false` |
|
||||
| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` |
|
||||
| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` |
|
||||
| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r15` |
|
||||
| `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` |
|
||||
| `metrics.customMetrics` | Define additional custom metrics | `{}` |
|
||||
| `metrics.extraEnvVars` | Extra environment variables to add to PostgreSQL Prometheus exporter | `[]` |
|
||||
| `metrics.containerSecurityContext.enabled` | Enable PostgreSQL Prometheus exporter containers' Security Context | `true` |
|
||||
| `metrics.containerSecurityContext.runAsUser` | Set PostgreSQL Prometheus exporter containers' Security Context runAsUser | `1001` |
|
||||
| `metrics.containerSecurityContext.runAsGroup` | Set PostgreSQL Prometheus exporter containers' Security Context runAsGroup | `0` |
|
||||
| `metrics.containerSecurityContext.runAsNonRoot` | Set PostgreSQL Prometheus exporter containers' Security Context runAsNonRoot | `true` |
|
||||
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set PostgreSQL Prometheus exporter containers' Security Context allowPrivilegeEscalation | `false` |
|
||||
| `metrics.containerSecurityContext.seccompProfile.type` | Set PostgreSQL Prometheus exporter containers' Security Context seccompProfile.type | `RuntimeDefault` |
|
||||
| `metrics.containerSecurityContext.capabilities.drop` | Set PostgreSQL Prometheus exporter containers' Security Context capabilities.drop | `["ALL"]` |
|
||||
| `metrics.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL Prometheus exporter containers | `true` |
|
||||
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
|
||||
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `metrics.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL Prometheus exporter containers | `true` |
|
||||
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `metrics.startupProbe.enabled` | Enable startupProbe on PostgreSQL Prometheus exporter containers | `false` |
|
||||
| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
|
||||
| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
|
||||
| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `metrics.containerPorts.metrics` | PostgreSQL Prometheus exporter metrics container port | `9187` |
|
||||
| `metrics.resources.limits` | The resources limits for the PostgreSQL Prometheus exporter container | `{}` |
|
||||
| `metrics.resources.requests` | The requested resources for the PostgreSQL Prometheus exporter container | `{}` |
|
||||
| `metrics.service.ports.metrics` | PostgreSQL Prometheus Exporter service port | `9187` |
|
||||
| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` |
|
||||
| `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
|
||||
| `metrics.service.annotations` | Annotations for Prometheus to auto-discover the metrics endpoint | `{}` |
|
||||
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` |
|
||||
| `metrics.serviceMonitor.namespace` | Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) | `""` |
|
||||
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` |
|
||||
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
|
||||
| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
|
||||
| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
|
||||
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
|
||||
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
|
||||
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
|
||||
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
|
||||
| `metrics.prometheusRule.enabled` | Create a PrometheusRule for Prometheus Operator | `false` |
|
||||
| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` |
|
||||
| `metrics.prometheusRule.labels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` |
|
||||
| `metrics.prometheusRule.rules` | PrometheusRule definitions | `[]` |
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | ----------------------------------- |
|
||||
| `metrics.enabled` | Start a prometheus exporter | `false` |
|
||||
| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `REGISTRY_NAME` |
|
||||
| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `REPOSITORY_NAME/postgres-exporter` |
|
||||
| `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` |
|
||||
| `metrics.customMetrics` | Define additional custom metrics | `{}` |
|
||||
| `metrics.extraEnvVars` | Extra environment variables to add to PostgreSQL Prometheus exporter | `[]` |
|
||||
| `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `metrics.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL Prometheus exporter containers | `true` |
|
||||
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
|
||||
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `metrics.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL Prometheus exporter containers | `true` |
|
||||
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `metrics.startupProbe.enabled` | Enable startupProbe on PostgreSQL Prometheus exporter containers | `false` |
|
||||
| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
|
||||
| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
|
||||
| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `metrics.containerPorts.metrics` | PostgreSQL Prometheus exporter metrics container port | `9187` |
|
||||
| `metrics.resources.limits` | The resources limits for the PostgreSQL Prometheus exporter container | `{}` |
|
||||
| `metrics.resources.requests` | The requested resources for the PostgreSQL Prometheus exporter container | `{}` |
|
||||
| `metrics.service.ports.metrics` | PostgreSQL Prometheus Exporter service port | `9187` |
|
||||
| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` |
|
||||
| `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
|
||||
| `metrics.service.annotations` | Annotations for Prometheus to auto-discover the metrics endpoint | `{}` |
|
||||
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` |
|
||||
| `metrics.serviceMonitor.namespace` | Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) | `""` |
|
||||
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` |
|
||||
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
|
||||
| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
|
||||
| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
|
||||
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
|
||||
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
|
||||
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
|
||||
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
|
||||
| `metrics.prometheusRule.enabled` | Create a PrometheusRule for Prometheus Operator | `false` |
|
||||
| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` |
|
||||
| `metrics.prometheusRule.labels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` |
|
||||
| `metrics.prometheusRule.rules` | PrometheusRule definitions | `[]` |
|
||||
|
||||
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
|
||||
|
||||
```console
|
||||
helm install my-release \
|
||||
--set auth.postgresPassword=secretpassword
|
||||
oci://registry-1.docker.io/bitnamicharts/postgresql
|
||||
oci://REGISTRY_NAME/REPOSITORY_NAME/postgresql
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
The above command sets the PostgreSQL `postgres` account password to `secretpassword`.
|
||||
|
||||
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
|
||||
|
@ -533,9 +539,10 @@ The above command sets the PostgreSQL `postgres` account password to `secretpass
|
|||
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
|
||||
|
||||
```console
|
||||
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/postgresql
|
||||
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/postgresql
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
> **Tip**: You can use the default [values.yaml](values.yaml)
|
||||
|
||||
## Configuration and installation details
|
||||
|
|
|
@ -2,7 +2,7 @@ annotations:
|
|||
category: Infrastructure
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 2.13.2
|
||||
appVersion: 2.13.3
|
||||
description: A Library Helm Chart for grouping common logic between bitnami charts.
|
||||
This chart is not deployable by itself.
|
||||
home: https://bitnami.com
|
||||
|
@ -20,4 +20,4 @@ name: common
|
|||
sources:
|
||||
- https://github.com/bitnami/charts
|
||||
type: library
|
||||
version: 2.13.2
|
||||
version: 2.13.3
|
||||
|
|
|
@ -34,8 +34,8 @@ Looking to use our applications in production? Try [VMware Application Catalog](
|
|||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes 1.19+
|
||||
- Helm 3.2.0+
|
||||
- Kubernetes 1.23+
|
||||
- Helm 3.8.0+
|
||||
|
||||
## Parameters
|
||||
|
||||
|
|
|
@ -184,7 +184,7 @@ Returns true if PodSecurityPolicy is supported
|
|||
{{/*
|
||||
Returns true if AdmissionConfiguration is supported
|
||||
*/}}
|
||||
{{- define "common.capabilities.admisionConfiguration.supported" -}}
|
||||
{{- define "common.capabilities.admissionConfiguration.supported" -}}
|
||||
{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
|
@ -193,7 +193,7 @@ Returns true if AdmissionConfiguration is supported
|
|||
{{/*
|
||||
Return the appropriate apiVersion for AdmissionConfiguration.
|
||||
*/}}
|
||||
{{- define "common.capabilities.admisionConfiguration.apiVersion" -}}
|
||||
{{- define "common.capabilities.admissionConfiguration.apiVersion" -}}
|
||||
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
|
||||
{{- print "apiserver.config.k8s.io/v1alpha1" -}}
|
||||
{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}
|
||||
|
|
|
@ -87,9 +87,9 @@ diagnosticMode:
|
|||
|
||||
## Bitnami PostgreSQL image version
|
||||
## ref: https://hub.docker.com/r/bitnami/postgresql/tags/
|
||||
## @param image.registry PostgreSQL image registry
|
||||
## @param image.repository PostgreSQL image repository
|
||||
## @param image.tag PostgreSQL image tag (immutable tags are recommended)
|
||||
## @param image.registry [default: REGISTRY_NAME] PostgreSQL image registry
|
||||
## @param image.repository [default: REPOSITORY_NAME/postgresql] PostgreSQL image repository
|
||||
## @skip image.tag PostgreSQL image tag (immutable tags are recommended)
|
||||
## @param image.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||||
## @param image.pullPolicy PostgreSQL image pull policy
|
||||
## @param image.pullSecrets Specify image pull secrets
|
||||
|
@ -98,7 +98,7 @@ diagnosticMode:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/postgresql
|
||||
tag: 16.0.0-debian-11-r13
|
||||
tag: 16.0.0-debian-11-r14
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
@ -458,25 +458,26 @@ primary:
|
|||
fsGroup: 1001
|
||||
## Container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||||
## @param primary.containerSecurityContext.enabled Enable container security context
|
||||
## @param primary.containerSecurityContext.runAsUser User ID for the container
|
||||
## @param primary.containerSecurityContext.runAsGroup Group ID for the container
|
||||
## @param primary.containerSecurityContext.runAsNonRoot Set runAsNonRoot for the container
|
||||
## @param primary.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation for the container
|
||||
## @param primary.containerSecurityContext.seccompProfile.type Set seccompProfile.type for the container
|
||||
## @param primary.containerSecurityContext.capabilities.drop Set capabilities.drop for the container
|
||||
## @param primary.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param primary.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param primary.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param primary.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param primary.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param primary.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param primary.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param primary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
allowPrivilegeEscalation: false
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## @param primary.hostAliases PostgreSQL primary pods host aliases
|
||||
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
||||
##
|
||||
|
@ -821,25 +822,26 @@ readReplicas:
|
|||
fsGroup: 1001
|
||||
## Container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||||
## @param readReplicas.containerSecurityContext.enabled Enable container security context
|
||||
## @param readReplicas.containerSecurityContext.runAsUser User ID for the container
|
||||
## @param readReplicas.containerSecurityContext.runAsGroup Group ID for the container
|
||||
## @param readReplicas.containerSecurityContext.runAsNonRoot Set runAsNonRoot for the container
|
||||
## @param readReplicas.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation for the container
|
||||
## @param readReplicas.containerSecurityContext.seccompProfile.type Set seccompProfile.type for the container
|
||||
## @param readReplicas.containerSecurityContext.capabilities.drop Set capabilities.drop for the container
|
||||
## @param readReplicas.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param readReplicas.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param readReplicas.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param readReplicas.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param readReplicas.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param readReplicas.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param readReplicas.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param readReplicas.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
allowPrivilegeEscalation: false
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## @param readReplicas.hostAliases PostgreSQL read only pods host aliases
|
||||
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
||||
##
|
||||
|
@ -1108,26 +1110,25 @@ backup:
|
|||
fsGroup: 1001
|
||||
## backup container's Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param backup.cronjob.containerSecurityContext.enabled Enable container security context
|
||||
## @param backup.cronjob.containerSecurityContext.runAsUser User ID for the backup container
|
||||
## @param backup.cronjob.containerSecurityContext.runAsGroup Group ID for the backup container
|
||||
## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set backup container's Security Context runAsNonRoot
|
||||
## @param backup.cronjob.containerSecurityContext.readOnlyRootFilesystem Is the container itself readonly
|
||||
## @param backup.cronjob.containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate backup pod(s) privileges
|
||||
## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set backup container's Security Context seccompProfile type
|
||||
## @param backup.cronjob.containerSecurityContext.capabilities.drop Set backup container's Security Context capabilities to drop
|
||||
## @param backup.cronjob.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param backup.cronjob.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param backup.cronjob.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param backup.cronjob.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param backup.cronjob.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param backup.cronjob.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## @param backup.cronjob.command Set backup container's command to run
|
||||
command:
|
||||
- /bin/sh
|
||||
|
@ -1289,9 +1290,9 @@ volumePermissions:
|
|||
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume
|
||||
##
|
||||
enabled: false
|
||||
## @param volumePermissions.image.registry Init container volume-permissions image registry
|
||||
## @param volumePermissions.image.repository Init container volume-permissions image repository
|
||||
## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
|
||||
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
|
||||
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
|
||||
## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
|
||||
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||||
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
|
||||
## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets
|
||||
|
@ -1390,9 +1391,9 @@ metrics:
|
|||
## @param metrics.enabled Start a prometheus exporter
|
||||
##
|
||||
enabled: false
|
||||
## @param metrics.image.registry PostgreSQL Prometheus Exporter image registry
|
||||
## @param metrics.image.repository PostgreSQL Prometheus Exporter image repository
|
||||
## @param metrics.image.tag PostgreSQL Prometheus Exporter image tag (immutable tags are recommended)
|
||||
## @param metrics.image.registry [default: REGISTRY_NAME] PostgreSQL Prometheus Exporter image registry
|
||||
## @param metrics.image.repository [default: REPOSITORY_NAME/postgres-exporter] PostgreSQL Prometheus Exporter image repository
|
||||
## @skip metrics.image.tag PostgreSQL Prometheus Exporter image tag (immutable tags are recommended)
|
||||
## @param metrics.image.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||||
## @param metrics.image.pullPolicy PostgreSQL Prometheus Exporter image pull policy
|
||||
## @param metrics.image.pullSecrets Specify image pull secrets
|
||||
|
@ -1400,7 +1401,7 @@ metrics:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/postgres-exporter
|
||||
tag: 0.14.0-debian-11-r15
|
||||
tag: 0.15.0-debian-11-r0
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
|
@ -1435,25 +1436,26 @@ metrics:
|
|||
extraEnvVars: []
|
||||
## PostgreSQL Prometheus exporter containers' Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param metrics.containerSecurityContext.enabled Enable PostgreSQL Prometheus exporter containers' Security Context
|
||||
## @param metrics.containerSecurityContext.runAsUser Set PostgreSQL Prometheus exporter containers' Security Context runAsUser
|
||||
## @param metrics.containerSecurityContext.runAsGroup Set PostgreSQL Prometheus exporter containers' Security Context runAsGroup
|
||||
## @param metrics.containerSecurityContext.runAsNonRoot Set PostgreSQL Prometheus exporter containers' Security Context runAsNonRoot
|
||||
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set PostgreSQL Prometheus exporter containers' Security Context allowPrivilegeEscalation
|
||||
## @param metrics.containerSecurityContext.seccompProfile.type Set PostgreSQL Prometheus exporter containers' Security Context seccompProfile.type
|
||||
## @param metrics.containerSecurityContext.capabilities.drop Set PostgreSQL Prometheus exporter containers' Security Context capabilities.drop
|
||||
## @param metrics.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param metrics.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param metrics.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param metrics.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
allowPrivilegeEscalation: false
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## Configure extra options for PostgreSQL Prometheus exporter containers' liveness, readiness and startup probes
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
|
||||
## @param metrics.livenessProbe.enabled Enable livenessProbe on PostgreSQL Prometheus exporter containers
|
||||
|
|
|
@ -10,12 +10,12 @@ annotations:
|
|||
- name: redis-exporter
|
||||
image: docker.io/bitnami/redis-exporter:1.55.0-debian-11-r0
|
||||
- name: redis-sentinel
|
||||
image: docker.io/bitnami/redis-sentinel:7.2.2-debian-11-r0
|
||||
image: docker.io/bitnami/redis-sentinel:7.2.3-debian-11-r0
|
||||
- name: redis
|
||||
image: docker.io/bitnami/redis:7.2.2-debian-11-r0
|
||||
image: docker.io/bitnami/redis:7.2.3-debian-11-r0
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 7.2.2
|
||||
appVersion: 7.2.3
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: file://./charts/common
|
||||
|
@ -37,4 +37,4 @@ maintainers:
|
|||
name: redis
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/redis
|
||||
version: 18.2.0
|
||||
version: 18.2.1
|
||||
|
|
|
@ -1015,4 +1015,4 @@ Unless required by applicable law or agreed to in writing, software
|
|||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
limitations under the License.
|
|
@ -91,7 +91,7 @@ diagnosticMode:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/redis
|
||||
tag: 7.2.2-debian-11-r0
|
||||
tag: 7.2.3-debian-11-r0
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
@ -1056,7 +1056,7 @@ sentinel:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/redis-sentinel
|
||||
tag: 7.2.2-debian-11-r0
|
||||
tag: 7.2.3-debian-11-r0
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
|
|
@ -6,7 +6,7 @@ annotations:
|
|||
category: Infrastructure
|
||||
images: |
|
||||
- name: spark
|
||||
image: docker.io/bitnami/spark:3.5.0-debian-11-r10
|
||||
image: docker.io/bitnami/spark:3.5.0-debian-11-r12
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 3.5.0
|
||||
|
@ -30,4 +30,4 @@ maintainers:
|
|||
name: spark
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/spark
|
||||
version: 8.0.2
|
||||
version: 8.1.0
|
||||
|
|
|
@ -24,7 +24,7 @@ Apache Spark includes APIs for Java, Python, Scala and R.
|
|||
|
||||
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
|
||||
|
||||
Looking to use Apache Spark in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
|
||||
Looking to use Apache Spark in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
|
@ -98,156 +98,162 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
|
||||
### Spark master parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------- |
|
||||
| `master.existingConfigmap` | The name of an existing ConfigMap with your custom configuration for master | `""` |
|
||||
| `master.containerPorts.http` | Specify the port where the web interface will listen on the master over HTTP | `8080` |
|
||||
| `master.containerPorts.https` | Specify the port where the web interface will listen on the master over HTTPS | `8480` |
|
||||
| `master.containerPorts.cluster` | Specify the port where the master listens to communicate with workers | `7077` |
|
||||
| `master.hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `master.extraContainerPorts` | Specify the port where the running jobs inside the masters listens | `[]` |
|
||||
| `master.daemonMemoryLimit` | Set the memory limit for the master daemon | `""` |
|
||||
| `master.configOptions` | Use a string to set the config options for in the form "-Dx=y" | `""` |
|
||||
| `master.extraEnvVars` | Extra environment variables to pass to the master container | `[]` |
|
||||
| `master.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for master nodes | `""` |
|
||||
| `master.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for master nodes | `""` |
|
||||
| `master.podSecurityContext.enabled` | Enable security context | `true` |
|
||||
| `master.podSecurityContext.fsGroup` | Set master pod's Security Context Group ID | `1001` |
|
||||
| `master.podSecurityContext.runAsUser` | Set master pod's Security Context User ID | `1001` |
|
||||
| `master.podSecurityContext.runAsGroup` | Set master pod's Security Context Group ID | `0` |
|
||||
| `master.podSecurityContext.seLinuxOptions` | Set master pod's Security Context SELinux options | `{}` |
|
||||
| `master.containerSecurityContext.enabled` | Enabled master containers' Security Context | `true` |
|
||||
| `master.containerSecurityContext.runAsUser` | Set master containers' Security Context runAsUser | `1001` |
|
||||
| `master.containerSecurityContext.runAsNonRoot` | Set master containers' Security Context runAsNonRoot | `true` |
|
||||
| `master.containerSecurityContext.readOnlyRootFilesystem` | Set master containers' Security Context runAsNonRoot | `false` |
|
||||
| `master.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `master.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `master.podAnnotations` | Annotations for pods in StatefulSet | `{}` |
|
||||
| `master.podLabels` | Extra labels for pods in StatefulSet | `{}` |
|
||||
| `master.podAffinityPreset` | Spark master pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `master.podAntiAffinityPreset` | Spark master pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `master.nodeAffinityPreset.type` | Spark master node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `master.nodeAffinityPreset.key` | Spark master node label key to match Ignored if `master.affinity` is set. | `""` |
|
||||
| `master.nodeAffinityPreset.values` | Spark master node label values to match. Ignored if `master.affinity` is set. | `[]` |
|
||||
| `master.affinity` | Spark master affinity for pod assignment | `{}` |
|
||||
| `master.nodeSelector` | Spark master node labels for pod assignment | `{}` |
|
||||
| `master.tolerations` | Spark master tolerations for pod assignment | `[]` |
|
||||
| `master.updateStrategy.type` | Master statefulset strategy type. | `RollingUpdate` |
|
||||
| `master.priorityClassName` | master pods' priorityClassName | `""` |
|
||||
| `master.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `master.schedulerName` | Name of the k8s scheduler (other than default) for master pods | `""` |
|
||||
| `master.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` |
|
||||
| `master.lifecycleHooks` | for the master container(s) to automate configuration before or after startup | `{}` |
|
||||
| `master.extraVolumes` | Optionally specify extra list of additional volumes for the master pod(s) | `[]` |
|
||||
| `master.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the master container(s) | `[]` |
|
||||
| `master.extraVolumeClaimTemplates` | Optionally specify extra list of volumesClaimTemplates for the master statefulset | `[]` |
|
||||
| `master.resources.limits` | The resources limits for the container | `{}` |
|
||||
| `master.resources.requests` | The requested resources for the container | `{}` |
|
||||
| `master.livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `master.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` |
|
||||
| `master.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
|
||||
| `master.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `master.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `master.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `master.readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `master.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
|
||||
| `master.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `master.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `master.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `master.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `master.startupProbe.enabled` | Enable startupProbe | `false` |
|
||||
| `master.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
|
||||
| `master.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `master.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `master.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
|
||||
| `master.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `master.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `master.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `master.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `master.sidecars` | Add additional sidecar containers to the master pod(s) | `[]` |
|
||||
| `master.initContainers` | Add initContainers to the master pods. | `[]` |
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ---------------- |
|
||||
| `master.existingConfigmap` | The name of an existing ConfigMap with your custom configuration for master | `""` |
|
||||
| `master.containerPorts.http` | Specify the port where the web interface will listen on the master over HTTP | `8080` |
|
||||
| `master.containerPorts.https` | Specify the port where the web interface will listen on the master over HTTPS | `8480` |
|
||||
| `master.containerPorts.cluster` | Specify the port where the master listens to communicate with workers | `7077` |
|
||||
| `master.hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `master.extraContainerPorts` | Specify the port where the running jobs inside the masters listens | `[]` |
|
||||
| `master.daemonMemoryLimit` | Set the memory limit for the master daemon | `""` |
|
||||
| `master.configOptions` | Use a string to set the config options for in the form "-Dx=y" | `""` |
|
||||
| `master.extraEnvVars` | Extra environment variables to pass to the master container | `[]` |
|
||||
| `master.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for master nodes | `""` |
|
||||
| `master.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for master nodes | `""` |
|
||||
| `master.podSecurityContext.enabled` | Enable security context | `true` |
|
||||
| `master.podSecurityContext.fsGroup` | Set master pod's Security Context Group ID | `1001` |
|
||||
| `master.podSecurityContext.runAsUser` | Set master pod's Security Context User ID | `1001` |
|
||||
| `master.podSecurityContext.runAsGroup` | Set master pod's Security Context Group ID | `0` |
|
||||
| `master.podSecurityContext.seLinuxOptions` | Set master pod's Security Context SELinux options | `{}` |
|
||||
| `master.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `master.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `master.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `master.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `master.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `master.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `master.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `master.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `master.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `master.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `master.podAnnotations` | Annotations for pods in StatefulSet | `{}` |
|
||||
| `master.podLabels` | Extra labels for pods in StatefulSet | `{}` |
|
||||
| `master.podAffinityPreset` | Spark master pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `master.podAntiAffinityPreset` | Spark master pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `master.nodeAffinityPreset.type` | Spark master node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `master.nodeAffinityPreset.key` | Spark master node label key to match Ignored if `master.affinity` is set. | `""` |
|
||||
| `master.nodeAffinityPreset.values` | Spark master node label values to match. Ignored if `master.affinity` is set. | `[]` |
|
||||
| `master.affinity` | Spark master affinity for pod assignment | `{}` |
|
||||
| `master.nodeSelector` | Spark master node labels for pod assignment | `{}` |
|
||||
| `master.tolerations` | Spark master tolerations for pod assignment | `[]` |
|
||||
| `master.updateStrategy.type` | Master statefulset strategy type. | `RollingUpdate` |
|
||||
| `master.priorityClassName` | master pods' priorityClassName | `""` |
|
||||
| `master.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `master.schedulerName` | Name of the k8s scheduler (other than default) for master pods | `""` |
|
||||
| `master.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` |
|
||||
| `master.lifecycleHooks` | for the master container(s) to automate configuration before or after startup | `{}` |
|
||||
| `master.extraVolumes` | Optionally specify extra list of additional volumes for the master pod(s) | `[]` |
|
||||
| `master.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the master container(s) | `[]` |
|
||||
| `master.extraVolumeClaimTemplates` | Optionally specify extra list of volumesClaimTemplates for the master statefulset | `[]` |
|
||||
| `master.resources.limits` | The resources limits for the container | `{}` |
|
||||
| `master.resources.requests` | The requested resources for the container | `{}` |
|
||||
| `master.livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `master.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` |
|
||||
| `master.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
|
||||
| `master.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `master.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `master.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `master.readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `master.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
|
||||
| `master.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `master.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `master.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `master.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `master.startupProbe.enabled` | Enable startupProbe | `false` |
|
||||
| `master.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
|
||||
| `master.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `master.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `master.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
|
||||
| `master.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `master.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `master.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `master.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `master.sidecars` | Add additional sidecar containers to the master pod(s) | `[]` |
|
||||
| `master.initContainers` | Add initContainers to the master pods. | `[]` |
|
||||
|
||||
### Spark worker parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------- |
|
||||
| `worker.existingConfigmap` | The name of an existing ConfigMap with your custom configuration for workers | `""` |
|
||||
| `worker.containerPorts.http` | Specify the port where the web interface will listen on the worker over HTTP | `8080` |
|
||||
| `worker.containerPorts.https` | Specify the port where the web interface will listen on the worker over HTTPS | `8480` |
|
||||
| `worker.containerPorts.cluster` | Specify the port where the worker listens to communicate with workers | `""` |
|
||||
| `worker.hostAliases` | Add deployment host aliases | `[]` |
|
||||
| `worker.extraContainerPorts` | Specify the port where the running jobs inside the workers listens | `[]` |
|
||||
| `worker.daemonMemoryLimit` | Set the memory limit for the worker daemon | `""` |
|
||||
| `worker.memoryLimit` | Set the maximum memory the worker is allowed to use | `""` |
|
||||
| `worker.coreLimit` | Se the maximum number of cores that the worker can use | `""` |
|
||||
| `worker.dir` | Set a custom working directory for the application | `""` |
|
||||
| `worker.javaOptions` | Set options for the JVM in the form `-Dx=y` | `""` |
|
||||
| `worker.configOptions` | Set extra options to configure the worker in the form `-Dx=y` | `""` |
|
||||
| `worker.extraEnvVars` | An array to add extra env vars | `[]` |
|
||||
| `worker.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for worker nodes | `""` |
|
||||
| `worker.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for worker nodes | `""` |
|
||||
| `worker.replicaCount` | Number of spark workers (will be the minimum number when autoscaling is enabled) | `2` |
|
||||
| `worker.podSecurityContext.enabled` | Enable security context | `true` |
|
||||
| `worker.podSecurityContext.fsGroup` | Group ID for the container | `1001` |
|
||||
| `worker.podSecurityContext.runAsUser` | User ID for the container | `1001` |
|
||||
| `worker.podSecurityContext.runAsGroup` | Group ID for the container | `0` |
|
||||
| `worker.podSecurityContext.seLinuxOptions` | SELinux options for the container | `{}` |
|
||||
| `worker.containerSecurityContext.enabled` | Enabled worker containers' Security Context | `true` |
|
||||
| `worker.containerSecurityContext.runAsUser` | Set worker containers' Security Context runAsUser | `1001` |
|
||||
| `worker.containerSecurityContext.runAsNonRoot` | Set worker containers' Security Context runAsNonRoot | `true` |
|
||||
| `worker.containerSecurityContext.readOnlyRootFilesystem` | Set worker containers' Security Context runAsNonRoot | `false` |
|
||||
| `worker.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `worker.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `worker.podAnnotations` | Annotations for pods in StatefulSet | `{}` |
|
||||
| `worker.podLabels` | Extra labels for pods in StatefulSet | `{}` |
|
||||
| `worker.podAffinityPreset` | Spark worker pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `worker.podAntiAffinityPreset` | Spark worker pod anti-affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `worker.nodeAffinityPreset.type` | Spark worker node affinity preset type. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `worker.nodeAffinityPreset.key` | Spark worker node label key to match Ignored if `worker.affinity` is set. | `""` |
|
||||
| `worker.nodeAffinityPreset.values` | Spark worker node label values to match. Ignored if `worker.affinity` is set. | `[]` |
|
||||
| `worker.affinity` | Spark worker affinity for pod assignment | `{}` |
|
||||
| `worker.nodeSelector` | Spark worker node labels for pod assignment | `{}` |
|
||||
| `worker.tolerations` | Spark worker tolerations for pod assignment | `[]` |
|
||||
| `worker.updateStrategy.type` | Worker statefulset strategy type. | `RollingUpdate` |
|
||||
| `worker.podManagementPolicy` | Statefulset Pod Management Policy Type | `OrderedReady` |
|
||||
| `worker.priorityClassName` | worker pods' priorityClassName | `""` |
|
||||
| `worker.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `worker.schedulerName` | Name of the k8s scheduler (other than default) for worker pods | `""` |
|
||||
| `worker.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` |
|
||||
| `worker.lifecycleHooks` | for the worker container(s) to automate configuration before or after startup | `{}` |
|
||||
| `worker.extraVolumes` | Optionally specify extra list of additional volumes for the worker pod(s) | `[]` |
|
||||
| `worker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the master container(s) | `[]` |
|
||||
| `worker.extraVolumeClaimTemplates` | Optionally specify extra list of volumesClaimTemplates for the worker statefulset | `[]` |
|
||||
| `worker.resources.limits` | The resources limits for the container | `{}` |
|
||||
| `worker.resources.requests` | The requested resources for the container | `{}` |
|
||||
| `worker.livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `worker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` |
|
||||
| `worker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
|
||||
| `worker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `worker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `worker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `worker.readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `worker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
|
||||
| `worker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `worker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `worker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `worker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `worker.startupProbe.enabled` | Enable startupProbe | `true` |
|
||||
| `worker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
|
||||
| `worker.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `worker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `worker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
|
||||
| `worker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `worker.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `worker.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `worker.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `worker.sidecars` | Add additional sidecar containers to the worker pod(s) | `[]` |
|
||||
| `worker.initContainers` | Add initContainers to the worker pods. | `[]` |
|
||||
| `worker.autoscaling.enabled` | Enable replica autoscaling depending on CPU | `false` |
|
||||
| `worker.autoscaling.minReplicas` | Minimum number of worker replicas | `""` |
|
||||
| `worker.autoscaling.maxReplicas` | Maximum number of worker replicas | `5` |
|
||||
| `worker.autoscaling.targetCPU` | Target CPU utilization percentage | `50` |
|
||||
| `worker.autoscaling.targetMemory` | Target Memory utilization percentage | `""` |
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ---------------- |
|
||||
| `worker.existingConfigmap` | The name of an existing ConfigMap with your custom configuration for workers | `""` |
|
||||
| `worker.containerPorts.http` | Specify the port where the web interface will listen on the worker over HTTP | `8080` |
|
||||
| `worker.containerPorts.https` | Specify the port where the web interface will listen on the worker over HTTPS | `8480` |
|
||||
| `worker.containerPorts.cluster` | Specify the port where the worker listens to communicate with workers | `""` |
|
||||
| `worker.hostAliases` | Add deployment host aliases | `[]` |
|
||||
| `worker.extraContainerPorts` | Specify the port where the running jobs inside the workers listens | `[]` |
|
||||
| `worker.daemonMemoryLimit` | Set the memory limit for the worker daemon | `""` |
|
||||
| `worker.memoryLimit` | Set the maximum memory the worker is allowed to use | `""` |
|
||||
| `worker.coreLimit` | Se the maximum number of cores that the worker can use | `""` |
|
||||
| `worker.dir` | Set a custom working directory for the application | `""` |
|
||||
| `worker.javaOptions` | Set options for the JVM in the form `-Dx=y` | `""` |
|
||||
| `worker.configOptions` | Set extra options to configure the worker in the form `-Dx=y` | `""` |
|
||||
| `worker.extraEnvVars` | An array to add extra env vars | `[]` |
|
||||
| `worker.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for worker nodes | `""` |
|
||||
| `worker.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for worker nodes | `""` |
|
||||
| `worker.replicaCount` | Number of spark workers (will be the minimum number when autoscaling is enabled) | `2` |
|
||||
| `worker.podSecurityContext.enabled` | Enable security context | `true` |
|
||||
| `worker.podSecurityContext.fsGroup` | Group ID for the container | `1001` |
|
||||
| `worker.podSecurityContext.seLinuxOptions` | SELinux options for the container | `{}` |
|
||||
| `worker.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `worker.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `worker.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `worker.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `worker.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `worker.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `worker.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `worker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `worker.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `worker.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `worker.podAnnotations` | Annotations for pods in StatefulSet | `{}` |
|
||||
| `worker.podLabels` | Extra labels for pods in StatefulSet | `{}` |
|
||||
| `worker.podAffinityPreset` | Spark worker pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `worker.podAntiAffinityPreset` | Spark worker pod anti-affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `worker.nodeAffinityPreset.type` | Spark worker node affinity preset type. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `worker.nodeAffinityPreset.key` | Spark worker node label key to match Ignored if `worker.affinity` is set. | `""` |
|
||||
| `worker.nodeAffinityPreset.values` | Spark worker node label values to match. Ignored if `worker.affinity` is set. | `[]` |
|
||||
| `worker.affinity` | Spark worker affinity for pod assignment | `{}` |
|
||||
| `worker.nodeSelector` | Spark worker node labels for pod assignment | `{}` |
|
||||
| `worker.tolerations` | Spark worker tolerations for pod assignment | `[]` |
|
||||
| `worker.updateStrategy.type` | Worker statefulset strategy type. | `RollingUpdate` |
|
||||
| `worker.podManagementPolicy` | Statefulset Pod Management Policy Type | `OrderedReady` |
|
||||
| `worker.priorityClassName` | worker pods' priorityClassName | `""` |
|
||||
| `worker.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `worker.schedulerName` | Name of the k8s scheduler (other than default) for worker pods | `""` |
|
||||
| `worker.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` |
|
||||
| `worker.lifecycleHooks` | for the worker container(s) to automate configuration before or after startup | `{}` |
|
||||
| `worker.extraVolumes` | Optionally specify extra list of additional volumes for the worker pod(s) | `[]` |
|
||||
| `worker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the master container(s) | `[]` |
|
||||
| `worker.extraVolumeClaimTemplates` | Optionally specify extra list of volumesClaimTemplates for the worker statefulset | `[]` |
|
||||
| `worker.resources.limits` | The resources limits for the container | `{}` |
|
||||
| `worker.resources.requests` | The requested resources for the container | `{}` |
|
||||
| `worker.livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `worker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` |
|
||||
| `worker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
|
||||
| `worker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `worker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `worker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `worker.readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `worker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
|
||||
| `worker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `worker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `worker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `worker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `worker.startupProbe.enabled` | Enable startupProbe | `true` |
|
||||
| `worker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
|
||||
| `worker.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `worker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `worker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
|
||||
| `worker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `worker.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `worker.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `worker.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `worker.sidecars` | Add additional sidecar containers to the worker pod(s) | `[]` |
|
||||
| `worker.initContainers` | Add initContainers to the worker pods. | `[]` |
|
||||
| `worker.autoscaling.enabled` | Enable replica autoscaling depending on CPU | `false` |
|
||||
| `worker.autoscaling.minReplicas` | Minimum number of worker replicas | `""` |
|
||||
| `worker.autoscaling.maxReplicas` | Maximum number of worker replicas | `5` |
|
||||
| `worker.autoscaling.targetCPU` | Target CPU utilization percentage | `50` |
|
||||
| `worker.autoscaling.targetMemory` | Target Memory utilization percentage | `""` |
|
||||
|
||||
### Security parameters
|
||||
|
||||
|
|
|
@ -95,7 +95,7 @@ diagnosticMode:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/spark
|
||||
tag: 3.5.0-debian-11-r10
|
||||
tag: 3.5.0-debian-11-r12
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
@ -183,16 +183,26 @@ master:
|
|||
seLinuxOptions: {}
|
||||
## Configure Container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param master.containerSecurityContext.enabled Enabled master containers' Security Context
|
||||
## @param master.containerSecurityContext.runAsUser Set master containers' Security Context runAsUser
|
||||
## @param master.containerSecurityContext.runAsNonRoot Set master containers' Security Context runAsNonRoot
|
||||
## @param master.containerSecurityContext.readOnlyRootFilesystem Set master containers' Security Context runAsNonRoot
|
||||
## @param master.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param master.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param master.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param master.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param master.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param master.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param master.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param master.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## @param master.command Override default container command (useful when using custom images)
|
||||
##
|
||||
command: []
|
||||
|
@ -451,28 +461,34 @@ worker:
|
|||
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||||
## @param worker.podSecurityContext.enabled Enable security context
|
||||
## @param worker.podSecurityContext.fsGroup Group ID for the container
|
||||
## @param worker.podSecurityContext.runAsUser User ID for the container
|
||||
## @param worker.podSecurityContext.runAsGroup Group ID for the container
|
||||
## @param worker.podSecurityContext.seLinuxOptions SELinux options for the container
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1001
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
seLinuxOptions: {}
|
||||
## Configure Container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param worker.containerSecurityContext.enabled Enabled worker containers' Security Context
|
||||
## @param worker.containerSecurityContext.runAsUser Set worker containers' Security Context runAsUser
|
||||
## @param worker.containerSecurityContext.runAsNonRoot Set worker containers' Security Context runAsNonRoot
|
||||
## @param worker.containerSecurityContext.readOnlyRootFilesystem Set worker containers' Security Context runAsNonRoot
|
||||
## @param worker.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param worker.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param worker.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param worker.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param worker.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param worker.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param worker.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param worker.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## @param worker.command Override default container command (useful when using custom images)
|
||||
##
|
||||
command: []
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 2.13.2
|
||||
digest: sha256:551ae9c020597fd0a1d62967d9899a3c57a12e92f49e7a3967b6a187efdcaead
|
||||
generated: "2023-10-09T21:56:34.987847613Z"
|
||||
version: 2.13.3
|
||||
digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83
|
||||
generated: "2023-10-31T12:41:05.52315381+01:00"
|
||||
|
|
|
@ -38,4 +38,4 @@ maintainers:
|
|||
name: tomcat
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/tomcat
|
||||
version: 10.10.10
|
||||
version: 10.11.0
|
||||
|
|
|
@ -11,9 +11,11 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
|
|||
## TL;DR
|
||||
|
||||
```console
|
||||
helm install my-release oci://registry-1.docker.io/bitnamicharts/tomcat
|
||||
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
## Introduction
|
||||
|
||||
This chart bootstraps a [Tomcat](https://github.com/bitnami/containers/tree/main/bitnami/tomcat) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
||||
|
@ -22,7 +24,7 @@ Tomcat implements several Java EE specifications including Java Servlet, JavaSer
|
|||
|
||||
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
|
||||
|
||||
Looking to use Apache Tomcat in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
|
||||
Looking to use Apache Tomcat in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
|
@ -36,9 +38,11 @@ Looking to use Apache Tomcat in production? Try [VMware Application Catalog](htt
|
|||
To install the chart with the release name `my-release`:
|
||||
|
||||
```console
|
||||
helm install my-release oci://registry-1.docker.io/bitnamicharts/tomcat
|
||||
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
These commands deploy Tomcat on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
|
||||
|
||||
> **Tip**: List all releases using `helm list`
|
||||
|
@ -77,93 +81,97 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
|
||||
### Tomcat parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------- | ------------------------------------------------------------------------------------------------------ | ---------------------- |
|
||||
| `image.registry` | Tomcat image registry | `docker.io` |
|
||||
| `image.repository` | Tomcat image repository | `bitnami/tomcat` |
|
||||
| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.15-debian-11-r0` |
|
||||
| `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `image.debug` | Specify if debug logs should be enabled | `false` |
|
||||
| `hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `tomcatUsername` | Tomcat admin user | `user` |
|
||||
| `tomcatPassword` | Tomcat admin password | `""` |
|
||||
| `tomcatAllowRemoteManagement` | Enable remote access to management interface | `0` |
|
||||
| `catalinaOpts` | Java runtime option used by tomcat JVM | `""` |
|
||||
| `command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `extraEnvVars` | Extra environment variables to be set on Tomcat container | `[]` |
|
||||
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables | `""` |
|
||||
| `extraEnvVarsSecret` | Name of existing Secret containing extra environment variables | `""` |
|
||||
| Name | Description | Value |
|
||||
| ----------------------------- | ------------------------------------------------------------------------------------------------------ | ------------------------ |
|
||||
| `image.registry` | Tomcat image registry | `REGISTRY_NAME` |
|
||||
| `image.repository` | Tomcat image repository | `REPOSITORY_NAME/tomcat` |
|
||||
| `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `image.debug` | Specify if debug logs should be enabled | `false` |
|
||||
| `hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `tomcatUsername` | Tomcat admin user | `user` |
|
||||
| `tomcatPassword` | Tomcat admin password | `""` |
|
||||
| `tomcatAllowRemoteManagement` | Enable remote access to management interface | `0` |
|
||||
| `catalinaOpts` | Java runtime option used by tomcat JVM | `""` |
|
||||
| `command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `extraEnvVars` | Extra environment variables to be set on Tomcat container | `[]` |
|
||||
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables | `""` |
|
||||
| `extraEnvVarsSecret` | Name of existing Secret containing extra environment variables | `""` |
|
||||
|
||||
### Tomcat deployment parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | ------------------- |
|
||||
| `replicaCount` | Specify number of Tomcat replicas | `1` |
|
||||
| `deployment.type` | Use Deployment or StatefulSet | `deployment` |
|
||||
| `updateStrategy.type` | StrategyType | `RollingUpdate` |
|
||||
| `containerPorts.http` | HTTP port to expose at container level | `8080` |
|
||||
| `containerExtraPorts` | Extra ports to expose at container level | `[]` |
|
||||
| `podSecurityContext.enabled` | Enable Tomcat pods' Security Context | `true` |
|
||||
| `podSecurityContext.fsGroup` | Set Tomcat pod's Security Context fsGroup | `1001` |
|
||||
| `containerSecurityContext.enabled` | Enable Tomcat containers' SecurityContext | `true` |
|
||||
| `containerSecurityContext.runAsUser` | User ID for the Tomcat container | `1001` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Force user to be root in Tomcat container | `true` |
|
||||
| `resources.limits` | The resources limits for the Tomcat container | `{}` |
|
||||
| `resources.requests` | The requested resources for the Tomcat container | `{}` |
|
||||
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
|
||||
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
|
||||
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
|
||||
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` |
|
||||
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
||||
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `startupProbe.enabled` | Enable startupProbe | `false` |
|
||||
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
|
||||
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `5` |
|
||||
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `3` |
|
||||
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` |
|
||||
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `customLivenessProbe` | Override default liveness probe | `{}` |
|
||||
| `customReadinessProbe` | Override default readiness probe | `{}` |
|
||||
| `customStartupProbe` | Override default startup probe | `{}` |
|
||||
| `podLabels` | Extra labels for Tomcat pods | `{}` |
|
||||
| `podAnnotations` | Annotations for Tomcat pods | `{}` |
|
||||
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` |
|
||||
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
|
||||
| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` |
|
||||
| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` |
|
||||
| `schedulerName` | Alternative scheduler | `""` |
|
||||
| `lifecycleHooks` | Override default etcd container hooks | `{}` |
|
||||
| `podManagementPolicy` | podManagementPolicy to manage scaling operation of pods (only in StatefulSet mode) | `""` |
|
||||
| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` |
|
||||
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `extraPodSpec` | Optionally specify extra PodSpec | `{}` |
|
||||
| `extraVolumes` | Optionally specify extra list of additional volumes for Tomcat pods in Deployment | `[]` |
|
||||
| `extraVolumeClaimTemplates` | Optionally specify extra list of additional volume claim templates for Tomcat pods in StatefulSet | `[]` |
|
||||
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Tomcat container(s) | `[]` |
|
||||
| `initContainers` | Add init containers to the Tomcat pods. | `[]` |
|
||||
| `sidecars` | Add sidecars to the Tomcat pods. | `[]` |
|
||||
| `persistence.enabled` | Enable persistence | `true` |
|
||||
| `persistence.storageClass` | PVC Storage Class for Tomcat volume | `""` |
|
||||
| `persistence.annotations` | Persistent Volume Claim annotations | `{}` |
|
||||
| `persistence.accessModes` | PVC Access Modes for Tomcat volume | `["ReadWriteOnce"]` |
|
||||
| `persistence.size` | PVC Storage Request for Tomcat volume | `8Gi` |
|
||||
| `persistence.existingClaim` | An Existing PVC name for Tomcat volume | `""` |
|
||||
| `persistence.selectorLabels` | Selector labels to use in volume claim template in statefulset | `{}` |
|
||||
| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. | `false` |
|
||||
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
|
||||
| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` |
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------- |
|
||||
| `replicaCount` | Specify number of Tomcat replicas | `1` |
|
||||
| `deployment.type` | Use Deployment or StatefulSet | `deployment` |
|
||||
| `updateStrategy.type` | StrategyType | `RollingUpdate` |
|
||||
| `containerPorts.http` | HTTP port to expose at container level | `8080` |
|
||||
| `containerExtraPorts` | Extra ports to expose at container level | `[]` |
|
||||
| `podSecurityContext.enabled` | Enable Tomcat pods' Security Context | `true` |
|
||||
| `podSecurityContext.fsGroup` | Set Tomcat pod's Security Context fsGroup | `1001` |
|
||||
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `resources.limits` | The resources limits for the Tomcat container | `{}` |
|
||||
| `resources.requests` | The requested resources for the Tomcat container | `{}` |
|
||||
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
|
||||
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
|
||||
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
|
||||
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` |
|
||||
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
||||
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `startupProbe.enabled` | Enable startupProbe | `false` |
|
||||
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
|
||||
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `5` |
|
||||
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `3` |
|
||||
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` |
|
||||
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `customLivenessProbe` | Override default liveness probe | `{}` |
|
||||
| `customReadinessProbe` | Override default readiness probe | `{}` |
|
||||
| `customStartupProbe` | Override default startup probe | `{}` |
|
||||
| `podLabels` | Extra labels for Tomcat pods | `{}` |
|
||||
| `podAnnotations` | Annotations for Tomcat pods | `{}` |
|
||||
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` |
|
||||
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
|
||||
| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` |
|
||||
| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` |
|
||||
| `schedulerName` | Alternative scheduler | `""` |
|
||||
| `lifecycleHooks` | Override default etcd container hooks | `{}` |
|
||||
| `podManagementPolicy` | podManagementPolicy to manage scaling operation of pods (only in StatefulSet mode) | `""` |
|
||||
| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` |
|
||||
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `extraPodSpec` | Optionally specify extra PodSpec | `{}` |
|
||||
| `extraVolumes` | Optionally specify extra list of additional volumes for Tomcat pods in Deployment | `[]` |
|
||||
| `extraVolumeClaimTemplates` | Optionally specify extra list of additional volume claim templates for Tomcat pods in StatefulSet | `[]` |
|
||||
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Tomcat container(s) | `[]` |
|
||||
| `initContainers` | Add init containers to the Tomcat pods. | `[]` |
|
||||
| `sidecars` | Add sidecars to the Tomcat pods. | `[]` |
|
||||
| `persistence.enabled` | Enable persistence | `true` |
|
||||
| `persistence.storageClass` | PVC Storage Class for Tomcat volume | `""` |
|
||||
| `persistence.annotations` | Persistent Volume Claim annotations | `{}` |
|
||||
| `persistence.accessModes` | PVC Access Modes for Tomcat volume | `["ReadWriteOnce"]` |
|
||||
| `persistence.size` | PVC Storage Request for Tomcat volume | `8Gi` |
|
||||
| `persistence.existingClaim` | An Existing PVC name for Tomcat volume | `""` |
|
||||
| `persistence.selectorLabels` | Selector labels to use in volume claim template in statefulset | `{}` |
|
||||
| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. | `false` |
|
||||
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
|
||||
| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` |
|
||||
|
||||
### Traffic Exposure parameters
|
||||
|
||||
|
@ -198,51 +206,54 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
|
||||
### Volume Permissions parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ------------------ |
|
||||
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r90` |
|
||||
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
|
||||
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
|
||||
| Name | Description | Value |
|
||||
| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
|
||||
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
|
||||
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
|
||||
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
|
||||
|
||||
### Metrics parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `metrics.jmx.enabled` | Whether or not to expose JMX metrics to Prometheus | `false` |
|
||||
| `metrics.jmx.catalinaOpts` | custom option used to enabled JMX on tomcat jvm evaluated as template | `-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true` |
|
||||
| `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` |
|
||||
| `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` |
|
||||
| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.19.0-debian-11-r95` |
|
||||
| `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `metrics.jmx.config` | Configuration file for JMX exporter | `""` |
|
||||
| `metrics.jmx.containerSecurityContext.enabled` | Enable Prometheus JMX exporter containers' Security Context | `true` |
|
||||
| `metrics.jmx.containerSecurityContext.runAsUser` | Set Prometheus JMX exporter containers' Security Context runAsUser | `1001` |
|
||||
| `metrics.jmx.containerSecurityContext.runAsNonRoot` | Set Prometheus JMX exporter containers' Security Context runAsNonRoot | `true` |
|
||||
| `metrics.jmx.resources.limits` | JMX Exporter container resource limits | `{}` |
|
||||
| `metrics.jmx.resources.requests` | JMX Exporter container resource requests | `{}` |
|
||||
| `metrics.jmx.ports.metrics` | JMX Exporter container metrics ports | `5556` |
|
||||
| `metrics.jmx.existingConfigmap` | Name of existing ConfigMap with JMX exporter configuration | `""` |
|
||||
| `metrics.podMonitor.podTargetLabels` | Used to keep given pod's labels in target | `[]` |
|
||||
| `metrics.podMonitor.enabled` | Create PodMonitor Resource for scraping metrics using PrometheusOperator | `false` |
|
||||
| `metrics.podMonitor.namespace` | Optional namespace in which Prometheus is running | `""` |
|
||||
| `metrics.podMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` |
|
||||
| `metrics.podMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `30s` |
|
||||
| `metrics.podMonitor.additionalLabels` | Additional labels that can be used so PodMonitors will be discovered by Prometheus | `{}` |
|
||||
| `metrics.podMonitor.scheme` | Scheme to use for scraping | `http` |
|
||||
| `metrics.podMonitor.tlsConfig` | TLS configuration used for scrape endpoints used by Prometheus | `{}` |
|
||||
| `metrics.podMonitor.relabelings` | Prometheus relabeling rules | `[]` |
|
||||
| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` |
|
||||
| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` |
|
||||
| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | `""` |
|
||||
| `metrics.prometheusRule.rules` | Create specified [Rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) | `[]` |
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| `metrics.jmx.enabled` | Whether or not to expose JMX metrics to Prometheus | `false` |
|
||||
| `metrics.jmx.catalinaOpts` | custom option used to enabled JMX on tomcat jvm evaluated as template | `-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true` |
|
||||
| `metrics.jmx.image.registry` | JMX exporter image registry | `REGISTRY_NAME` |
|
||||
| `metrics.jmx.image.repository` | JMX exporter image repository | `REPOSITORY_NAME/jmx-exporter` |
|
||||
| `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `metrics.jmx.config` | Configuration file for JMX exporter | `""` |
|
||||
| `metrics.jmx.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `metrics.jmx.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `metrics.jmx.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `metrics.jmx.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `metrics.jmx.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `metrics.jmx.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `metrics.jmx.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `metrics.jmx.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `metrics.jmx.resources.limits` | JMX Exporter container resource limits | `{}` |
|
||||
| `metrics.jmx.resources.requests` | JMX Exporter container resource requests | `{}` |
|
||||
| `metrics.jmx.ports.metrics` | JMX Exporter container metrics ports | `5556` |
|
||||
| `metrics.jmx.existingConfigmap` | Name of existing ConfigMap with JMX exporter configuration | `""` |
|
||||
| `metrics.podMonitor.podTargetLabels` | Used to keep given pod's labels in target | `[]` |
|
||||
| `metrics.podMonitor.enabled` | Create PodMonitor Resource for scraping metrics using PrometheusOperator | `false` |
|
||||
| `metrics.podMonitor.namespace` | Optional namespace in which Prometheus is running | `""` |
|
||||
| `metrics.podMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` |
|
||||
| `metrics.podMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `30s` |
|
||||
| `metrics.podMonitor.additionalLabels` | Additional labels that can be used so PodMonitors will be discovered by Prometheus | `{}` |
|
||||
| `metrics.podMonitor.scheme` | Scheme to use for scraping | `http` |
|
||||
| `metrics.podMonitor.tlsConfig` | TLS configuration used for scrape endpoints used by Prometheus | `{}` |
|
||||
| `metrics.podMonitor.relabelings` | Prometheus relabeling rules | `[]` |
|
||||
| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` |
|
||||
| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` |
|
||||
| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | `""` |
|
||||
| `metrics.prometheusRule.rules` | Create specified [Rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) | `[]` |
|
||||
|
||||
The above parameters map to the env variables defined in [bitnami/tomcat](https://github.com/bitnami/containers/tree/main/bitnami/tomcat). For more information please refer to the [bitnami/tomcat](https://github.com/bitnami/containers/tree/main/bitnami/tomcat) image documentation.
|
||||
|
||||
|
@ -250,9 +261,11 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
|
|||
|
||||
```console
|
||||
helm install my-release \
|
||||
--set tomcatUsername=manager,tomcatPassword=password oci://registry-1.docker.io/bitnamicharts/tomcat
|
||||
--set tomcatUsername=manager,tomcatPassword=password oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
The above command sets the Tomcat management username and password to `manager` and `password` respectively.
|
||||
|
||||
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
|
||||
|
@ -260,9 +273,10 @@ The above command sets the Tomcat management username and password to `manager`
|
|||
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
|
||||
|
||||
```console
|
||||
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/tomcat
|
||||
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
> **Tip**: You can use the default [values.yaml](values.yaml)
|
||||
|
||||
## Configuration and installation details
|
||||
|
@ -346,9 +360,11 @@ Consequences:
|
|||
```console
|
||||
export TOMCAT_PASSWORD=$(kubectl get secret --namespace default tomcat -o jsonpath="{.data.tomcat-password}" | base64 -d)
|
||||
kubectl delete deployments.apps tomcat
|
||||
helm upgrade tomcat oci://registry-1.docker.io/bitnamicharts/tomcat --set tomcatPassword=$TOMCAT_PASSWORD
|
||||
helm upgrade tomcat oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat --set tomcatPassword=$TOMCAT_PASSWORD
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
### To 7.0.0
|
||||
|
||||
[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
|
||||
|
@ -364,15 +380,19 @@ This release updates the Bitnami Tomcat container to `9.0.26-debian-9-r0`, which
|
|||
Tomcat container was moved to a non-root approach. There shouldn't be any issue when upgrading since the corresponding `securityContext` is enabled by default. Both the container image and the chart can be upgraded by running the command below:
|
||||
|
||||
```console
|
||||
helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/tomcat
|
||||
helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
If you use a previous container image (previous to **8.5.35-r26**) disable the `securityContext` by running the command below:
|
||||
|
||||
```console
|
||||
helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/tomcat --set securityContext.enabled=false,image.tag=XXX
|
||||
helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/tomcat --set securityContext.enabled=false,image.tag=XXX
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
### To 1.0.0
|
||||
|
||||
Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments.
|
||||
|
|
|
@ -2,7 +2,7 @@ annotations:
|
|||
category: Infrastructure
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 2.13.2
|
||||
appVersion: 2.13.3
|
||||
description: A Library Helm Chart for grouping common logic between bitnami charts.
|
||||
This chart is not deployable by itself.
|
||||
home: https://bitnami.com
|
||||
|
@ -20,4 +20,4 @@ name: common
|
|||
sources:
|
||||
- https://github.com/bitnami/charts
|
||||
type: library
|
||||
version: 2.13.2
|
||||
version: 2.13.3
|
||||
|
|
|
@ -34,8 +34,8 @@ Looking to use our applications in production? Try [VMware Application Catalog](
|
|||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes 1.19+
|
||||
- Helm 3.2.0+
|
||||
- Kubernetes 1.23+
|
||||
- Helm 3.8.0+
|
||||
|
||||
## Parameters
|
||||
|
||||
|
|
|
@ -184,7 +184,7 @@ Returns true if PodSecurityPolicy is supported
|
|||
{{/*
|
||||
Returns true if AdmissionConfiguration is supported
|
||||
*/}}
|
||||
{{- define "common.capabilities.admisionConfiguration.supported" -}}
|
||||
{{- define "common.capabilities.admissionConfiguration.supported" -}}
|
||||
{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
|
||||
{{- true -}}
|
||||
{{- end -}}
|
||||
|
@ -193,7 +193,7 @@ Returns true if AdmissionConfiguration is supported
|
|||
{{/*
|
||||
Return the appropriate apiVersion for AdmissionConfiguration.
|
||||
*/}}
|
||||
{{- define "common.capabilities.admisionConfiguration.apiVersion" -}}
|
||||
{{- define "common.capabilities.admissionConfiguration.apiVersion" -}}
|
||||
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
|
||||
{{- print "apiserver.config.k8s.io/v1alpha1" -}}
|
||||
{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}
|
||||
|
|
|
@ -50,9 +50,9 @@ extraDeploy: []
|
|||
|
||||
## Bitnami Tomcat image version
|
||||
## ref: https://hub.docker.com/r/bitnami/tomcat/tags/
|
||||
## @param image.registry Tomcat image registry
|
||||
## @param image.repository Tomcat image repository
|
||||
## @param image.tag Tomcat image tag (immutable tags are recommended)
|
||||
## @param image.registry [default: REGISTRY_NAME] Tomcat image registry
|
||||
## @param image.repository [default: REPOSITORY_NAME/tomcat] Tomcat image repository
|
||||
## @skip image.tag Tomcat image tag (immutable tags are recommended)
|
||||
## @param image.digest Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||||
## @param image.pullPolicy Tomcat image pull policy
|
||||
## @param image.pullSecrets Specify docker-registry secret names as an array
|
||||
|
@ -159,14 +159,26 @@ podSecurityContext:
|
|||
fsGroup: 1001
|
||||
## Tomcat containers' SecurityContext
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param containerSecurityContext.enabled Enable Tomcat containers' SecurityContext
|
||||
## @param containerSecurityContext.runAsUser User ID for the Tomcat container
|
||||
## @param containerSecurityContext.runAsNonRoot Force user to be root in Tomcat container
|
||||
## @param containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## Tomcat containers' resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||||
## We usually recommend not to specify default resources and to leave this as a conscious
|
||||
|
@ -575,9 +587,9 @@ volumePermissions:
|
|||
## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory
|
||||
##
|
||||
enabled: false
|
||||
## @param volumePermissions.image.registry Init container volume-permissions image registry
|
||||
## @param volumePermissions.image.repository Init container volume-permissions image repository
|
||||
## @param volumePermissions.image.tag Init container volume-permissions image tag
|
||||
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
|
||||
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
|
||||
## @skip volumePermissions.image.tag Init container volume-permissions image tag
|
||||
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||||
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
|
||||
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
|
||||
|
@ -635,9 +647,9 @@ metrics:
|
|||
catalinaOpts: -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true
|
||||
## Bitnami JMX exporter image
|
||||
## ref: https://hub.docker.com/r/bitnami/jmx-exporter/tags/
|
||||
## @param metrics.jmx.image.registry JMX exporter image registry
|
||||
## @param metrics.jmx.image.repository JMX exporter image repository
|
||||
## @param metrics.jmx.image.tag JMX exporter image tag (immutable tags are recommended)
|
||||
## @param metrics.jmx.image.registry [default: REGISTRY_NAME] JMX exporter image registry
|
||||
## @param metrics.jmx.image.repository [default: REPOSITORY_NAME/jmx-exporter] JMX exporter image repository
|
||||
## @skip metrics.jmx.image.tag JMX exporter image tag (immutable tags are recommended)
|
||||
## @param metrics.jmx.image.digest JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||||
## @param metrics.jmx.image.pullPolicy JMX exporter image pull policy
|
||||
## @param metrics.jmx.image.pullSecrets Specify docker-registry secret names as an array
|
||||
|
@ -671,13 +683,25 @@ metrics:
|
|||
attrNameSnakeCase: true
|
||||
## Prometheus JMX exporter containers' Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param metrics.jmx.containerSecurityContext.enabled Enable Prometheus JMX exporter containers' Security Context
|
||||
## @param metrics.jmx.containerSecurityContext.runAsUser Set Prometheus JMX exporter containers' Security Context runAsUser
|
||||
## @param metrics.jmx.containerSecurityContext.runAsNonRoot Set Prometheus JMX exporter containers' Security Context runAsNonRoot
|
||||
## @param metrics.jmx.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param metrics.jmx.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param metrics.jmx.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param metrics.jmx.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param metrics.jmx.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param metrics.jmx.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param metrics.jmx.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param metrics.jmx.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## Prometheus JMX Exporter' resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||||
## We usually recommend not to specify default resources and to leave this as a conscious
|
||||
|
|
|
@ -10,7 +10,7 @@ annotations:
|
|||
- name: os-shell
|
||||
image: docker.io/bitnami/os-shell:11-debian-11-r90
|
||||
- name: wordpress
|
||||
image: docker.io/bitnami/wordpress:6.3.2-debian-11-r5
|
||||
image: docker.io/bitnami/wordpress:6.3.2-debian-11-r8
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 6.3.2
|
||||
|
@ -47,4 +47,4 @@ maintainers:
|
|||
name: wordpress
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/wordpress
|
||||
version: 18.0.12
|
||||
version: 18.1.3
|
||||
|
|
|
@ -172,13 +172,14 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `extraContainerPorts` | Optionally specify extra list of additional ports for WordPress container(s) | `[]` |
|
||||
| `podSecurityContext.enabled` | Enabled WordPress pods' Security Context | `true` |
|
||||
| `podSecurityContext.fsGroup` | Set WordPress pod's Security Context fsGroup | `1001` |
|
||||
| `podSecurityContext.seccompProfile.type` | Set WordPress container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `containerSecurityContext.enabled` | Enabled WordPress containers' Security Context | `true` |
|
||||
| `containerSecurityContext.runAsUser` | Set WordPress container's Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Set WordPress container's Security Context runAsNonRoot | `true` |
|
||||
| `containerSecurityContext.allowPrivilegeEscalation` | Set WordPress container's privilege escalation | `false` |
|
||||
| `containerSecurityContext.readOnlyRootFilesystem` | Set WordPress container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `containerSecurityContext.capabilities.drop` | Set WordPress container's Security Context runAsNonRoot | `["ALL"]` |
|
||||
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `livenessProbe.enabled` | Enable livenessProbe on WordPress containers | `true` |
|
||||
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
|
||||
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
|
|
|
@ -76,7 +76,7 @@ diagnosticMode:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/wordpress
|
||||
tag: 6.3.2-debian-11-r5
|
||||
tag: 6.3.2-debian-11-r8
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
@ -402,30 +402,32 @@ extraContainerPorts: []
|
|||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param podSecurityContext.enabled Enabled WordPress pods' Security Context
|
||||
## @param podSecurityContext.fsGroup Set WordPress pod's Security Context fsGroup
|
||||
## @param podSecurityContext.seccompProfile.type Set WordPress container's Security Context seccomp profile
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1001
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## Configure Container Security Context (only main container)
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param containerSecurityContext.enabled Enabled WordPress containers' Security Context
|
||||
## @param containerSecurityContext.runAsUser Set WordPress container's Security Context runAsUser
|
||||
## @param containerSecurityContext.runAsNonRoot Set WordPress container's Security Context runAsNonRoot
|
||||
## @param containerSecurityContext.allowPrivilegeEscalation Set WordPress container's privilege escalation
|
||||
## @param containerSecurityContext.readOnlyRootFilesystem Set WordPress container's Security Context readOnlyRootFilesystem
|
||||
## @param containerSecurityContext.capabilities.drop Set WordPress container's Security Context runAsNonRoot
|
||||
## @param containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## Configure extra options for WordPress containers' liveness, readiness and startup probes
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
|
||||
## @param livenessProbe.enabled Enable livenessProbe on WordPress containers
|
||||
|
|
|
@ -30,4 +30,4 @@ maintainers:
|
|||
name: zookeeper
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/zookeeper
|
||||
version: 12.1.6
|
||||
version: 12.3.0
|
||||
|
|
|
@ -11,16 +11,18 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
|
|||
## TL;DR
|
||||
|
||||
```console
|
||||
helm install my-release oci://registry-1.docker.io/bitnamicharts/zookeeper
|
||||
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/zookeeper
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
## Introduction
|
||||
|
||||
This chart bootstraps a [ZooKeeper](https://github.com/bitnami/containers/tree/main/bitnami/zookeeper) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
||||
|
||||
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
|
||||
|
||||
Looking to use Apache ZooKeeper in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
|
||||
Looking to use Apache ZooKeeper in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
|
@ -33,9 +35,11 @@ Looking to use Apache ZooKeeper in production? Try [VMware Application Catalog](
|
|||
To install the chart with the release name `my-release`:
|
||||
|
||||
```console
|
||||
helm install my-release oci://registry-1.docker.io/bitnamicharts/zookeeper
|
||||
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/zookeeper
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
These commands deploy ZooKeeper on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
|
||||
|
||||
> **Tip**: List all releases using `helm list`
|
||||
|
@ -78,117 +82,121 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
|
||||
### ZooKeeper chart parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
|
||||
| `image.registry` | ZooKeeper image registry | `docker.io` |
|
||||
| `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` |
|
||||
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.9.1-debian-11-r1` |
|
||||
| `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `image.debug` | Specify if debug values should be set | `false` |
|
||||
| `auth.client.enabled` | Enable ZooKeeper client-server authentication. It uses SASL/Digest-MD5 | `false` |
|
||||
| `auth.client.clientUser` | User that will use ZooKeeper clients to auth | `""` |
|
||||
| `auth.client.clientPassword` | Password that will use ZooKeeper clients to auth | `""` |
|
||||
| `auth.client.serverUsers` | Comma, semicolon or whitespace separated list of user to be created | `""` |
|
||||
| `auth.client.serverPasswords` | Comma, semicolon or whitespace separated list of passwords to assign to users when created | `""` |
|
||||
| `auth.client.existingSecret` | Use existing secret (ignores previous passwords) | `""` |
|
||||
| `auth.quorum.enabled` | Enable ZooKeeper server-server authentication. It uses SASL/Digest-MD5 | `false` |
|
||||
| `auth.quorum.learnerUser` | User that the ZooKeeper quorumLearner will use to authenticate to quorumServers. | `""` |
|
||||
| `auth.quorum.learnerPassword` | Password that the ZooKeeper quorumLearner will use to authenticate to quorumServers. | `""` |
|
||||
| `auth.quorum.serverUsers` | Comma, semicolon or whitespace separated list of users for the quorumServers. | `""` |
|
||||
| `auth.quorum.serverPasswords` | Comma, semicolon or whitespace separated list of passwords to assign to users when created | `""` |
|
||||
| `auth.quorum.existingSecret` | Use existing secret (ignores previous passwords) | `""` |
|
||||
| `tickTime` | Basic time unit (in milliseconds) used by ZooKeeper for heartbeats | `2000` |
|
||||
| `initLimit` | ZooKeeper uses to limit the length of time the ZooKeeper servers in quorum have to connect to a leader | `10` |
|
||||
| `syncLimit` | How far out of date a server can be from a leader | `5` |
|
||||
| `preAllocSize` | Block size for transaction log file | `65536` |
|
||||
| `snapCount` | The number of transactions recorded in the transaction log before a snapshot can be taken (and the transaction log rolled) | `100000` |
|
||||
| `maxClientCnxns` | Limits the number of concurrent connections that a single client may make to a single member of the ZooKeeper ensemble | `60` |
|
||||
| `maxSessionTimeout` | Maximum session timeout (in milliseconds) that the server will allow the client to negotiate | `40000` |
|
||||
| `heapSize` | Size (in MB) for the Java Heap options (Xmx and Xms) | `1024` |
|
||||
| `fourlwCommandsWhitelist` | A list of comma separated Four Letter Words commands that can be executed | `srvr, mntr, ruok` |
|
||||
| `minServerId` | Minimal SERVER_ID value, nodes increment their IDs respectively | `1` |
|
||||
| `listenOnAllIPs` | Allow ZooKeeper to listen for connections from its peers on all available IP addresses | `false` |
|
||||
| `autopurge.snapRetainCount` | The most recent snapshots amount (and corresponding transaction logs) to retain | `3` |
|
||||
| `autopurge.purgeInterval` | The time interval (in hours) for which the purge task has to be triggered | `0` |
|
||||
| `logLevel` | Log level for the ZooKeeper server. ERROR by default | `ERROR` |
|
||||
| `jvmFlags` | Default JVM flags for the ZooKeeper process | `""` |
|
||||
| `dataLogDir` | Dedicated data log directory | `""` |
|
||||
| `configuration` | Configure ZooKeeper with a custom zoo.cfg file | `""` |
|
||||
| `existingConfigmap` | The name of an existing ConfigMap with your custom configuration for ZooKeeper | `""` |
|
||||
| `extraEnvVars` | Array with extra environment variables to add to ZooKeeper nodes | `[]` |
|
||||
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ZooKeeper nodes | `""` |
|
||||
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ZooKeeper nodes | `""` |
|
||||
| `command` | Override default container command (useful when using custom images) | `["/scripts/setup.sh"]` |
|
||||
| `args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| Name | Description | Value |
|
||||
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | --------------------------- |
|
||||
| `image.registry` | ZooKeeper image registry | `REGISTRY_NAME` |
|
||||
| `image.repository` | ZooKeeper image repository | `REPOSITORY_NAME/zookeeper` |
|
||||
| `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `image.debug` | Specify if debug values should be set | `false` |
|
||||
| `auth.client.enabled` | Enable ZooKeeper client-server authentication. It uses SASL/Digest-MD5 | `false` |
|
||||
| `auth.client.clientUser` | User that will use ZooKeeper clients to auth | `""` |
|
||||
| `auth.client.clientPassword` | Password that will use ZooKeeper clients to auth | `""` |
|
||||
| `auth.client.serverUsers` | Comma, semicolon or whitespace separated list of user to be created | `""` |
|
||||
| `auth.client.serverPasswords` | Comma, semicolon or whitespace separated list of passwords to assign to users when created | `""` |
|
||||
| `auth.client.existingSecret` | Use existing secret (ignores previous passwords) | `""` |
|
||||
| `auth.quorum.enabled` | Enable ZooKeeper server-server authentication. It uses SASL/Digest-MD5 | `false` |
|
||||
| `auth.quorum.learnerUser` | User that the ZooKeeper quorumLearner will use to authenticate to quorumServers. | `""` |
|
||||
| `auth.quorum.learnerPassword` | Password that the ZooKeeper quorumLearner will use to authenticate to quorumServers. | `""` |
|
||||
| `auth.quorum.serverUsers` | Comma, semicolon or whitespace separated list of users for the quorumServers. | `""` |
|
||||
| `auth.quorum.serverPasswords` | Comma, semicolon or whitespace separated list of passwords to assign to users when created | `""` |
|
||||
| `auth.quorum.existingSecret` | Use existing secret (ignores previous passwords) | `""` |
|
||||
| `tickTime` | Basic time unit (in milliseconds) used by ZooKeeper for heartbeats | `2000` |
|
||||
| `initLimit` | ZooKeeper uses to limit the length of time the ZooKeeper servers in quorum have to connect to a leader | `10` |
|
||||
| `syncLimit` | How far out of date a server can be from a leader | `5` |
|
||||
| `preAllocSize` | Block size for transaction log file | `65536` |
|
||||
| `snapCount` | The number of transactions recorded in the transaction log before a snapshot can be taken (and the transaction log rolled) | `100000` |
|
||||
| `maxClientCnxns` | Limits the number of concurrent connections that a single client may make to a single member of the ZooKeeper ensemble | `60` |
|
||||
| `maxSessionTimeout` | Maximum session timeout (in milliseconds) that the server will allow the client to negotiate | `40000` |
|
||||
| `heapSize` | Size (in MB) for the Java Heap options (Xmx and Xms) | `1024` |
|
||||
| `fourlwCommandsWhitelist` | A list of comma separated Four Letter Words commands that can be executed | `srvr, mntr, ruok` |
|
||||
| `minServerId` | Minimal SERVER_ID value, nodes increment their IDs respectively | `1` |
|
||||
| `listenOnAllIPs` | Allow ZooKeeper to listen for connections from its peers on all available IP addresses | `false` |
|
||||
| `autopurge.snapRetainCount` | The most recent snapshots amount (and corresponding transaction logs) to retain | `3` |
|
||||
| `autopurge.purgeInterval` | The time interval (in hours) for which the purge task has to be triggered | `0` |
|
||||
| `logLevel` | Log level for the ZooKeeper server. ERROR by default | `ERROR` |
|
||||
| `jvmFlags` | Default JVM flags for the ZooKeeper process | `""` |
|
||||
| `dataLogDir` | Dedicated data log directory | `""` |
|
||||
| `configuration` | Configure ZooKeeper with a custom zoo.cfg file | `""` |
|
||||
| `existingConfigmap` | The name of an existing ConfigMap with your custom configuration for ZooKeeper | `""` |
|
||||
| `extraEnvVars` | Array with extra environment variables to add to ZooKeeper nodes | `[]` |
|
||||
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ZooKeeper nodes | `""` |
|
||||
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ZooKeeper nodes | `""` |
|
||||
| `command` | Override default container command (useful when using custom images) | `["/scripts/setup.sh"]` |
|
||||
| `args` | Override default container args (useful when using custom images) | `[]` |
|
||||
|
||||
### Statefulset parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- |
|
||||
| `replicaCount` | Number of ZooKeeper nodes | `1` |
|
||||
| `containerPorts.client` | ZooKeeper client container port | `2181` |
|
||||
| `containerPorts.tls` | ZooKeeper TLS container port | `3181` |
|
||||
| `containerPorts.follower` | ZooKeeper follower container port | `2888` |
|
||||
| `containerPorts.election` | ZooKeeper election container port | `3888` |
|
||||
| `livenessProbe.enabled` | Enable livenessProbe on ZooKeeper containers | `true` |
|
||||
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
|
||||
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `livenessProbe.probeCommandTimeout` | Probe command timeout for livenessProbe | `2` |
|
||||
| `readinessProbe.enabled` | Enable readinessProbe on ZooKeeper containers | `true` |
|
||||
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `readinessProbe.probeCommandTimeout` | Probe command timeout for readinessProbe | `2` |
|
||||
| `startupProbe.enabled` | Enable startupProbe on ZooKeeper containers | `false` |
|
||||
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
|
||||
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
|
||||
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `lifecycleHooks` | for the ZooKeeper container(s) to automate configuration before or after startup | `{}` |
|
||||
| `resources.limits` | The resources limits for the ZooKeeper containers | `{}` |
|
||||
| `resources.requests.memory` | The requested memory for the ZooKeeper containers | `256Mi` |
|
||||
| `resources.requests.cpu` | The requested cpu for the ZooKeeper containers | `250m` |
|
||||
| `podSecurityContext.enabled` | Enabled ZooKeeper pods' Security Context | `true` |
|
||||
| `podSecurityContext.fsGroup` | Set ZooKeeper pod's Security Context fsGroup | `1001` |
|
||||
| `containerSecurityContext.enabled` | Enabled ZooKeeper containers' Security Context | `true` |
|
||||
| `containerSecurityContext.runAsUser` | Set ZooKeeper containers' Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Set ZooKeeper containers' Security Context runAsNonRoot | `true` |
|
||||
| `containerSecurityContext.allowPrivilegeEscalation` | Force the child process to be run as nonprivilege | `false` |
|
||||
| `hostAliases` | ZooKeeper pods host aliases | `[]` |
|
||||
| `podLabels` | Extra labels for ZooKeeper pods | `{}` |
|
||||
| `podAnnotations` | Annotations for ZooKeeper pods | `{}` |
|
||||
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` |
|
||||
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
|
||||
| `affinity` | Affinity for pod assignment | `{}` |
|
||||
| `nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `tolerations` | Tolerations for pod assignment | `[]` |
|
||||
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `podManagementPolicy` | StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: `OrderedReady` and `Parallel` | `Parallel` |
|
||||
| `priorityClassName` | Name of the existing priority class to be used by ZooKeeper pods, priority class needs to be created beforehand | `""` |
|
||||
| `schedulerName` | Kubernetes pod scheduler registry | `""` |
|
||||
| `updateStrategy.type` | ZooKeeper statefulset strategy type | `RollingUpdate` |
|
||||
| `updateStrategy.rollingUpdate` | ZooKeeper statefulset rolling update configuration parameters | `{}` |
|
||||
| `extraVolumes` | Optionally specify extra list of additional volumes for the ZooKeeper pod(s) | `[]` |
|
||||
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the ZooKeeper container(s) | `[]` |
|
||||
| `sidecars` | Add additional sidecar containers to the ZooKeeper pod(s) | `[]` |
|
||||
| `initContainers` | Add additional init containers to the ZooKeeper pod(s) | `[]` |
|
||||
| `pdb.create` | Deploy a pdb object for the ZooKeeper pod | `false` |
|
||||
| `pdb.minAvailable` | Minimum available ZooKeeper replicas | `""` |
|
||||
| `pdb.maxUnavailable` | Maximum unavailable ZooKeeper replicas | `1` |
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
|
||||
| `replicaCount` | Number of ZooKeeper nodes | `1` |
|
||||
| `containerPorts.client` | ZooKeeper client container port | `2181` |
|
||||
| `containerPorts.tls` | ZooKeeper TLS container port | `3181` |
|
||||
| `containerPorts.follower` | ZooKeeper follower container port | `2888` |
|
||||
| `containerPorts.election` | ZooKeeper election container port | `3888` |
|
||||
| `livenessProbe.enabled` | Enable livenessProbe on ZooKeeper containers | `true` |
|
||||
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
|
||||
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `livenessProbe.probeCommandTimeout` | Probe command timeout for livenessProbe | `2` |
|
||||
| `readinessProbe.enabled` | Enable readinessProbe on ZooKeeper containers | `true` |
|
||||
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `readinessProbe.probeCommandTimeout` | Probe command timeout for readinessProbe | `2` |
|
||||
| `startupProbe.enabled` | Enable startupProbe on ZooKeeper containers | `false` |
|
||||
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
|
||||
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
|
||||
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `lifecycleHooks` | for the ZooKeeper container(s) to automate configuration before or after startup | `{}` |
|
||||
| `resources.limits` | The resources limits for the ZooKeeper containers | `{}` |
|
||||
| `resources.requests.memory` | The requested memory for the ZooKeeper containers | `256Mi` |
|
||||
| `resources.requests.cpu` | The requested cpu for the ZooKeeper containers | `250m` |
|
||||
| `podSecurityContext.enabled` | Enabled ZooKeeper pods' Security Context | `true` |
|
||||
| `podSecurityContext.fsGroup` | Set ZooKeeper pod's Security Context fsGroup | `1001` |
|
||||
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `hostAliases` | ZooKeeper pods host aliases | `[]` |
|
||||
| `podLabels` | Extra labels for ZooKeeper pods | `{}` |
|
||||
| `podAnnotations` | Annotations for ZooKeeper pods | `{}` |
|
||||
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` |
|
||||
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
|
||||
| `affinity` | Affinity for pod assignment | `{}` |
|
||||
| `nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `tolerations` | Tolerations for pod assignment | `[]` |
|
||||
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `podManagementPolicy` | StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: `OrderedReady` and `Parallel` | `Parallel` |
|
||||
| `priorityClassName` | Name of the existing priority class to be used by ZooKeeper pods, priority class needs to be created beforehand | `""` |
|
||||
| `schedulerName` | Kubernetes pod scheduler registry | `""` |
|
||||
| `updateStrategy.type` | ZooKeeper statefulset strategy type | `RollingUpdate` |
|
||||
| `updateStrategy.rollingUpdate` | ZooKeeper statefulset rolling update configuration parameters | `{}` |
|
||||
| `extraVolumes` | Optionally specify extra list of additional volumes for the ZooKeeper pod(s) | `[]` |
|
||||
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the ZooKeeper container(s) | `[]` |
|
||||
| `sidecars` | Add additional sidecar containers to the ZooKeeper pod(s) | `[]` |
|
||||
| `initContainers` | Add additional init containers to the ZooKeeper pod(s) | `[]` |
|
||||
| `pdb.create` | Deploy a pdb object for the ZooKeeper pod | `false` |
|
||||
| `pdb.minAvailable` | Minimum available ZooKeeper replicas | `""` |
|
||||
| `pdb.maxUnavailable` | Maximum unavailable ZooKeeper replicas | `1` |
|
||||
| `enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` |
|
||||
|
||||
### Traffic Exposure parameters
|
||||
|
||||
|
@ -243,19 +251,18 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
|
||||
### Volume Permissions parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------- | ------------------ |
|
||||
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` |
|
||||
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
|
||||
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
|
||||
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
|
||||
| `volumePermissions.containerSecurityContext.enabled` | Enabled init container Security Context | `true` |
|
||||
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
|
||||
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
|
||||
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
|
||||
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
|
||||
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
|
||||
| `volumePermissions.containerSecurityContext.enabled` | Enabled init container Security Context | `true` |
|
||||
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
|
||||
|
||||
### Metrics parameters
|
||||
|
||||
|
@ -319,9 +326,11 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
|
|||
```console
|
||||
helm install my-release \
|
||||
--set auth.clientUser=newUser \
|
||||
oci://registry-1.docker.io/bitnamicharts/zookeeper
|
||||
oci://REGISTRY_NAME/REPOSITORY_NAME/zookeeper
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
The above command sets the ZooKeeper user to `newUser`.
|
||||
|
||||
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
|
||||
|
@ -329,9 +338,10 @@ The above command sets the ZooKeeper user to `newUser`.
|
|||
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
|
||||
|
||||
```console
|
||||
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/zookeeper
|
||||
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/zookeeper
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
> **Tip**: You can use the default [values.yaml](values.yaml)
|
||||
|
||||
## Configuration and installation details
|
||||
|
@ -525,4 +535,4 @@ Unless required by applicable law or agreed to in writing, software
|
|||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
limitations under the License.
|
||||
|
|
|
@ -43,6 +43,7 @@ spec:
|
|||
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
|
||||
app.kubernetes.io/component: zookeeper
|
||||
spec:
|
||||
enableServiceLinks: {{ .Values.enableServiceLinks }}
|
||||
serviceAccountName: {{ template "zookeeper.serviceAccountName" . }}
|
||||
{{- include "zookeeper.imagePullSecrets" . | nindent 6 }}
|
||||
{{- if .Values.hostAliases }}
|
||||
|
|
|
@ -68,9 +68,9 @@ diagnosticMode:
|
|||
|
||||
## Bitnami ZooKeeper image version
|
||||
## ref: https://hub.docker.com/r/bitnami/zookeeper/tags/
|
||||
## @param image.registry ZooKeeper image registry
|
||||
## @param image.repository ZooKeeper image repository
|
||||
## @param image.tag ZooKeeper image tag (immutable tags are recommended)
|
||||
## @param image.registry [default: REGISTRY_NAME] ZooKeeper image registry
|
||||
## @param image.repository [default: REPOSITORY_NAME/zookeeper] ZooKeeper image repository
|
||||
## @skip image.tag ZooKeeper image tag (immutable tags are recommended)
|
||||
## @param image.digest ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||||
## @param image.pullPolicy ZooKeeper image pull policy
|
||||
## @param image.pullSecrets Specify docker-registry secret names as an array
|
||||
|
@ -332,16 +332,26 @@ podSecurityContext:
|
|||
fsGroup: 1001
|
||||
## Configure Container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param containerSecurityContext.enabled Enabled ZooKeeper containers' Security Context
|
||||
## @param containerSecurityContext.runAsUser Set ZooKeeper containers' Security Context runAsUser
|
||||
## @param containerSecurityContext.runAsNonRoot Set ZooKeeper containers' Security Context runAsNonRoot
|
||||
## @param containerSecurityContext.allowPrivilegeEscalation Force the child process to be run as nonprivilege
|
||||
## @param containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## @param hostAliases ZooKeeper pods host aliases
|
||||
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
||||
##
|
||||
|
@ -475,6 +485,11 @@ pdb:
|
|||
create: false
|
||||
minAvailable: ""
|
||||
maxUnavailable: 1
|
||||
## @param enableServiceLinks Whether information about services should be injected into pod's environment variable
|
||||
## The environment variables injected by service links are not used, but can lead to slow boot times or slow running of the scripts when there are many services in the current namespace.
|
||||
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
|
||||
##
|
||||
enableServiceLinks: true
|
||||
|
||||
## @section Traffic Exposure parameters
|
||||
|
||||
|
@ -653,9 +668,9 @@ volumePermissions:
|
|||
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume
|
||||
##
|
||||
enabled: false
|
||||
## @param volumePermissions.image.registry Init container volume-permissions image registry
|
||||
## @param volumePermissions.image.repository Init container volume-permissions image repository
|
||||
## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
|
||||
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
|
||||
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
|
||||
## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
|
||||
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||||
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
|
||||
## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets
|
||||
|
|
|
@ -4,7 +4,7 @@ annotations:
|
|||
catalog.cattle.io/kube-version: '>1.22.0-0'
|
||||
catalog.cattle.io/release-name: falcon-sensor
|
||||
apiVersion: v2
|
||||
appVersion: 1.22.1
|
||||
appVersion: 1.23.1
|
||||
description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters.
|
||||
home: https://crowdstrike.com
|
||||
icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg
|
||||
|
@ -24,4 +24,4 @@ name: falcon-sensor
|
|||
sources:
|
||||
- https://github.com/CrowdStrike/falcon-helm
|
||||
type: application
|
||||
version: 1.22.1
|
||||
version: 1.23.1
|
||||
|
|
|
@ -94,26 +94,30 @@ Create the name of the service account to use
|
|||
|
||||
{{- define "falcon-sensor.daemonsetResources" -}}
|
||||
{{- if .Values.node.gke.autopilot -}}
|
||||
{{- if .Values.node.daemonset.resources -}}
|
||||
resources:
|
||||
{{- if .Values.node.daemonset.resources.limits -}}
|
||||
{{- if (.Values.node.daemonset.resources | default dict ).limits }}
|
||||
limits:
|
||||
cpu: {{ .Values.node.daemonset.resources.limits.cpu | default "750m" }}
|
||||
memory: {{ .Values.node.daemonset.resources.limits.memory | default "1.5Gi" }}
|
||||
cpu: {{ (.Values.node.daemonset.resources.limits | default dict ).cpu | default "750m" }}
|
||||
memory: {{ (.Values.node.daemonset.resources.limits | default dict ).memory | default "1.5Gi" }}
|
||||
ephemeral-storage: {{ (index (.Values.node.daemonset.resources.limits | default dict ) "ephemeral-storage") | default "100Mi" }}
|
||||
{{- else }}
|
||||
limits:
|
||||
cpu: 750m
|
||||
memory: 1.5Gi
|
||||
ephemeral-storage: 100Mi
|
||||
{{- end }}
|
||||
{{- if (.Values.node.daemonset.resources | default dict ).requests }}
|
||||
requests:
|
||||
cpu: {{ .Values.node.daemonset.resources.requests.cpu | default "750m" }}
|
||||
memory: {{ .Values.node.daemonset.resources.requests.memory | default "1.5Gi" }}
|
||||
{{- else -}}
|
||||
resources:
|
||||
limits:
|
||||
cpu: "750m"
|
||||
memory: "1.5Gi"
|
||||
cpu: {{ (.Values.node.daemonset.resources.requests | default dict ).cpu | default "750m" }}
|
||||
ephemeral-storage: {{ (index (.Values.node.daemonset.resources.requests | default dict ) "ephemeral-storage") | default "100Mi" }}
|
||||
memory: {{ (.Values.node.daemonset.resources.requests | default dict ).memory | default "1.5Gi" }}
|
||||
{{- else }}
|
||||
requests:
|
||||
cpu: "750m"
|
||||
memory: "1.5Gi"
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
cpu: 750m
|
||||
memory: 1.5Gi
|
||||
ephemeral-storage: 100Mi
|
||||
{{- end }}
|
||||
{{- else -}}
|
||||
{{- if .Values.node.daemonset.resources -}}
|
||||
{{- toYaml .Values.node.daemonset.resources -}}
|
||||
{{- end -}}
|
||||
|
|
|
@ -108,15 +108,17 @@ spec:
|
|||
- name: falconstore-dir
|
||||
mountPath: /host_opt
|
||||
{{- end }}
|
||||
{{- if or .Values.node.gke.autopilot .Values.node.daemonset.resources }}
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
ephemeral-storage: 10Mi
|
||||
ephemeral-storage: 100Mi
|
||||
memory: 50Mi
|
||||
limits:
|
||||
cpu: 10m
|
||||
ephemeral-storage: 10Mi
|
||||
ephemeral-storage: 100Mi
|
||||
memory: 50Mi
|
||||
{{- end }}
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
privileged: true
|
||||
|
|
|
@ -100,15 +100,17 @@ spec:
|
|||
- name: opt-crowdstrike
|
||||
mountPath: /host_opt
|
||||
{{- end }}
|
||||
{{- if or .Values.node.gke.autopilot .Values.node.daemonset.resources }}
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
ephemeral-storage: 10Mi
|
||||
ephemeral-storage: 100Mi
|
||||
memory: 50Mi
|
||||
limits:
|
||||
cpu: 10m
|
||||
ephemeral-storage: 10Mi
|
||||
ephemeral-storage: 100Mi
|
||||
memory: 50Mi
|
||||
{{- end }}
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
privileged: true
|
||||
|
@ -133,15 +135,17 @@ spec:
|
|||
- sleep 10
|
||||
command:
|
||||
- /bin/bash
|
||||
{{- if or .Values.node.gke.autopilot .Values.node.daemonset.resources }}
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
ephemeral-storage: 10Mi
|
||||
ephemeral-storage: 100Mi
|
||||
memory: 50Mi
|
||||
limits:
|
||||
cpu: 10m
|
||||
ephemeral-storage: 10Mi
|
||||
ephemeral-storage: 100Mi
|
||||
memory: 50Mi
|
||||
{{- end }}
|
||||
securityContext:
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
|
|
|
@ -62,9 +62,11 @@ node:
|
|||
# resources:
|
||||
# limits:
|
||||
# cpu: 250m
|
||||
# ephemeral-storage: 100Mi
|
||||
# memory: 500Mi
|
||||
# requests:
|
||||
# cpu: 250m
|
||||
# ephemeral-storage: 100Mi
|
||||
# memory: 500Mi
|
||||
|
||||
# Update strategy to role out new daemonset configuration to the nodes.
|
||||
|
|
|
@ -1,5 +1,13 @@
|
|||
# Datadog changelog
|
||||
|
||||
## 3.43.1
|
||||
|
||||
* Fix docstring typos and remove unneeded lines.
|
||||
|
||||
## 3.43.0
|
||||
|
||||
* Default `Agent` and `Cluster-Agent` to `7.49.0` version.
|
||||
|
||||
## 3.42.1
|
||||
|
||||
* Bump FIPS proxy OpenSSL version to 3.0.12
|
||||
|
|
|
@ -19,4 +19,4 @@ name: datadog
|
|||
sources:
|
||||
- https://app.datadoghq.com/account/settings#agent/kubernetes
|
||||
- https://github.com/DataDog/datadog-agent
|
||||
version: 3.42.1
|
||||
version: 3.43.1
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue