239 lines
13 KiB
YAML
239 lines
13 KiB
YAML
# Default values for yugaware.
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
|
|
image:
|
|
commonRegistry: ""
|
|
# Setting commonRegistry to say, quay.io overrides the registry settings for all images
|
|
# including the yugaware image
|
|
|
|
repository: quay.io/yugabyte/yugaware
|
|
tag: 2.16.1.0-b50
|
|
pullPolicy: IfNotPresent
|
|
pullSecret: yugabyte-k8s-pull-secret
|
|
## Docker config JSON File name
|
|
## If set, this file content will be used to automatically create secret named as above
|
|
# pullSecretFile:
|
|
|
|
thirdparty-deps:
|
|
registry: quay.io
|
|
tag: latest
|
|
name: yugabyte/thirdparty-deps
|
|
|
|
postgres:
|
|
registry: ""
|
|
tag: '14.4'
|
|
name: postgres
|
|
|
|
postgres-upgrade:
|
|
registry: ""
|
|
tag: "11-to-14"
|
|
name: tianon/postgres-upgrade
|
|
|
|
prometheus:
|
|
registry: ""
|
|
tag: v2.41.0
|
|
name: prom/prometheus
|
|
|
|
nginx:
|
|
registry: ""
|
|
tag: 1.23.3
|
|
name: nginxinc/nginx-unprivileged
|
|
|
|
yugaware:
|
|
replicas: 1
|
|
storage: 100Gi
|
|
storageClass: ""
|
|
storageAnnotations: {}
|
|
multiTenant: false
|
|
serviceAccount: yugaware
|
|
serviceMonitor:
|
|
enabled: false
|
|
annotations: {}
|
|
serviceAccountAnnotations: {}
|
|
service:
|
|
annotations: {}
|
|
enabled: true
|
|
ip: ""
|
|
type: "LoadBalancer"
|
|
pod:
|
|
annotations: {}
|
|
labels: {}
|
|
health:
|
|
username: ""
|
|
password: ""
|
|
email: ""
|
|
resources:
|
|
requests:
|
|
cpu: 2
|
|
memory: 4Gi
|
|
enableProxyMetricsAuth: true
|
|
## List of additional alowed CORS origins in case of complex rev-proxy
|
|
additionAllowedCorsOrigins: []
|
|
proxyEndpointTimeoutMs: 3 minute
|
|
## Enables features specific for cloud deployments
|
|
cloud:
|
|
enabled: false
|
|
requestIdHeader: "X-REQUEST-ID"
|
|
|
|
podDisruptionBudget:
|
|
# See https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
|
# Note that the default of 0 doesn't really make sense since a StatefulSet isn't allowed to schedule extra replicas. However it is maintained as the default while we do additional testing. This value will likely change in the future.
|
|
maxUnavailable: 0
|
|
|
|
## Configure PostgreSQL part of the application
|
|
postgres:
|
|
service:
|
|
## Expose internal Postgres as a Service
|
|
enabled: false
|
|
## Additional Service annotations
|
|
annotations: {}
|
|
## Service type
|
|
type: "ClusterIP"
|
|
## IP address for the LoadBalancer, works only if supported by the cloud provider
|
|
ip: ""
|
|
|
|
resources:
|
|
requests:
|
|
cpu: 0.5
|
|
memory: 1Gi
|
|
|
|
# If external.host is set then we will connect to an external postgres database server instead of starting our own.
|
|
external:
|
|
host: null
|
|
port: 5432
|
|
pass: ""
|
|
dbname: postgres
|
|
user: postgres
|
|
|
|
## JDBC connection parameters including the leading `?`.
|
|
jdbcParams: ""
|
|
|
|
tls:
|
|
enabled: false
|
|
hostname: "localhost"
|
|
certificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDVENDQXZHZ0F3SUJBZ0lVTlhvN2N6T2dyUWQrU09wOWdNdE00b1Vva3hFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZERVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNQjRYRFRJeE1EUXdOakExTXpnMU4xb1hEVE14TURRdwpOREExTXpnMU4xb3dGREVTTUJBR0ExVUVBd3dKYkc5allXeG9iM04wTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGCkFBT0NBZzhBTUlJQ0NnS0NBZ0VBMUxsSTFBLzRPOVIzSkNlN1N2MUxYVXhDSmxoTWpIWUoxV1FNVmcvai82RHkKazRTTmY0MkFLQjI0dFJFK2lEWTBNaTJrRWhJcVZ4TFdPN0hkWHVSN0tYNGxSZWFVVkRFTUtYUWNQUC9QWDZkbwpwZVZTUFpSVjVHNHNxTElXUFFkTVdIam9IQWx1aml5dGJsSVJUUWdLU3QrMmpuREFDN0dxRURMREdhNXRUWEM2CktRWkNtOERlaklOUTMzaGU2TDN0Q2hBRnhJM1pwY21sR0twbzdKVXJSUG14Mk9zTHFRcTB5dEVVK0lGZGppWHEKaHJLeFR0NUhHM3M3ZUNWaTRXdlZPelVGUitJbWRlQzBRZTBXeG5iZlZUMnJkVitQL1FaVXhWSEVtWnBPc0k2LwpmczhlK1dsMlduWXY1TTg5MWkxZER3Zi9lMDdiN20xQVRKdDRtTGRldzBtd1V4UGFGT2pDMDh6cU94NmF0cGhLClU1eHNWQmhGNVhyME9DeTQyMzN0MU5URXdWUEFDOFcwQmhHdldTRXBQTXNTKzM1b2lueEFrcFQzL01ibFpjNisKcXhSYUh6MHJhSksvVGIzelVKVWxWZFkxbGl5MVYyVjNxWEU2NWlsOUFHZ2pIaHhBNFBwSktCbzZ0WVRUT3pnTworL25mc0toMk95aE8zUWxBZ0JFUHlYUm5wL0xGSTVuQ2gzdjNiOXlabFNrSk05NkVoWEJ1bHhWUWN3L2p3N2NxCkRLSlBEeHFUQy9rWUs1V0FVZGhkWG1KQkRNMFBLcngzUGVOYjRsYnQzSTFIZW1QRDBoZktiWFd6alhiVTJQdWQKdjZmT0dXTDRLSFpaem9KZ1ljMFovRXRUMEpCR09GM09mMW42N2c5dDRlUnAzbEVSL09NM0FPY1dRbWFvOHlVQwpBd0VBQWFOVE1GRXdIUVlEVlIwT0JCWUVGTU00SjA4WG8wUGY1cTlOSWZiMGYyRzZqc1FoTUI4R0ExVWRJd1FZCk1CYUFGTU00SjA4WG8wUGY1cTlOSWZiMGYyRzZqc1FoTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWkkKaHZjTkFRRUxCUUFEZ2dJQkFBRmxrWVJkdzA0Zm9vT29BelUyaU5ORGV1aiszemhIeFQ5eU9iSkdwREZIRitoZQpuY1ZRWGZpMitHNjBWY0xuZERsWFhmbDZLOSs4ME55aEg4QjR1UEJNTWhoWG01MjJmYnJac1dFcnR3WE1rM2prClZ5UVA3MGk2NHE1ZGVrZzhoYzI0SXhFUlVsam9XM2lDTTdrb0VxaG15VkpGeDNxMVdobFEwdzNkWVpMQVNRclYKU0RpL2JGWjlqOXVtWVdoc0Y4QjFPSThPVjNlL0YyakU1UCtoTlJJazAzbW9zWE1Rdy9iZ3ZzV0hvSkZ5blB4UApHNGUzUjBob2NnbzI0Q2xOQ21YMWFBUms5c1pyN2h0NlVsM1F1d0dMdzZkK2I5emxrUW56TzFXQzc5ekVNU1R0ClRRRzFNT2ZlL2dTVkR3dThTSnpBOHV1Z0pYTktWWkxCZlpaNW41Tk9sOHdpOVVLa1BVUW4wOHo3VWNYVDR5ZnQKZHdrbnZnWDRvMFloUnNQNHpPWDF6eWxObzhqRDhRNlV1SkdQSksrN1JnUm8zVERPV3k4MEZpUzBxRmxrSFdMKwptT0pUWGxzaEpwdHE5b1c1eGx6N1lxTnFwZFVnRmNyTjJLQWNmaGVlNnV3SUFnOFJteTQvRlhRZjhKdXluSG5oClFhVlFnTEpEeHByZTZVNk5EdWg1Y1VsMUZTcWNCUGFPY0x0Q0ViVWg5ckQxajBIdkRnTUUvTTU2TGp1UGdGZlEKMS9xeXlDUkFjc2NCSnVMYjRxcXRUb25tZVZ3T1BBbzBsNXBjcC9JcjRTcTdwM0NML0kwT0o1SEhjcmY3d3JWSgpQVWgzdU1LbWVHVDRyeDdrWlQzQzBXenhUU0loc0lZOU12MVRtelF4MEprQm93c2NYaUYrcXkvUkl5UVgKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="
|
|
key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRFV1VWpVRC9nNzFIY2sKSjd0Sy9VdGRURUltV0V5TWRnblZaQXhXRCtQL29QS1RoSTEvallBb0hiaTFFVDZJTmpReUxhUVNFaXBYRXRZNwpzZDFlNUhzcGZpVkY1cFJVTVF3cGRCdzgvODlmcDJpbDVWSTlsRlhrYml5b3NoWTlCMHhZZU9nY0NXNk9MSzF1ClVoRk5DQXBLMzdhT2NNQUxzYW9RTXNNWnJtMU5jTG9wQmtLYndONk1nMURmZUY3b3ZlMEtFQVhFamRtbHlhVVkKcW1qc2xTdEUrYkhZNnd1cENyVEswUlQ0Z1YyT0plcUdzckZPM2tjYmV6dDRKV0xoYTlVN05RVkg0aVoxNExSQgo3UmJHZHQ5VlBhdDFYNC85QmxURlVjU1ptazZ3anI5K3p4NzVhWFphZGkva3p6M1dMVjBQQi85N1R0dnViVUJNCm0zaVl0MTdEU2JCVEU5b1U2TUxUek9vN0hwcTJtRXBUbkd4VUdFWGxldlE0TExqYmZlM1UxTVRCVThBTHhiUUcKRWE5WklTazh5eEw3Zm1pS2ZFQ1NsUGY4eHVWbHpyNnJGRm9mUFN0b2tyOU52Zk5RbFNWVjFqV1dMTFZYWlhlcApjVHJtS1gwQWFDTWVIRURnK2trb0dqcTFoTk03T0E3NytkK3dxSFk3S0U3ZENVQ0FFUS9KZEdlbjhzVWptY0tICmUvZHYzSm1WS1FrejNvU0ZjRzZYRlZCekQrUER0eW9Nb2s4UEdwTUwrUmdybFlCUjJGMWVZa0VNelE4cXZIYzkKNDF2aVZ1M2NqVWQ2WThQU0Y4cHRkYk9OZHRUWSs1Mi9wODRaWXZnb2Rsbk9nbUJoelJuOFMxUFFrRVk0WGM1LwpXZnJ1RDIzaDVHbmVVUkg4NHpjQTV4WkNacWp6SlFJREFRQUJBb0lDQUFmY2lScDlOSmxSY3MyOVFpaTFUN0cwCi9jVFpBb3MyV1lxdlZkMWdYUGEzaGY5NXFKa01LNjVQMnVHbUwzOXRNV1NoVnl6cnl2REkyMjM5VnNjSS9wdzcKOHppd0dzODV1TTlYWVN2SDhHd0NqZFdEc2hSZ2hRUWFKa0JkeElDZzRtdHFuSGxjeDk4dE80T1dPTmwxOEp0dgp4UmxpaFZacFRIV295cGtLWHpPN2RNWExXMjdTSStkaGV2Mm5QeXF1eWpIVEFjT1AwbmxVQ0d2dThFMjkvWWxoCkNQZVJTQzhKSEVGYWxNSFNWaGpJd2ZBVWJvVVJwZU1ZSE15RjVTK2JncGZiajhSbVVUR09DbHRkWGJnYjhJai8KN0hROEFlQkIrYVFKTDVEVnFRN1JWN1ppQlMwR2ZyODlHdXdEMUs4em9mcktPdURkdXpjR2hwZk9MeGpGdmhTOApSQ2Y1Z3BFMzg0aWlHc2tWZC9mZDJLK3NhSmk0L09HbHo0aHhhc1hDcTN1TXB5OTZPNFRrMXZzM3BXdWZNVmJXCnR2d1Mrcjhvbk9uOXZqa3lqOU11eUpId1BpSlNGMUt0ZzhPUU5WMlVST0xXcHlYMWk4Z2xoMXdSelRTQ2diQnMKZ3ZxWkFvaU1pWFh3SlVXN3Zpb0RLZjI0TnZvcjViaVNzeUh0MHVKUVZJaW1iK1prTFJwTWdwRlkyTlcrTnd6LwoxOW9DS2ZUVVpWNkJia09IK0NoOUowLy9hTTRGNnUvMTI4V0UxalJQU05mdWQ0b0dpdGVPNXRsRDNWSXRsb1hlCjNyWVMrcTNuYXU1RStWc2FRZGFVNzhrSnpXYmUrWURmQ1JwWGd6TkloSkMyQ1k5d0RSK3hIaVFwbzdLSHV6dngKUkpuRjhIcGwzdWhIdWxEam44dEpBb0lCQVFEeGxhVVIwN1l6TGF2OVZtamZCenpZMjcwOU9tWnhpa3NtRnlhWApKTkJMQVB3SGdXOEVCUHdKOEprSDhXR1NTekp1OXZGd1JDVEVqZ1J5dWUvS05DWnNmUWF2UDg3dzhablJHaEhjCklHUUV1MFN3bmJzZXFJK1VWa0M5amZjaFE4dlowM0dQTGZ6bWpsSW9PNkNLTVM3TlV2Ynk5MksvOHRVVWRtWWgKMmJJa2N4V0J1RDJoenh3K1ZId3ArWktMQ0FPZi9sOG8vQ20xQ1dZSFNGdVYzTkl3T016Z2FKaExJODJNR08zQwpuODZTMXcweGc2MHB5dUV6L0hXZS9JMFZkRGNsWlgyNC9jalVBb01kQlkvSGY4Tkh2ZUNhZExQeXI3eGpRY2NLClAzN0RhdFRyK2RTZ2RoVkxzUDRRRzVVZEZxNUlMSHoxTXBkb2xXZ2pDSlZqcTZMekFvSUJBUURoYXNYdVRzMDIKNEkvYkRlSGRZSmw2Q1NzVUh2NmJXL3dpYlRhd2dpbDh5RUNWS2x6eFY4eENwWnoxWVhRQlY1YnVvQlArbjZCWApnVHgzTTJHc2R5UU1xdGRCWG9qdGp1czB6ekFNQVQzOWNmdWlHMGR0YXF3eWJMVlEwYThDZnFmMDVyUmZ0ekVmCmtTUDk2d01kVUEyTGdCbnU4akwzOU41UkxtK2RpZUdxeDAwYmJTa3l5UE9HNHIvcDl6KzN6TmVmeUhmbm94bTkKUnQza1RpeGhVNkd4UGhOSnZpWEUrWUpwT0dKVXMvK2dUWWpjUE1zRW9ONHIyR215cUs3S21NZExFa3Y1SHliWgprbmNsV2FMVFlhNEpjMjJUaWZJd01NTWMwaCtBMkJVckdjZFZ6MTA0UXluUFZQZDdXcEszenhqcjRPUHh1YnQ2CjZvTWk2REdRSVNlSEFvSUJBUURTK1YyVHFQRDMxczNaU3VvQXc2Qld2ZWVRbmZ5eThSUFpxdVFQb0oycXNxeG0KblpsbXlEZVhNcDloK1dHOVVhQTBtY0dWeWx6VnJqU2lRRkR4cEFOZVFQMWlkSFh6b3ZveVN2TUg2dDJONkVELwpnRy9XUVZ4S0xkMFI3UFhCL2lQN0VaV2RkWXJqaWF5ajZCYTJPR2RuOWlrbFcvZklLM2Y4QzczN2w5TGoxQUVYCkxOL2QvREh0R1BqcDYwTVgyYUxZeVZzdlBxL3BvdENRVVpkeDA4dFhRM05nRXRmVTN1cDFpNXV2bU1IZEtLTWoKOTV0MDRQRTA1aWVOOVgzOEcyYkJhTldYaFVJcUxCdDJiOUgxWmxVU3hQWnR6TGNObkgwSHJYejJMU2MxMzRrYwpueXdhQ2FWbFdhYzJSL0E3Mi8vTmxkUjJpWDBDWDEvM0lGcmVGUmtUQW9JQkFBbGt0S2pRbWRhZWx3QU8zUW1uCm05MnRBaUdOaFJpZVJheDlscGpXWTdveWNoYUZOR2hPTzFIUHF2SEN4TjNGYzZHd0JBVkpTNW81NVhZbUt2elAKM2kyMDlORmhpaDAwSm5NRjZ6K2swWnQ5STNwRzNyd2RoTjE1RURrMDg3RUw3QjNWZTFDOXhvdEZOaFcvdEZxRgpXbnNrdEcvem9kSVpYeVpNNUJQUmloamV3MFRRVUxZd0Q0M2daeFR0MjdiaUQxNDJNV0R5dUFEZU1pTHdhd01IClJDYXBxbzRaSVdQSzdmZEtoVFo0WmIrZFc0V3A5dC9UZ0U2ZGJ4SWwyMXJQOFFZYzFoT2tpNjduWHBXczNZOG4KYytRcTdqY0d1WlB1aEVMd01xWGcyMGozZ3duOVlTb1dDbWo4Wm0rNmY0Q3ZYWjkrdUtEN0YyZncyOVFaanU4dApvb01DZ2dFQkFPbVVHZ1VoT0tUVys1eEpkZlFKRUVXUncyVFF6Z2l6dSt3aVkzaDYrYXNTejRNY0srVGx6bWxVCmFHT013dFhTUzc0RXIxVmlCVXMrZnJKekFPR21IV0ExZWdtaGVlY1BvaE9ybTh5WkVueVJOSkRhWC9UUXBSUnEKaVdoWENBbjJTWFQxcFlsYVBzMjdkbXpFWnQ3UlVUSkJZZ1hHZXQ4dXFjUXZaVDJZK3N6cHFNV3UzaEpWdmIxdgpZNGRJWE12RG1aV1BPVjFwbHJEaTVoc214VW05TDVtWk1IblllNzFOYkhsaEIxK0VUNXZmWFZjOERzU1RRZWRRCitDRHJKNGQ0em85dFNCa2pwYTM5M2RDRjhCSURESUQyWkVJNCtBVW52NWhTNm82NitOLzBONlp3cXkwc2pKY0cKQ21LeS9tNUpqVzFJWDMxSmZ1UU5Ldm9YNkRFN0Zkaz0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo="
|
|
sslProtocols: "" # if set, override default Nginx SSL protocols setting
|
|
|
|
## yugaware pod Security Context
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
securityContext:
|
|
enabled: false
|
|
## fsGroup related values are set at the pod level.
|
|
fsGroup: 10001
|
|
fsGroupChangePolicy: "OnRootMismatch"
|
|
## The following values are set for yugaware and prometheus containers.
|
|
## Setting runAsUser other than 10001 will fail the VM universe deployment flow.
|
|
runAsUser: 10001
|
|
runAsGroup: 10001
|
|
runAsNonRoot: true
|
|
|
|
helm:
|
|
timeout: 900
|
|
packagePath: "/opt/yugabyte/helm"
|
|
|
|
domainName: "cluster.local"
|
|
|
|
helm2Legacy: false
|
|
|
|
ip_version_support: "v4_only" # v4_only, v6_only are the only supported values at the moment
|
|
|
|
nginx:
|
|
workerConnections: 1024
|
|
db_node_proxy_enabled: false
|
|
|
|
# max size of file upload allowed by YB platform
|
|
upload_size: 10G
|
|
|
|
resources:
|
|
requests:
|
|
cpu: 0.25
|
|
memory: 300Mi
|
|
|
|
proxyReadTimeoutSec: 600
|
|
|
|
rbac:
|
|
## Set this to false if you don't have enough permissions to create
|
|
## ClusterRole and Binding, for example an OpenShift cluster. When
|
|
## set to false, some of the graphs from Container section of the
|
|
## Metrics UI don't work.
|
|
create: true
|
|
|
|
## In order to deploy on OpenShift Container Platform, set this to
|
|
## true.
|
|
ocpCompatibility:
|
|
enabled: false
|
|
|
|
# Extra containers to add to the pod.
|
|
sidecars: []
|
|
|
|
## Following two controls for placement of pod - nodeSelector and AZ affinity.
|
|
## Note: Remember to also provide a yugaware.StorageClass that has a olumeBindingMode of
|
|
## WaitForFirstConsumer so that the PVC is created in the right topology visible to this pod.
|
|
## See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
|
|
## eg.
|
|
## nodeSelector:
|
|
## topology.kubernetes.io/region: us-west1
|
|
nodeSelector: {}
|
|
|
|
## Affinity to a particular zone for the pod.
|
|
## See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
## eg.
|
|
## nodeAffinity:
|
|
## requiredDuringSchedulingIgnoredDuringExecution:
|
|
## nodeSelectorTerms:
|
|
## - matchExpressions:
|
|
## - key: failure-domain.beta.kubernetes.io/zone
|
|
## operator: In
|
|
## values:
|
|
## - us-west1-a
|
|
## - us-west1-b
|
|
zoneAffinity: {}
|
|
|
|
## The tolerations that the pod should have.
|
|
## See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
|
|
tolerations: []
|
|
|
|
## Don't want prometheus to scrape nodes and evaluate alert rules in some cases (for example - cloud).
|
|
prometheus:
|
|
scrapeNodes: true
|
|
evaluateAlertRules: true
|
|
retentionTime: 15d
|
|
queryConcurrency: 20
|
|
queryMaxSamples: 5000000
|
|
queryTimeout: 30s
|
|
|
|
resources:
|
|
requests:
|
|
cpu: 2
|
|
memory: 4Gi
|
|
|
|
## Prometheus remote write config, as described here:
|
|
## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write
|
|
## If tls configuration is needed, set prometheus.remoteWrite.tls.enabled = true and provide
|
|
## necessary certificates/keys in base64 format as prometheus.remoteWrite.tls.[caCert|cert|key].
|
|
## Remote write config should expect certs/keys in
|
|
## /opt/remote_write/certs/[ca.crt|client.crt|client.key] respectively.
|
|
remoteWrite:
|
|
config: []
|
|
tls:
|
|
enabled: false
|
|
## base64 encoded certificates and key expected
|
|
caCert: ""
|
|
clientCert: ""
|
|
clientKey: ""
|
|
|
|
|
|
# Arbitrary key=value config entries for application.docker.conf
|
|
additionalAppConf:
|
|
stringConf:
|
|
nonStringConf:
|
|
|
|
## Override the APIVersion used by policy group for
|
|
## PodDisruptionBudget resources. The chart selects the correct
|
|
## APIVersion based on the target Kubernetes cluster. You don't need
|
|
## to modify this unless you are using helm template command i.e. GKE
|
|
## app's deployer image against a Kubernetes cluster >= 1.21.
|
|
# pdbPolicyVersionOverride: "v1beta1"
|