561 lines
21 KiB
YAML
561 lines
21 KiB
YAML
# Generated file, DO NOT EDIT. Source: build/templates/values.yaml
|
|
image:
|
|
repository: cockroachdb/cockroach
|
|
tag: v23.1.7
|
|
pullPolicy: IfNotPresent
|
|
credentials: {}
|
|
# registry: docker.io
|
|
# username: john_doe
|
|
# password: changeme
|
|
|
|
|
|
# Additional labels to apply to all Kubernetes resources created by this chart.
|
|
labels: {}
|
|
# app.kubernetes.io/part-of: my-app
|
|
|
|
|
|
# Cluster's default DNS domain.
|
|
# You should overwrite it if you're using a different one,
|
|
# otherwise CockroachDB nodes discovery won't work.
|
|
clusterDomain: cluster.local
|
|
|
|
|
|
conf:
|
|
# An ordered list of CockroachDB node attributes.
|
|
# Attributes are arbitrary strings specifying machine capabilities.
|
|
# Machine capabilities might include specialized hardware or number of cores
|
|
# (e.g. "gpu", "x16c").
|
|
attrs: []
|
|
# - x16c
|
|
# - gpu
|
|
|
|
# Total size in bytes for caches, shared evenly if there are multiple
|
|
# storage devices. Size suffixes are supported (e.g. `1GB` and `1GiB`).
|
|
# A percentage of physical memory can also be specified (e.g. `.25`).
|
|
cache: 25%
|
|
|
|
# Sets a name to verify the identity of a cluster.
|
|
# The value must match between all nodes specified via `conf.join`.
|
|
# This can be used as an additional verification when either the node or
|
|
# cluster, or both, have not yet been initialized and do not yet know their
|
|
# cluster ID.
|
|
# To introduce a cluster name into an already-initialized cluster, pair this
|
|
# option with `conf.disable-cluster-name-verification: yes`.
|
|
cluster-name: ""
|
|
|
|
# Tell the server to ignore `conf.cluster-name` mismatches.
|
|
# This is meant for use when opting an existing cluster into starting to use
|
|
# cluster name verification, or when changing the cluster name.
|
|
# The cluster should be restarted once with `conf.cluster-name` and
|
|
# `conf.disable-cluster-name-verification: yes` combined, and once all nodes
|
|
# have been updated to know the new cluster name, the cluster can be restarted
|
|
# again with `conf.disable-cluster-name-verification: no`.
|
|
# This option has no effect if `conf.cluster-name` is not specified.
|
|
disable-cluster-name-verification: false
|
|
|
|
# The addresses for connecting a CockroachDB nodes to an existing cluster.
|
|
# If you are deploying a second CockroachDB instance that should join a first
|
|
# one, use the below list to join to the existing instance.
|
|
# Each item in the array should be a FQDN (and port if needed) resolvable by
|
|
# new Pods.
|
|
join: []
|
|
|
|
# New logging configuration.
|
|
log:
|
|
enabled: false
|
|
# https://www.cockroachlabs.com/docs/v21.1/configure-logs
|
|
config: {}
|
|
# file-defaults:
|
|
# dir: /custom/dir/path/
|
|
# fluent-defaults:
|
|
# format: json-fluent
|
|
# sinks:
|
|
# stderr:
|
|
# channels: [DEV]
|
|
|
|
# Logs at or above this threshold to STDERR. Ignored when "log" is enabled
|
|
logtostderr: INFO
|
|
|
|
# Maximum storage capacity available to store temporary disk-based data for
|
|
# SQL queries that exceed the memory budget (e.g. join, sorts, etc are
|
|
# sometimes able to spill intermediate results to disk).
|
|
# Accepts numbers interpreted as bytes, size suffixes (e.g. `32GB` and
|
|
# `32GiB`) or a percentage of disk size (e.g. `10%`).
|
|
# The location of the temporary files is within the first store dir.
|
|
# If expressed as a percentage, `max-disk-temp-storage` is interpreted
|
|
# relative to the size of the storage device on which the first store is
|
|
# placed. The temp space usage is never counted towards any store usage
|
|
# (although it does share the device with the first store) so, when
|
|
# configuring this, make sure that the size of this temp storage plus the size
|
|
# of the first store don't exceed the capacity of the storage device.
|
|
# If the first store is an in-memory one (i.e. `type=mem`), then this
|
|
# temporary "disk" data is also kept in-memory.
|
|
# A percentage value is interpreted as a percentage of the available internal
|
|
# memory.
|
|
# max-disk-temp-storage: 0GB
|
|
|
|
# Maximum allowed clock offset for the cluster. If observed clock offsets
|
|
# exceed this limit, servers will crash to minimize the likelihood of
|
|
# reading inconsistent data. Increasing this value will increase the time
|
|
# to recovery of failures as well as the frequency of uncertainty-based
|
|
# read restarts.
|
|
# Note, that this value must be the same on all nodes in the cluster.
|
|
# In order to change it, all nodes in the cluster must be stopped
|
|
# simultaneously and restarted with the new value.
|
|
# max-offset: 500ms
|
|
|
|
# Maximum memory capacity available to store temporary data for SQL clients,
|
|
# including prepared queries and intermediate data rows during query
|
|
# execution. Accepts numbers interpreted as bytes, size suffixes
|
|
# (e.g. `1GB` and `1GiB`) or a percentage of physical memory (e.g. `.25`).
|
|
max-sql-memory: 25%
|
|
|
|
# An ordered, comma-separated list of key-value pairs that describe the
|
|
# topography of the machine. Topography might include country, datacenter
|
|
# or rack designations. Data is automatically replicated to maximize
|
|
# diversities of each tier. The order of tiers is used to determine
|
|
# the priority of the diversity, so the more inclusive localities like
|
|
# country should come before less inclusive localities like datacenter.
|
|
# The tiers and order must be the same on all nodes. Including more tiers
|
|
# is better than including fewer. For example:
|
|
# locality: country=us,region=us-west,datacenter=us-west-1b,rack=12
|
|
# locality: country=ca,region=ca-east,datacenter=ca-east-2,rack=4
|
|
# locality: planet=earth,province=manitoba,colo=secondary,power=3
|
|
locality: ""
|
|
|
|
# Run CockroachDB instances in standalone mode with replication disabled
|
|
# (replication factor = 1).
|
|
# Enabling this option makes the following values to be ignored:
|
|
# - `conf.cluster-name`
|
|
# - `conf.disable-cluster-name-verification`
|
|
# - `conf.join`
|
|
#
|
|
# WARNING: Enabling this option makes each deployed Pod as a STANDALONE
|
|
# CockroachDB instance, so the StatefulSet does NOT FORM A CLUSTER.
|
|
# Don't use this option for production deployments unless you clearly
|
|
# understand what you're doing.
|
|
# Usually, this option is intended to be used in conjunction with
|
|
# `statefulset.replicas: 1` for temporary one-time deployments (like
|
|
# running E2E tests, for example).
|
|
single-node: false
|
|
|
|
# If non-empty, create a SQL audit log in the specified directory.
|
|
sql-audit-dir: ""
|
|
|
|
# CockroachDB's port to listen to inter-communications and client connections.
|
|
port: 26257
|
|
|
|
# CockroachDB's port to listen to HTTP requests.
|
|
http-port: 8080
|
|
|
|
# CockroachDB's data mount path.
|
|
path: cockroach-data
|
|
|
|
# CockroachDB's storage configuration https://www.cockroachlabs.com/docs/v21.1/cockroach-start.html#storage
|
|
# Uses --store flag
|
|
store:
|
|
enabled: false
|
|
# Should be empty or 'mem'
|
|
type:
|
|
# Required for type=mem. If type and size is empty - storage.persistentVolume.size is used
|
|
size:
|
|
# Arbitrary strings, separated by colons, specifying disk type or capability
|
|
attrs:
|
|
|
|
statefulset:
|
|
replicas: 3
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
podManagementPolicy: Parallel
|
|
budget:
|
|
maxUnavailable: 1
|
|
|
|
# List of additional command-line arguments you want to pass to the
|
|
# `cockroach start` command.
|
|
args: []
|
|
# - --disable-cluster-name-verification
|
|
|
|
# List of extra environment variables to pass into container
|
|
env: []
|
|
# - name: COCKROACH_ENGINE_MAX_SYNC_DURATION
|
|
# value: "24h"
|
|
|
|
# List of Secrets names in the same Namespace as the CockroachDB cluster,
|
|
# which shall be mounted into `/etc/cockroach/secrets/` for every cluster
|
|
# member.
|
|
secretMounts: []
|
|
|
|
# Additional labels to apply to this StatefulSet and all its Pods.
|
|
labels:
|
|
app.kubernetes.io/component: cockroachdb
|
|
|
|
# Additional annotations to apply to the Pods of this StatefulSet.
|
|
annotations: {}
|
|
|
|
# Affinity rules for scheduling Pods of this StatefulSet on Nodes.
|
|
# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity
|
|
nodeAffinity: {}
|
|
# Inter-Pod Affinity rules for scheduling Pods of this StatefulSet.
|
|
# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
podAffinity: {}
|
|
# Anti-affinity rules for scheduling Pods of this StatefulSet.
|
|
# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
# You may either toggle options below for default anti-affinity rules,
|
|
# or specify the whole set of anti-affinity rules instead of them.
|
|
podAntiAffinity:
|
|
# The topologyKey to be used.
|
|
# Can be used to spread across different nodes, AZs, regions etc.
|
|
topologyKey: kubernetes.io/hostname
|
|
# Type of anti-affinity rules: either `soft`, `hard` or empty value (which
|
|
# disables anti-affinity rules).
|
|
type: soft
|
|
# Weight for `soft` anti-affinity rules.
|
|
# Does not apply for other anti-affinity types.
|
|
weight: 100
|
|
|
|
# Node selection constraints for scheduling Pods of this StatefulSet.
|
|
# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
|
nodeSelector: {}
|
|
|
|
# PriorityClassName given to Pods of this StatefulSet
|
|
# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
|
|
priorityClassName: ""
|
|
|
|
# Taints to be tolerated by Pods of this StatefulSet.
|
|
# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
tolerations: []
|
|
|
|
# https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
|
|
topologySpreadConstraints:
|
|
maxSkew: 1
|
|
topologyKey: topology.kubernetes.io/zone
|
|
whenUnsatisfiable: ScheduleAnyway
|
|
|
|
# Uncomment the following resources definitions or pass them from
|
|
# command line to control the CPU and memory resources allocated
|
|
# by Pods of this StatefulSet.
|
|
resources: {}
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 512Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 512Mi
|
|
|
|
# Custom Liveness probe
|
|
# https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-liveness-http-request
|
|
customLivenessProbe: {}
|
|
# httpGet:
|
|
# path: /health
|
|
# port: http
|
|
# scheme: HTTPS
|
|
# initialDelaySeconds: 30
|
|
# periodSeconds: 5
|
|
|
|
# Custom Rediness probe
|
|
# https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes
|
|
customReadinessProbe: {}
|
|
# httpGet:
|
|
# path: /health
|
|
# port: http
|
|
# scheme: HTTPS
|
|
# initialDelaySeconds: 30
|
|
# periodSeconds: 5
|
|
|
|
securityContext:
|
|
enabled: true
|
|
|
|
serviceAccount:
|
|
# Specifies whether this ServiceAccount should be created.
|
|
create: true
|
|
# The name of this ServiceAccount to use.
|
|
# If not set and `create` is `true`, then service account is auto-generated.
|
|
# If not set and `create` is `false`, then it uses default service account.
|
|
name: ""
|
|
# Additional serviceAccount annotations (e.g. for attaching AWS IAM roles to pods)
|
|
annotations: {}
|
|
|
|
service:
|
|
ports:
|
|
# You can set a different external and internal gRPC ports and their name.
|
|
grpc:
|
|
external:
|
|
port: 26257
|
|
name: grpc
|
|
# If the port number is different than `external.port`, then it will be
|
|
# named as `internal.name` in Service.
|
|
internal:
|
|
port: 26257
|
|
# If using Istio set it to `cockroach`.
|
|
name: grpc-internal
|
|
http:
|
|
port: 8080
|
|
name: http
|
|
|
|
# This Service is meant to be used by clients of the database.
|
|
# It exposes a ClusterIP that will automatically load balance connections
|
|
# to the different database Pods.
|
|
public:
|
|
type: ClusterIP
|
|
# Additional labels to apply to this Service.
|
|
labels:
|
|
app.kubernetes.io/component: cockroachdb
|
|
# Additional annotations to apply to this Service.
|
|
annotations: {}
|
|
|
|
# This service only exists to create DNS entries for each pod in
|
|
# the StatefulSet such that they can resolve each other's IP addresses.
|
|
# It does not create a load-balanced ClusterIP and should not be used directly
|
|
# by clients in most circumstances.
|
|
discovery:
|
|
# Additional labels to apply to this Service.
|
|
labels:
|
|
app.kubernetes.io/component: cockroachdb
|
|
# Additional annotations to apply to this Service.
|
|
annotations: {}
|
|
|
|
# CockroachDB's ingress for web ui.
|
|
ingress:
|
|
enabled: false
|
|
labels: {}
|
|
annotations: {}
|
|
# kubernetes.io/ingress.class: nginx
|
|
# cert-manager.io/cluster-issuer: letsencrypt
|
|
paths: [/]
|
|
hosts: []
|
|
# - cockroachlabs.com
|
|
tls: []
|
|
# - hosts: [cockroachlabs.com]
|
|
# secretName: cockroachlabs-tls
|
|
|
|
prometheus:
|
|
enabled: true
|
|
|
|
securityContext:
|
|
enabled: true
|
|
|
|
# CockroachDB's Prometheus operator ServiceMonitor support
|
|
serviceMonitor:
|
|
enabled: false
|
|
labels: {}
|
|
annotations: {}
|
|
interval: 10s
|
|
# scrapeTimeout: 10s
|
|
# Limits the ServiceMonitor to the current namespace if set to `true`.
|
|
namespaced: false
|
|
|
|
# CockroachDB's data persistence.
|
|
# If neither `persistentVolume` nor `hostPath` is used, then data will be
|
|
# persisted in ad-hoc `emptyDir`.
|
|
storage:
|
|
# Absolute path on host to store CockroachDB's data.
|
|
# If not specified, then `emptyDir` will be used instead.
|
|
# If specified, but `persistentVolume.enabled` is `true`, then has no effect.
|
|
hostPath: ""
|
|
|
|
# If `enabled` is `true` then a PersistentVolumeClaim will be created and
|
|
# used to store CockroachDB's data, otherwise `hostPath` is used.
|
|
persistentVolume:
|
|
enabled: true
|
|
|
|
size: 100Gi
|
|
|
|
# If defined, then `storageClassName: <storageClass>`.
|
|
# If set to "-", then `storageClassName: ""`, which disables dynamic
|
|
# provisioning.
|
|
# If undefined or empty (default), then no `storageClassName` spec is set,
|
|
# so the default provisioner will be chosen (gp2 on AWS, standard on
|
|
# GKE, AWS & OpenStack).
|
|
storageClass: ""
|
|
|
|
# Additional labels to apply to the created PersistentVolumeClaims.
|
|
labels: {}
|
|
# Additional annotations to apply to the created PersistentVolumeClaims.
|
|
annotations: {}
|
|
|
|
|
|
# Kubernetes Job which initializes multi-node CockroachDB cluster.
|
|
# It's not created if `statefulset.replicas` is `1`.
|
|
init:
|
|
# Additional labels to apply to this Job and its Pod.
|
|
labels:
|
|
app.kubernetes.io/component: init
|
|
|
|
# Additional annotations to apply to this Job.
|
|
jobAnnotations: {}
|
|
|
|
# Additional annotations to apply to the Pod of this Job.
|
|
annotations: {}
|
|
|
|
# Affinity rules for scheduling the Pod of this Job.
|
|
# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity
|
|
affinity: {}
|
|
|
|
# Node selection constraints for scheduling the Pod of this Job.
|
|
# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
|
nodeSelector: {}
|
|
|
|
# Taints to be tolerated by the Pod of this Job.
|
|
# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
tolerations: []
|
|
|
|
# The init Pod runs at cluster creation to initialize CockroachDB. It finishes
|
|
# quickly and doesn't continue to consume resources in the Kubernetes
|
|
# cluster. Normally, you should leave this section commented out, but if your
|
|
# Kubernetes cluster uses Resource Quotas and requires all pods to specify
|
|
# resource requests or limits, you can set those here.
|
|
resources: {}
|
|
# requests:
|
|
# cpu: "10m"
|
|
# memory: "128Mi"
|
|
# limits:
|
|
# cpu: "10m"
|
|
# memory: "128Mi"
|
|
|
|
securityContext:
|
|
enabled: true
|
|
|
|
provisioning:
|
|
enabled: false
|
|
# https://www.cockroachlabs.com/docs/stable/cluster-settings.html
|
|
clusterSettings:
|
|
# cluster.organization: "'FooCorp - Local Testing'"
|
|
# enterprise.license: "'xxxxx'"
|
|
users: []
|
|
# - name:
|
|
# password:
|
|
# # https://www.cockroachlabs.com/docs/stable/create-user.html#parameters
|
|
# options: [LOGIN]
|
|
databases: []
|
|
# - name:
|
|
# # https://www.cockroachlabs.com/docs/stable/create-database.html#parameters
|
|
# options: [encoding='utf-8']
|
|
# owners: []
|
|
# # https://www.cockroachlabs.com/docs/stable/grant.html#parameters
|
|
# owners_with_grant_option: []
|
|
# # Backup schedules are not idemponent for now and will fail on next run
|
|
# # https://github.com/cockroachdb/cockroach/issues/57892
|
|
# backup:
|
|
# into: s3://
|
|
# # Enterprise-only option (revision_history)
|
|
# # https://www.cockroachlabs.com/docs/stable/create-schedule-for-backup.html#backup-options
|
|
# options: [revision_history]
|
|
# recurring: '@always'
|
|
# # Enterprise-only feature. Remove this value to use `FULL BACKUP ALWAYS`
|
|
# fullBackup: '@daily'
|
|
# schedule:
|
|
# # https://www.cockroachlabs.com/docs/stable/create-schedule-for-backup.html#schedule-options
|
|
# options: [first_run = 'now']
|
|
|
|
|
|
# Whether to run securely using TLS certificates.
|
|
tls:
|
|
enabled: true
|
|
copyCerts:
|
|
image: busybox
|
|
certs:
|
|
# Bring your own certs scenario. If provided, tls.init section will be ignored.
|
|
provided: false
|
|
# Secret name for the client root cert.
|
|
clientRootSecret: cockroachdb-root
|
|
# Secret name for node cert.
|
|
nodeSecret: cockroachdb-node
|
|
# Enable if the secret is a dedicated TLS.
|
|
# TLS secrets are created by cert-mananger, for example.
|
|
tlsSecret: false
|
|
# Enable if the you want cockroach db to create its own certificates
|
|
selfSigner:
|
|
# If set, the cockroach db will generate its own certificates
|
|
enabled: true
|
|
# Run selfSigner as non-root
|
|
securityContext:
|
|
enabled: true
|
|
# If set, the user should provide the CA certificate to sign other certificates.
|
|
caProvided: false
|
|
# It holds the name of the secret with caCerts. If caProvided is set, this can not be empty.
|
|
caSecret: ""
|
|
# Minimum Certificate duration for all the certificates, all certs duration will be validated against this.
|
|
minimumCertDuration: 624h
|
|
# Duration of CA certificates in hour
|
|
caCertDuration: 43800h
|
|
# Expiry window of CA certificates means a window before actual expiry in which CA certs should be rotated.
|
|
caCertExpiryWindow: 648h
|
|
# Duration of Client certificates in hour
|
|
clientCertDuration: 672h
|
|
# Expiry window of client certificates means a window before actual expiry in which client certs should be rotated.
|
|
clientCertExpiryWindow: 48h
|
|
# Duration of node certificates in hour
|
|
nodeCertDuration: 8760h
|
|
# Expiry window of node certificates means a window before actual expiry in which node certs should be rotated.
|
|
nodeCertExpiryWindow: 168h
|
|
# If set, the cockroachdb cert selfSigner will rotate the certificates before expiry.
|
|
rotateCerts: true
|
|
# Wait time for each cockroachdb replica to become ready once it comes in running state. Only considered when rotateCerts is set to true
|
|
readinessWait: 30s
|
|
# Wait time for each cockroachdb replica to get to running state. Only considered when rotateCerts is set to true
|
|
podUpdateTimeout: 2m
|
|
# ServiceAccount annotations for selfSigner jobs (e.g. for attaching AWS IAM roles to pods)
|
|
svcAccountAnnotations: {}
|
|
|
|
# Use cert-manager to issue certificates for mTLS.
|
|
certManager: false
|
|
# Specify an Issuer or a ClusterIssuer to use, when issuing
|
|
# node and client certificates. The values correspond to the
|
|
# issuerRef specified in the certificate.
|
|
certManagerIssuer:
|
|
group: cert-manager.io
|
|
kind: Issuer
|
|
name: cockroachdb
|
|
# Duration of Client certificates in hours
|
|
clientCertDuration: 672h
|
|
# Expiry window of client certificates means a window before actual expiry in which client certs should be rotated.
|
|
clientCertExpiryWindow: 48h
|
|
# Duration of node certificates in hours
|
|
nodeCertDuration: 8760h
|
|
# Expiry window of node certificates means a window before actual expiry in which node certs should be rotated.
|
|
nodeCertExpiryWindow: 168h
|
|
# Enable if you run cert-manager >=1.0 on K8s <=1.15 with legacy CRDs
|
|
# Legacy CRDs only support cert-manager.io/v1 API Versions
|
|
useCertManagerV1CRDs: false
|
|
|
|
selfSigner:
|
|
# Image Placeholder for the selfSigner utility. This will be changed once the CI workflows for the image is in place.
|
|
image:
|
|
repository: cockroachlabs-helm-charts/cockroach-self-signer-cert
|
|
tag: "1.4"
|
|
pullPolicy: IfNotPresent
|
|
credentials: {}
|
|
registry: gcr.io
|
|
# username: john_doe
|
|
# password: changeme
|
|
|
|
networkPolicy:
|
|
enabled: false
|
|
|
|
ingress:
|
|
# List of sources which should be able to access the CockroachDB Pods via
|
|
# gRPC port. Items in this list are combined using a logical OR operation.
|
|
# Rules for allowing inter-communication are applied automatically.
|
|
# If empty, then connections from any Pod is allowed.
|
|
grpc: []
|
|
# - podSelector:
|
|
# matchLabels:
|
|
# app.kubernetes.io/name: my-app-django
|
|
# app.kubernetes.io/instance: my-app
|
|
|
|
# List of sources which should be able to access the CockroachDB Pods via
|
|
# HTTP port. Items in this list are combined using a logical OR operation.
|
|
# If empty, then connections from any Pod is allowed.
|
|
http: []
|
|
# - namespaceSelector:
|
|
# matchLabels:
|
|
# project: my-project
|
|
|
|
# To put the admin interface behind Identity Aware Proxy (IAP) on Google Cloud Platform
|
|
# make sure to set ingress.paths: ['/*']
|
|
iap:
|
|
enabled: false
|
|
# Create Google Cloud OAuth credentials and set client id and secret
|
|
# clientId:
|
|
# clientSecret:
|