grafana-loki
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
##
15
16
## @param global.imageRegistry Global Docker image registry
17
## @param global.imagePullSecrets Global Docker registry secret names as an array
18
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
19
##
20
global:
21
imageRegistry: ""
22
## E.g.
23
## imagePullSecrets:
24
## - myRegistryKeySecretName
25
##
26
imagePullSecrets: []
27
defaultStorageClass: ""
28
## Security parameters
29
##
30
security:
31
## @param global.security.allowInsecureImages Allows skipping image verification
32
allowInsecureImages: false
33
## Compatibility adaptations for Kubernetes platforms
34
##
35
compatibility:
36
## Compatibility adaptations for Openshift
37
##
38
openshift:
39
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
40
##
41
adaptSecurityContext: auto
42
org: ""
43
## @section Common parameters
44
##
45
46
## @param kubeVersion Override Kubernetes version
47
##
48
kubeVersion: ""
49
## @param nameOverride String to partially override common.names.fullname
50
##
51
nameOverride: ""
52
## @param fullnameOverride String to fully override common.names.fullname
53
##
54
fullnameOverride: ""
55
## @param commonLabels Labels to add to all deployed objects
56
##
57
commonLabels: {}
58
## @param commonAnnotations Annotations to add to all deployed objects
59
##
60
commonAnnotations: {}
61
## @param clusterDomain Kubernetes cluster domain name
62
##
63
clusterDomain: cluster.local
64
## @param extraDeploy Array of extra objects to deploy with the release
65
##
66
extraDeploy: []
67
## Enable diagnostic mode in the deployments/statefulsets
68
##
69
diagnosticMode:
70
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
71
##
72
enabled: false
73
## @param diagnosticMode.command Command to override all containers in the deployments/statefulsets
74
##
75
command:
76
- sleep
77
## @param diagnosticMode.args Args to override all containers in the deployments/statefulsets
78
##
79
args:
80
- infinity
81
## @section Common Grafana Loki Parameters
82
##
83
loki:
84
## Iamguarded Grafana Loki image
85
## @param loki.image.registry [default: REGISTRY_NAME] Grafana Loki image registry
86
## @param loki.image.repository [default: REPOSITORY_NAME/grafana-loki] Grafana Loki image repository
87
## @skip loki.image.tag Grafana Loki image tag (immutable tags are recommended)
88
## @param loki.image.digest Grafana Loki image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
89
## @param loki.image.pullPolicy Grafana Loki image pull policy
90
## @param loki.image.pullSecrets Grafana Loki image pull secrets
91
##
92
image:
93
registry: cgr.dev
94
repository: chainguard-private/loki-iamguarded
95
tag: 3.6.7
96
digest: ""
97
## Specify a imagePullPolicy
98
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
99
##
100
pullPolicy: IfNotPresent
101
## Optionally specify an array of imagePullSecrets.
102
## Secrets must be manually created in the namespace.
103
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
104
## e.g:
105
## pullSecrets:
106
## - myRegistryKeySecretName
107
##
108
pullSecrets: []
109
## @param loki.configuration [string] Loki components configuration
110
##
111
configuration: |
112
auth_enabled: false
113
114
server:
115
http_listen_port: {{ .Values.loki.containerPorts.http }}
116
grpc_listen_port: {{ .Values.loki.containerPorts.grpc }}
117
common:
118
compactor_address: http://{{ include "grafana-loki.compactor.fullname" . }}:{{ .Values.compactor.service.ports.http }}
119
120
distributor:
121
ring:
122
kvstore:
123
store: memberlist
124
125
memberlist:
126
join_members:
127
- {{ include "grafana-loki.gossip-ring.fullname" . }}
128
129
ingester:
130
lifecycler:
131
ring:
132
kvstore:
133
store: memberlist
134
replication_factor: 1
135
chunk_idle_period: 30m
136
chunk_block_size: 262144
137
chunk_encoding: snappy
138
chunk_retain_period: 1m
139
wal:
140
dir: {{ .Values.loki.dataDir }}/wal
141
142
limits_config:
143
retention_period: 336h
144
reject_old_samples: true
145
reject_old_samples_max_age: 168h
146
max_cache_freshness_per_query: 10m
147
split_queries_by_interval: 15m
148
allow_structured_metadata: true
149
150
schema_config:
151
configs:
152
- from: 2020-10-24
153
store: boltdb-shipper
154
object_store: filesystem
155
schema: v11
156
index:
157
prefix: index_
158
period: 24h
159
- from: 2024-03-12
160
store: tsdb
161
object_store: filesystem
162
schema: v12
163
index:
164
period: 24h
165
prefix: index_
166
- from: 2024-04-23
167
object_store: filesystem
168
store: tsdb
169
schema: v13
170
index:
171
prefix: index_
172
period: 24h
173
174
storage_config:
175
boltdb_shipper:
176
active_index_directory: {{ .Values.loki.dataDir }}/loki/index
177
cache_location: {{ .Values.loki.dataDir }}/loki/cache
178
cache_ttl: 168h
179
{{- if .Values.indexGateway.enabled }}
180
index_gateway_client:
181
server_address: {{ (printf "dns:///%s:9095" (include "grafana-loki.index-gateway.fullname" .)) }}
182
{{- end }}
183
filesystem:
184
directory: {{ .Values.loki.dataDir }}/chunks
185
index_queries_cache_config:
186
{{- if .Values.memcachedindexqueries.enabled }}
187
memcached:
188
batch_size: 100
189
parallelism: 100
190
memcached_client:
191
consistent_hash: true
192
addresses: dns+{{ include "grafana-loki.memcached-index-queries.host" . }}
193
service: http
194
{{- end }}
195
tsdb_shipper:
196
active_index_directory: {{ .Values.loki.dataDir }}/loki/tsdb-index
197
cache_location: {{ .Values.loki.dataDir }}/loki/tsdb-cache
198
{{- if .Values.indexGateway.enabled }}
199
index_gateway_client:
200
server_address: {{ (printf "dns:///%s:9095" (include "grafana-loki.index-gateway.fullname" .)) }}
201
{{- end }}
202
203
query_scheduler:
204
max_outstanding_requests_per_tenant: 32768
205
206
querier:
207
max_concurrent: 16
208
209
chunk_store_config:
210
{{- if .Values.memcachedchunks.enabled }}
211
chunk_cache_config:
212
memcached:
213
batch_size: 100
214
parallelism: 100
215
memcached_client:
216
consistent_hash: true
217
addresses: dns+{{ include "grafana-loki.memcached-chunks.host" . }}
218
{{- end }}
219
{{- if .Values.memcachedindexwrites.enabled }}
220
write_dedupe_cache_config:
221
memcached:
222
batch_size: 100
223
parallelism: 100
224
memcached_client:
225
consistent_hash: true
226
addresses: dns+{{ include "grafana-loki.memcached-index-writes.host" . }}
227
{{- end }}
228
229
table_manager:
230
retention_deletes_enabled: false
231
retention_period: 0s
232
233
query_range:
234
align_queries_with_step: true
235
max_retries: 5
236
cache_results: true
237
results_cache:
238
cache:
239
{{- if .Values.memcachedfrontend.enabled }}
240
memcached_client:
241
consistent_hash: true
242
addresses: dns+{{ include "grafana-loki.memcached-frontend.host" . }}
243
max_idle_conns: 16
244
timeout: 500ms
245
update_interval: 1m
246
{{- else }}
247
embedded_cache:
248
enabled: true
249
max_size_mb: 4096
250
ttl: 24h
251
{{- end }}
252
{{- if not .Values.queryScheduler.enabled }}
253
frontend_worker:
254
frontend_address: {{ include "grafana-loki.query-frontend.fullname" . }}:{{ .Values.queryFrontend.service.ports.grpc }}
255
{{- end }}
256
257
frontend:
258
log_queries_longer_than: 5s
259
compress_responses: true
260
tail_proxy_url: http://{{ include "grafana-loki.querier.fullname" . }}:{{ .Values.querier.service.ports.http }}
261
262
compactor:
263
working_directory: {{ .Values.loki.dataDir }}/loki/retention
264
compaction_interval: 10m
265
retention_enabled: true
266
retention_delete_delay: 2h
267
retention_delete_worker_count: 150
268
delete_request_store: filesystem
269
270
ruler:
271
storage:
272
type: local
273
local:
274
directory: {{ .Values.loki.dataDir }}/conf/rules
275
ring:
276
kvstore:
277
store: memberlist
278
rule_path: /tmp/loki/scratch
279
alertmanager_url: https://alertmanager.xx
280
external_url: https://alertmanager.xx
281
## @param loki.overrideConfiguration [object] Loki components configuration override. Values defined here takes precedence over loki.configuration
282
## e.g:
283
## overrideConfiguration:
284
## auth_enabled: true
285
##
286
overrideConfiguration: {}
287
## @param loki.existingConfigmap Name of a ConfigMap with the Loki configuration
288
##
289
existingConfigmap: ""
290
## @param loki.dataDir path to the Loki data directory
291
##
292
dataDir: "/iamguarded/grafana-loki"
293
## @param loki.containerPorts.http Loki components web container port
294
## @param loki.containerPorts.grpc Loki components GRPC container port
295
## @param loki.containerPorts.gossipRing Loki components Gossip Ring container port
296
##
297
containerPorts:
298
http: 3100
299
grpc: 9095
300
gossipRing: 7946
301
## Gossip Ring parameters
302
##
303
gossipRing:
304
## Gossip Ring service parameters
305
##
306
service:
307
## @param loki.gossipRing.service.ports.http Gossip Ring HTTP headless service port
308
##
309
ports:
310
http: 7946
311
## @param loki.gossipRing.service.annotations Additional custom annotations for Gossip Ring headless service
312
##
313
annotations: {}
314
## @section Compactor Deployment Parameters
315
##
316
compactor:
317
## @param compactor.enabled Enable Compactor deployment
318
##
319
enabled: true
320
## @param compactor.extraEnvVars Array with extra environment variables to add to compactor nodes
321
## e.g:
322
## extraEnvVars:
323
## - name: FOO
324
## value: "bar"
325
##
326
extraEnvVars: []
327
## @param compactor.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for compactor nodes
328
##
329
extraEnvVarsCM: ""
330
## @param compactor.extraEnvVarsSecret Name of existing Secret containing extra env vars for compactor nodes
331
##
332
extraEnvVarsSecret: ""
333
## @param compactor.command Override default container command (useful when using custom images)
334
##
335
command: []
336
## @param compactor.args Override default container args (useful when using custom images)
337
##
338
args: []
339
## @param compactor.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled)
340
##
341
extraArgs: []
342
## @param compactor.replicaCount Number of Compactor replicas to deploy
343
##
344
replicaCount: 1
345
## Configure extra options for Compactor containers' liveness, readiness and startup probes
346
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
347
## @param compactor.livenessProbe.enabled Enable livenessProbe on Compactor nodes
348
## @param compactor.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
349
## @param compactor.livenessProbe.periodSeconds Period seconds for livenessProbe
350
## @param compactor.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
351
## @param compactor.livenessProbe.failureThreshold Failure threshold for livenessProbe
352
## @param compactor.livenessProbe.successThreshold Success threshold for livenessProbe
353
##
354
livenessProbe:
355
enabled: true
356
failureThreshold: 3
357
initialDelaySeconds: 60
358
periodSeconds: 10
359
successThreshold: 1
360
timeoutSeconds: 1
361
## @param compactor.readinessProbe.enabled Enable readinessProbe on Compactor nodes
362
## @param compactor.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
363
## @param compactor.readinessProbe.periodSeconds Period seconds for readinessProbe
364
## @param compactor.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
365
## @param compactor.readinessProbe.failureThreshold Failure threshold for readinessProbe
366
## @param compactor.readinessProbe.successThreshold Success threshold for readinessProbe
367
##
368
readinessProbe:
369
enabled: true
370
failureThreshold: 3
371
initialDelaySeconds: 60
372
periodSeconds: 10
373
successThreshold: 1
374
timeoutSeconds: 1
375
## @param compactor.startupProbe.enabled Enable startupProbe on Compactor containers
376
## @param compactor.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
377
## @param compactor.startupProbe.periodSeconds Period seconds for startupProbe
378
## @param compactor.startupProbe.timeoutSeconds Timeout seconds for startupProbe
379
## @param compactor.startupProbe.failureThreshold Failure threshold for startupProbe
380
## @param compactor.startupProbe.successThreshold Success threshold for startupProbe
381
##
382
startupProbe:
383
enabled: false
384
initialDelaySeconds: 30
385
periodSeconds: 10
386
timeoutSeconds: 1
387
failureThreshold: 15
388
successThreshold: 1
389
## @param compactor.customLivenessProbe Custom livenessProbe that overrides the default one
390
##
391
customLivenessProbe: {}
392
## @param compactor.customReadinessProbe Custom readinessProbe that overrides the default one
393
##
394
customReadinessProbe: {}
395
## @param compactor.customStartupProbe Custom startupProbe that overrides the default one
396
##
397
customStartupProbe: {}
398
## compactor resource requests and limits
399
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
400
## @param compactor.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if compactor.resources is set (compactor.resources is recommended for production).
401
##
402
resourcesPreset: "nano"
403
## @param compactor.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
404
## Example:
405
## resources:
406
## requests:
407
## cpu: 2
408
## memory: 512Mi
409
## limits:
410
## cpu: 3
411
## memory: 1024Mi
412
##
413
resources: {}
414
## Configure Pods Security Context
415
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
416
## @param compactor.podSecurityContext.enabled Enabled Compactor pods' Security Context
417
## @param compactor.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
418
## @param compactor.podSecurityContext.sysctls Set kernel settings using the sysctl interface
419
## @param compactor.podSecurityContext.supplementalGroups Set filesystem extra groups
420
## @param compactor.podSecurityContext.fsGroup Set Compactor pod's Security Context fsGroup
421
##
422
podSecurityContext:
423
enabled: true
424
fsGroupChangePolicy: Always
425
sysctls: []
426
supplementalGroups: []
427
fsGroup: 1001
428
## Configure Container Security Context
429
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
430
## @param compactor.containerSecurityContext.enabled Enable containers' Security Context
431
## @param compactor.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
432
## @param compactor.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
433
## @param compactor.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
434
## @param compactor.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
435
## @param compactor.containerSecurityContext.privileged Set container's Security Context privileged
436
## @param compactor.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
437
## @param compactor.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
438
## @param compactor.containerSecurityContext.capabilities.drop List of capabilities to be dropped
439
## @param compactor.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
440
##
441
containerSecurityContext:
442
enabled: true
443
seLinuxOptions: {}
444
runAsUser: 1001
445
runAsGroup: 1001
446
runAsNonRoot: true
447
privileged: false
448
readOnlyRootFilesystem: true
449
allowPrivilegeEscalation: false
450
capabilities:
451
drop: ["ALL"]
452
seccompProfile:
453
type: "RuntimeDefault"
454
## @param compactor.lifecycleHooks for the compactor container(s) to automate configuration before or after startup
455
##
456
lifecycleHooks: {}
457
## @param compactor.automountServiceAccountToken Mount Service Account token in pod
458
##
459
automountServiceAccountToken: false
460
## @param compactor.hostAliases compactor pods host aliases
461
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
462
##
463
hostAliases: []
464
## @param compactor.podLabels Extra labels for compactor pods
465
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
466
##
467
podLabels: {}
468
## @param compactor.podAnnotations Annotations for compactor pods
469
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
470
##
471
podAnnotations: {}
472
## @param compactor.podAffinityPreset Pod affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard`
473
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
474
##
475
podAffinityPreset: ""
476
## @param compactor.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard`
477
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
478
##
479
podAntiAffinityPreset: soft
480
## Node compactor.affinity preset
481
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
482
##
483
nodeAffinityPreset:
484
## @param compactor.nodeAffinityPreset.type Node affinity preset type. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard`
485
##
486
type: ""
487
## @param compactor.nodeAffinityPreset.key Node label key to match. Ignored if `compactor.affinity` is set
488
##
489
key: ""
490
## @param compactor.nodeAffinityPreset.values Node label values to match. Ignored if `compactor.affinity` is set
491
## E.g.
492
## values:
493
## - e2e-az1
494
## - e2e-az2
495
##
496
values: []
497
## @param compactor.affinity Affinity for Compactor pods assignment
498
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
499
## NOTE: `compactor.podAffinityPreset`, `compactor.podAntiAffinityPreset`, and `compactor.nodeAffinityPreset` will be ignored when it's set
500
##
501
affinity: {}
502
## @param compactor.nodeSelector Node labels for Compactor pods assignment
503
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
504
##
505
nodeSelector: {}
506
## @param compactor.tolerations Tolerations for Compactor pods assignment
507
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
508
##
509
tolerations: []
510
## @param compactor.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains
511
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
512
##
513
topologySpreadConstraints: []
514
## @param compactor.priorityClassName Compactor pods' priorityClassName
515
##
516
priorityClassName: ""
517
## @param compactor.schedulerName Kubernetes pod scheduler registry
518
## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
519
##
520
schedulerName: ""
521
## @param compactor.updateStrategy.type Compactor statefulset strategy type
522
## @param compactor.updateStrategy.rollingUpdate [object,nullable] Compactor statefulset rolling update configuration parameters
523
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
524
##
525
updateStrategy:
526
type: RollingUpdate
527
rollingUpdate: null
528
## @param compactor.extraVolumes Optionally specify extra list of additional volumes for the Compactor pod(s)
529
##
530
extraVolumes: []
531
## @param compactor.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Compactor container(s)
532
##
533
extraVolumeMounts: []
534
## @param compactor.sidecars Add additional sidecar containers to the Compactor pod(s)
535
## e.g:
536
## sidecars:
537
## - name: your-image-name
538
## image: your-image
539
## imagePullPolicy: Always
540
## ports:
541
## - name: portname
542
## containerPort: 1234
543
##
544
sidecars: []
545
## @param compactor.initContainers Add additional init containers to the Compactor pod(s)
546
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
547
## e.g:
548
## initContainers:
549
## - name: your-image-name
550
## image: your-image
551
## imagePullPolicy: Always
552
## command: ['sh', '-c', 'echo "hello world"']
553
##
554
initContainers: []
555
## Pod Disruption Budget configuration
556
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
557
## @param compactor.pdb.create Enable/disable a Pod Disruption Budget creation
558
## @param compactor.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
559
## @param compactor.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `compactor.pdb.minAvailable` and `compactor.pdb.maxUnavailable` are empty.
560
##
561
pdb:
562
create: true
563
minAvailable: ""
564
maxUnavailable: ""
565
## Enable persistence using Persistent Volume Claims
566
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
567
##
568
persistence:
569
## @param compactor.persistence.enabled Enable persistence in Compactor instances
570
##
571
enabled: true
572
## @param compactor.persistence.existingClaim Name of an existing PVC to use
573
##
574
existingClaim: ""
575
## @param compactor.persistence.storageClass PVC Storage Class for Memcached data volume
576
## If defined, storageClassName: <storageClass>
577
## If set to "-", storageClassName: "", which disables dynamic provisioning
578
## If undefined (the default) or set to null, no storageClassName spec is
579
## set, choosing the default provisioner. (gp2 on AWS, standard on
580
## GKE, AWS & OpenStack)
581
##
582
storageClass: ""
583
## @param compactor.persistence.accessModes PVC Access modes
584
##
585
accessModes:
586
- ReadWriteOnce
587
## @param compactor.persistence.size PVC Storage Request for Memcached data volume
588
##
589
size: 8Gi
590
## @param compactor.persistence.annotations Additional PVC annotations
591
##
592
annotations: {}
593
## @param compactor.persistence.selector Selector to match an existing Persistent Volume for Compactor's data PVC
594
## If set, the PVC can't have a PV dynamically provisioned for it
595
## E.g.
596
## selector:
597
## matchLabels:
598
## app: my-app
599
##
600
selector: {}
601
## @param compactor.persistence.dataSource PVC data source
602
##
603
dataSource: {}
604
## @param compactor.enableServiceLinks Whether information about services should be injected into pod's environment variable
605
## The environment variables injected by service links are not used, but can lead to slow boot times or slow running of the scripts when there are many services in the current namespace.
606
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
607
##
608
enableServiceLinks: true
609
## @section Compactor Traffic Exposure Parameters
610
##
611
612
## compactor service parameters
613
##
614
service:
615
## @param compactor.service.type Compactor service type
616
##
617
type: ClusterIP
618
## @param compactor.service.ports.http Compactor HTTP service port
619
## @param compactor.service.ports.grpc Compactor gRPC service port
620
##
621
ports:
622
http: 3100
623
grpc: 9095
624
## Node ports to expose
625
## NOTE: choose port between <30000-32767>
626
## @param compactor.service.nodePorts.http Node port for HTTP
627
##
628
nodePorts:
629
http: ""
630
## @param compactor.service.sessionAffinityConfig Additional settings for the sessionAffinity
631
## sessionAffinityConfig:
632
## clientIP:
633
## timeoutSeconds: 300
634
##
635
sessionAffinityConfig: {}
636
## @param compactor.service.sessionAffinity Control where client requests go, to the same pod or round-robin
637
## Values: ClientIP or None
638
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
639
##
640
sessionAffinity: None
641
## @param compactor.service.clusterIP Compactor service Cluster IP
642
## e.g.:
643
## clusterIP: None
644
##
645
clusterIP: ""
646
## @param compactor.service.loadBalancerIP Compactor service Load Balancer IP
647
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
648
##
649
loadBalancerIP: ""
650
## @param compactor.service.loadBalancerSourceRanges Compactor service Load Balancer sources
651
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
652
## e.g:
653
## loadBalancerSourceRanges:
654
## - 10.10.10.0/24
655
##
656
loadBalancerSourceRanges: []
657
## @param compactor.service.externalTrafficPolicy Compactor service external traffic policy
658
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
659
##
660
externalTrafficPolicy: Cluster
661
## @param compactor.service.annotations Additional custom annotations for Compactor service
662
##
663
annotations: {}
664
## @param compactor.service.extraPorts Extra ports to expose in the Compactor service
665
##
666
extraPorts: []
667
## Network Policies
668
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
669
##
670
networkPolicy:
671
## @param compactor.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
672
##
673
enabled: true
674
## @param compactor.networkPolicy.allowExternal Don't require server label for connections
675
## The Policy model to apply. When set to false, only pods with the correct
676
## server label will have network access to the ports server is listening
677
## on. When true, server will accept connections from any source
678
## (with the correct destination port).
679
##
680
allowExternal: true
681
## @param compactor.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
682
##
683
allowExternalEgress: true
684
## @param compactor.networkPolicy.addExternalClientAccess Allow access from pods with client label set to "true". Ignored if `compactor.networkPolicy.allowExternal` is true.
685
##
686
addExternalClientAccess: true
687
## @param compactor.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
688
## e.g:
689
## extraIngress:
690
## - ports:
691
## - port: 1234
692
## from:
693
## - podSelector:
694
## - matchLabels:
695
## - role: frontend
696
## - podSelector:
697
## - matchExpressions:
698
## - key: role
699
## operator: In
700
## values:
701
## - frontend
702
extraIngress: []
703
## @param compactor.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
704
## e.g:
705
## extraEgress:
706
## - ports:
707
## - port: 1234
708
## to:
709
## - podSelector:
710
## - matchLabels:
711
## - role: frontend
712
## - podSelector:
713
## - matchExpressions:
714
## - key: role
715
## operator: In
716
## values:
717
## - frontend
718
##
719
extraEgress: []
720
## @param compactor.networkPolicy.ingressPodMatchLabels [object] Labels to match to allow traffic from other pods. Ignored if `compactor.networkPolicy.allowExternal` is true.
721
## e.g:
722
## ingressPodMatchLabels:
723
## my-client: "true"
724
#
725
ingressPodMatchLabels: {}
726
## @param compactor.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces. Ignored if `compactor.networkPolicy.allowExternal` is true.
727
## @param compactor.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces. Ignored if `compactor.networkPolicy.allowExternal` is true.
728
##
729
ingressNSMatchLabels: {}
730
ingressNSPodMatchLabels: {}
731
## @section Gateway Deployment Parameters
732
##
733
gateway:
734
## @param gateway.enabled Enable Gateway deployment
735
##
736
enabled: true
737
## Iamguarded Nginx image
738
## @param gateway.image.registry [default: REGISTRY_NAME] Nginx image registry
739
## @param gateway.image.repository [default: REPOSITORY_NAME/nginx] Nginx image repository
740
## @skip gateway.image.tag Nginx image tag (immutable tags are recommended)
741
## @param gateway.image.digest Nginx image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
742
## @param gateway.image.pullPolicy Nginx image pull policy
743
## @param gateway.image.pullSecrets Nginx image pull secrets
744
## @param gateway.image.debug Enable debugging in the initialization process
745
##
746
image:
747
registry: cgr.dev
748
repository: chainguard-private/nginx-iamguarded
749
tag: 1.29.6
750
digest: ""
751
## Specify a imagePullPolicy
752
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
753
##
754
pullPolicy: IfNotPresent
755
## Optionally specify an array of imagePullSecrets.
756
## Secrets must be manually created in the namespace.
757
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
758
## e.g:
759
## pullSecrets:
760
## - myRegistryKeySecretName
761
##
762
pullSecrets: []
763
debug: false
764
## @param gateway.extraEnvVars Array with extra environment variables to add to gateway nodes
765
## e.g:
766
## extraEnvVars:
767
## - name: FOO
768
## value: "bar"
769
##
770
extraEnvVars: []
771
## @param gateway.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for gateway nodes
772
##
773
extraEnvVarsCM: ""
774
## @param gateway.extraEnvVarsSecret Name of existing Secret containing extra env vars for gateway nodes
775
##
776
extraEnvVarsSecret: ""
777
## @param gateway.command Override default container command (useful when using custom images)
778
##
779
command: []
780
## @param gateway.args Override default container args (useful when using custom images)
781
##
782
args: []
783
## @param gateway.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled)
784
##
785
extraArgs: []
786
## @param gateway.verboseLogging Show the gateway access_log
787
##
788
verboseLogging: false
789
## @param gateway.replicaCount Number of Gateway replicas to deploy
790
##
791
replicaCount: 1
792
## @param gateway.auth.enabled Enable basic auth
793
## @param gateway.auth.username Basic auth username
794
## @param gateway.auth.password Basic auth password
795
## @param gateway.auth.existingSecret Name of a secret containing the Basic auth password
796
##
797
auth:
798
enabled: false
799
username: "user"
800
password: ""
801
existingSecret: ""
802
## Configure extra options for Gateway containers' liveness, readiness and startup probes
803
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
804
## @param gateway.livenessProbe.enabled Enable livenessProbe on Gateway nodes
805
## @param gateway.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
806
## @param gateway.livenessProbe.periodSeconds Period seconds for livenessProbe
807
## @param gateway.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
808
## @param gateway.livenessProbe.failureThreshold Failure threshold for livenessProbe
809
## @param gateway.livenessProbe.successThreshold Success threshold for livenessProbe
810
##
811
livenessProbe:
812
enabled: true
813
failureThreshold: 3
814
initialDelaySeconds: 10
815
periodSeconds: 10
816
successThreshold: 1
817
timeoutSeconds: 1
818
## @param gateway.readinessProbe.enabled Enable readinessProbe on Gateway nodes
819
## @param gateway.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
820
## @param gateway.readinessProbe.periodSeconds Period seconds for readinessProbe
821
## @param gateway.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
822
## @param gateway.readinessProbe.failureThreshold Failure threshold for readinessProbe
823
## @param gateway.readinessProbe.successThreshold Success threshold for readinessProbe
824
##
825
readinessProbe:
826
enabled: true
827
failureThreshold: 3
828
initialDelaySeconds: 10
829
periodSeconds: 10
830
successThreshold: 1
831
timeoutSeconds: 1
832
## @param gateway.startupProbe.enabled Enable startupProbe on Gateway containers
833
## @param gateway.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
834
## @param gateway.startupProbe.periodSeconds Period seconds for startupProbe
835
## @param gateway.startupProbe.timeoutSeconds Timeout seconds for startupProbe
836
## @param gateway.startupProbe.failureThreshold Failure threshold for startupProbe
837
## @param gateway.startupProbe.successThreshold Success threshold for startupProbe
838
##
839
startupProbe:
840
enabled: false
841
initialDelaySeconds: 10
842
periodSeconds: 10
843
timeoutSeconds: 1
844
failureThreshold: 15
845
successThreshold: 1
846
## @param gateway.customLivenessProbe Custom livenessProbe that overrides the default one
847
##
848
customLivenessProbe: {}
849
## @param gateway.customReadinessProbe Custom readinessProbe that overrides the default one
850
##
851
customReadinessProbe: {}
852
## @param gateway.customStartupProbe Custom startupProbe that overrides the default one
853
##
854
customStartupProbe: {}
855
## @param gateway.containerPorts.http Gateway HTTP port
856
##
857
containerPorts:
858
http: 8080
859
## gateway resource requests and limits
860
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
861
## @param gateway.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if gateway.resources is set (gateway.resources is recommended for production).
862
##
863
resourcesPreset: "nano"
864
## @param gateway.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
865
## Example:
866
## resources:
867
## requests:
868
## cpu: 2
869
## memory: 512Mi
870
## limits:
871
## cpu: 3
872
## memory: 1024Mi
873
##
874
resources: {}
875
## Configure Pods Security Context
876
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
877
## @param gateway.podSecurityContext.enabled Enabled Gateway pods' Security Context
878
## @param gateway.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
879
## @param gateway.podSecurityContext.sysctls Set kernel settings using the sysctl interface
880
## @param gateway.podSecurityContext.supplementalGroups Set filesystem extra groups
881
## @param gateway.podSecurityContext.fsGroup Set Gateway pod's Security Context fsGroup
882
##
883
podSecurityContext:
884
enabled: true
885
fsGroupChangePolicy: Always
886
sysctls: []
887
supplementalGroups: []
888
fsGroup: 1001
889
## Configure Container Security Context
890
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
891
## @param gateway.containerSecurityContext.enabled Enabled containers' Security Context
892
## @param gateway.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
893
## @param gateway.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
894
## @param gateway.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
895
## @param gateway.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
896
## @param gateway.containerSecurityContext.privileged Set container's Security Context privileged
897
## @param gateway.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
898
## @param gateway.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
899
## @param gateway.containerSecurityContext.capabilities.drop List of capabilities to be dropped
900
## @param gateway.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
901
##
902
containerSecurityContext:
903
enabled: true
904
seLinuxOptions: {}
905
runAsUser: 1001
906
runAsGroup: 1001
907
runAsNonRoot: true
908
privileged: false
909
readOnlyRootFilesystem: true
910
allowPrivilegeEscalation: false
911
capabilities:
912
drop: ["ALL"]
913
seccompProfile:
914
type: "RuntimeDefault"
915
## @param gateway.lifecycleHooks for the gateway container(s) to automate configuration before or after startup
916
##
917
lifecycleHooks: {}
918
## @param gateway.automountServiceAccountToken Mount Service Account token in pod
919
##
920
automountServiceAccountToken: false
921
## @param gateway.hostAliases gateway pods host aliases
922
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
923
##
924
hostAliases: []
925
## @param gateway.podLabels Extra labels for gateway pods
926
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
927
##
928
podLabels: {}
929
## @param gateway.podAnnotations Annotations for gateway pods
930
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
931
##
932
podAnnotations: {}
933
## @param gateway.podAffinityPreset Pod affinity preset. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard`
934
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
935
##
936
podAffinityPreset: ""
937
## @param gateway.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard`
938
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
939
##
940
podAntiAffinityPreset: soft
941
## Node gateway.affinity preset
942
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
943
##
944
nodeAffinityPreset:
945
## @param gateway.nodeAffinityPreset.type Node affinity preset type. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard`
946
##
947
type: ""
948
## @param gateway.nodeAffinityPreset.key Node label key to match. Ignored if `gateway.affinity` is set
949
##
950
key: ""
951
## @param gateway.nodeAffinityPreset.values Node label values to match. Ignored if `gateway.affinity` is set
952
## E.g.
953
## values:
954
## - e2e-az1
955
## - e2e-az2
956
##
957
values: []
958
## @param gateway.affinity Affinity for Gateway pods assignment
959
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
960
## NOTE: `gateway.podAffinityPreset`, `gateway.podAntiAffinityPreset`, and `gateway.nodeAffinityPreset` will be ignored when it's set
961
##
962
affinity: {}
963
## @param gateway.nodeSelector Node labels for Gateway pods assignment
964
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
965
##
966
nodeSelector: {}
967
## @param gateway.tolerations Tolerations for Gateway pods assignment
968
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
969
##
970
tolerations: []
971
## @param gateway.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains
972
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
973
##
974
topologySpreadConstraints: []
975
## @param gateway.priorityClassName Gateway pods' priorityClassName
976
##
977
priorityClassName: ""
978
## @param gateway.schedulerName Kubernetes pod scheduler registry
979
## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
980
##
981
schedulerName: ""
982
## @param gateway.updateStrategy.type Gateway statefulset strategy type
983
## @param gateway.updateStrategy.rollingUpdate [object,nullable] Gateway statefulset rolling update configuration parameters
984
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
985
##
986
updateStrategy:
987
type: RollingUpdate
988
rollingUpdate: null
989
## @param gateway.extraVolumes Optionally specify extra list of additional volumes for the Gateway pod(s)
990
##
991
extraVolumes: []
992
## @param gateway.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Gateway container(s)
993
##
994
extraVolumeMounts: []
995
## @param gateway.sidecars Add additional sidecar containers to the Gateway pod(s)
996
## e.g:
997
## sidecars:
998
## - name: your-image-name
999
## image: your-image
1000
## imagePullPolicy: Always
1001
## ports:
1002
## - name: portname
1003
## containerPort: 1234
1004
##
1005
sidecars: []
1006
## Pod Disruption Budget configuration
1007
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
1008
## @param gateway.pdb.create Enable/disable a Pod Disruption Budget creation
1009
## @param gateway.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
1010
## @param gateway.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `gateway.pdb.minAvailable` and `gateway.pdb.maxUnavailable` are empty.
1011
##
1012
pdb:
1013
create: true
1014
minAvailable: ""
1015
maxUnavailable: ""
1016
## @param gateway.initContainers Add additional init containers to the Gateway pod(s)
1017
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
1018
## e.g:
1019
## initContainers:
1020
## - name: your-image-name
1021
## image: your-image
1022
## imagePullPolicy: Always
1023
## command: ['sh', '-c', 'echo "hello world"']
1024
##
1025
initContainers: []
1026
## @param gateway.enableServiceLinks Whether information about services should be injected into pod's environment variable
1027
## The environment variables injected by service links are not used, but can lead to slow boot times or slow running of the scripts when there are many services in the current namespace.
1028
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
1029
##
1030
enableServiceLinks: true
1031
## @section Gateway Traffic Exposure Parameters
1032
##
1033
1034
## gateway service parameters
1035
##
1036
service:
1037
## @param gateway.service.type Gateway service type
1038
##
1039
type: ClusterIP
1040
## @param gateway.service.ports.http Gateway HTTP service port
1041
##
1042
ports:
1043
http: 80
1044
## Node ports to expose
1045
## NOTE: choose port between <30000-32767>
1046
## @param gateway.service.nodePorts.http Node port for HTTP
1047
##
1048
nodePorts:
1049
http: ""
1050
## @param gateway.service.sessionAffinityConfig Additional settings for the sessionAffinity
1051
## sessionAffinityConfig:
1052
## clientIP:
1053
## timeoutSeconds: 300
1054
##
1055
sessionAffinityConfig: {}
1056
## @param gateway.service.sessionAffinity Control where client requests go, to the same pod or round-robin
1057
## Values: ClientIP or None
1058
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
1059
##
1060
sessionAffinity: None
1061
## @param gateway.service.clusterIP Gateway service Cluster IP
1062
## e.g.:
1063
## clusterIP: None
1064
##
1065
clusterIP: ""
1066
## @param gateway.service.loadBalancerIP Gateway service Load Balancer IP
1067
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1068
##
1069
loadBalancerIP: ""
1070
## @param gateway.service.loadBalancerSourceRanges Gateway service Load Balancer sources
1071
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1072
## e.g:
1073
## loadBalancerSourceRanges:
1074
## - 10.10.10.0/24
1075
##
1076
loadBalancerSourceRanges: []
1077
## @param gateway.service.externalTrafficPolicy Gateway service external traffic policy
1078
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1079
##
1080
externalTrafficPolicy: Cluster
1081
## @param gateway.service.annotations Additional custom annotations for Gateway service
1082
##
1083
annotations: {}
1084
## @param gateway.service.extraPorts Extra ports to expose in the Gateway service
1085
##
1086
extraPorts: []
1087
## @param gateway.service.nginx.config to override configurations i.e (client_max_body_size) in nginx http block
1088
##
1089
nginx:
1090
config: ""
1091
## Network Policies
1092
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1093
##
1094
networkPolicy:
1095
## @param gateway.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
1096
##
1097
enabled: true
1098
## @param gateway.networkPolicy.allowExternal Don't require server label for connections
1099
## The Policy model to apply. When set to false, only pods with the correct
1100
## server label will have network access to the ports server is listening
1101
## on. When true, server will accept connections from any source
1102
## (with the correct destination port).
1103
##
1104
allowExternal: true
1105
## @param gateway.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1106
##
1107
allowExternalEgress: true
1108
## @param gateway.networkPolicy.addExternalClientAccess Allow access from pods with client label set to "true". Ignored if `gateway.networkPolicy.allowExternal` is true.
1109
##
1110
addExternalClientAccess: true
1111
## @param gateway.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
1112
## e.g:
1113
## extraIngress:
1114
## - ports:
1115
## - port: 1234
1116
## from:
1117
## - podSelector:
1118
## - matchLabels:
1119
## - role: frontend
1120
## - podSelector:
1121
## - matchExpressions:
1122
## - key: role
1123
## operator: In
1124
## values:
1125
## - frontend
1126
extraIngress: []
1127
## @param gateway.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
1128
## e.g:
1129
## extraEgress:
1130
## - ports:
1131
## - port: 1234
1132
## to:
1133
## - podSelector:
1134
## - matchLabels:
1135
## - role: frontend
1136
## - podSelector:
1137
## - matchExpressions:
1138
## - key: role
1139
## operator: In
1140
## values:
1141
## - frontend
1142
##
1143
extraEgress: []
1144
## @param gateway.networkPolicy.ingressPodMatchLabels [object] Labels to match to allow traffic from other pods. Ignored if `gateway.networkPolicy.allowExternal` is true.
1145
## e.g:
1146
## ingressPodMatchLabels:
1147
## my-client: "true"
1148
#
1149
ingressPodMatchLabels: {}
1150
## @param gateway.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces. Ignored if `gateway.networkPolicy.allowExternal` is true.
1151
## @param gateway.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces. Ignored if `gateway.networkPolicy.allowExternal` is true.
1152
##
1153
ingressNSMatchLabels: {}
1154
ingressNSPodMatchLabels: {}
1155
## Configure the ingress resource that allows you to access the Loki Gateway installation
1156
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
1157
##
1158
ingress:
1159
## @param gateway.ingress.enabled Enable ingress record generation for Loki Gateway
1160
##
1161
enabled: false
1162
## @param gateway.ingress.pathType Ingress path type
1163
##
1164
pathType: ImplementationSpecific
1165
## @param gateway.ingress.apiVersion Force Ingress API version (automatically detected if not set)
1166
##
1167
apiVersion: ""
1168
## @param gateway.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
1169
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
1170
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
1171
##
1172
ingressClassName: ""
1173
## @param gateway.ingress.hostname Default host for the ingress record
1174
##
1175
hostname: grafana-loki.local
1176
## @param gateway.ingress.path Default path for the ingress record
1177
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
1178
##
1179
path: /
1180
## @param gateway.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
1181
## For a full list of possible ingress annotations, please see
1182
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
1183
## Use this parameter to set the required annotations for cert-manager, see
1184
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
1185
##
1186
## e.g:
1187
## annotations:
1188
## kubernetes.io/ingress.class: nginx
1189
## cert-manager.io/cluster-issuer: cluster-issuer-name
1190
##
1191
annotations: {}
1192
## @param gateway.ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
1193
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
1194
## You can:
1195
## - Use the `ingress.secrets` parameter to create this TLS secret
1196
## - Rely on cert-manager to create it by setting the corresponding annotations
1197
## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
1198
##
1199
tls: false
1200
## @param gateway.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
1201
##
1202
selfSigned: false
1203
## @param gateway.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
1204
## e.g:
1205
## extraHosts:
1206
## - name: Loki Gateway.local
1207
## path: /
1208
##
1209
extraHosts: []
1210
## @param gateway.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
1211
## e.g:
1212
## extraPaths:
1213
## - path: /*
1214
## backend:
1215
## serviceName: ssl-redirect
1216
## servicePort: use-annotation
1217
##
1218
extraPaths: []
1219
## @param gateway.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
1220
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
1221
## e.g:
1222
## extraTls:
1223
## - hosts:
1224
## - Loki Gateway.local
1225
## secretName: Loki Gateway.local-tls
1226
##
1227
extraTls: []
1228
## @param gateway.ingress.secrets Custom TLS certificates as secrets
1229
## NOTE: 'key' and 'certificate' are expected in PEM format
1230
## NOTE: 'name' should line up with a 'secretName' set further up
1231
## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
1232
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
1233
## It is also possible to create and manage the certificates outside of this helm chart
1234
## Please see README.md for more information
1235
## e.g:
1236
## secrets:
1237
## - name: Loki Gateway.local-tls
1238
## key: |-
1239
## -----BEGIN RSA PRIVATE KEY-----
1240
## ...
1241
## -----END RSA PRIVATE KEY-----
1242
## certificate: |-
1243
## -----BEGIN CERTIFICATE-----
1244
## ...
1245
## -----END CERTIFICATE-----
1246
##
1247
secrets: []
1248
## @section index-gateway Deployment Parameters
1249
##
1250
indexGateway:
1251
## @param indexGateway.enabled Enable index-gateway deployment
1252
##
1253
enabled: false
1254
## @param indexGateway.extraEnvVars Array with extra environment variables to add to indexGateway nodes
1255
## e.g:
1256
## extraEnvVars:
1257
## - name: FOO
1258
## value: "bar"
1259
##
1260
extraEnvVars: []
1261
## @param indexGateway.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for indexGateway nodes
1262
##
1263
extraEnvVarsCM: ""
1264
## @param indexGateway.extraEnvVarsSecret Name of existing Secret containing extra env vars for indexGateway nodes
1265
##
1266
extraEnvVarsSecret: ""
1267
## @param indexGateway.command Override default container command (useful when using custom images)
1268
##
1269
command: []
1270
## @param indexGateway.args Override default container args (useful when using custom images)
1271
##
1272
args: []
1273
## @param indexGateway.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled)
1274
##
1275
extraArgs: []
1276
## @param indexGateway.replicaCount Number of index-gateway replicas to deploy
1277
##
1278
replicaCount: 1
1279
## @param indexGateway.podManagementPolicy podManagementPolicy to manage scaling operation
1280
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
1281
##
1282
podManagementPolicy: ""
1283
## Configure extra options for index-gateway containers' liveness, readiness and startup probes
1284
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
1285
## @param indexGateway.livenessProbe.enabled Enable livenessProbe on index-gateway nodes
1286
## @param indexGateway.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1287
## @param indexGateway.livenessProbe.periodSeconds Period seconds for livenessProbe
1288
## @param indexGateway.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1289
## @param indexGateway.livenessProbe.failureThreshold Failure threshold for livenessProbe
1290
## @param indexGateway.livenessProbe.successThreshold Success threshold for livenessProbe
1291
##
1292
livenessProbe:
1293
enabled: true
1294
failureThreshold: 3
1295
initialDelaySeconds: 60
1296
periodSeconds: 10
1297
successThreshold: 1
1298
timeoutSeconds: 1
1299
## @param indexGateway.readinessProbe.enabled Enable readinessProbe on index-gateway nodes
1300
## @param indexGateway.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1301
## @param indexGateway.readinessProbe.periodSeconds Period seconds for readinessProbe
1302
## @param indexGateway.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1303
## @param indexGateway.readinessProbe.failureThreshold Failure threshold for readinessProbe
1304
## @param indexGateway.readinessProbe.successThreshold Success threshold for readinessProbe
1305
##
1306
readinessProbe:
1307
enabled: true
1308
failureThreshold: 3
1309
initialDelaySeconds: 60
1310
periodSeconds: 10
1311
successThreshold: 1
1312
timeoutSeconds: 1
1313
## @param indexGateway.startupProbe.enabled Enable startupProbe on index-gateway containers
1314
## @param indexGateway.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1315
## @param indexGateway.startupProbe.periodSeconds Period seconds for startupProbe
1316
## @param indexGateway.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1317
## @param indexGateway.startupProbe.failureThreshold Failure threshold for startupProbe
1318
## @param indexGateway.startupProbe.successThreshold Success threshold for startupProbe
1319
##
1320
startupProbe:
1321
enabled: false
1322
initialDelaySeconds: 30
1323
periodSeconds: 10
1324
timeoutSeconds: 1
1325
failureThreshold: 15
1326
successThreshold: 1
1327
## @param indexGateway.customLivenessProbe Custom livenessProbe that overrides the default one
1328
##
1329
customLivenessProbe: {}
1330
## @param indexGateway.customReadinessProbe Custom readinessProbe that overrides the default one
1331
##
1332
customReadinessProbe: {}
1333
## @param indexGateway.customStartupProbe Custom startupProbe that overrides the default one
1334
##
1335
customStartupProbe: {}
1336
## indexGateway resource requests and limits
1337
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1338
## @param indexGateway.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if indexGateway.resources is set (indexGateway.resources is recommended for production).
1339
##
1340
resourcesPreset: "nano"
1341
## @param indexGateway.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1342
## Example:
1343
## resources:
1344
## requests:
1345
## cpu: 2
1346
## memory: 512Mi
1347
## limits:
1348
## cpu: 3
1349
## memory: 1024Mi
1350
##
1351
resources: {}
1352
## Configure Pods Security Context
1353
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1354
## @param indexGateway.podSecurityContext.enabled Enabled index-gateway pods' Security Context
1355
## @param indexGateway.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
1356
## @param indexGateway.podSecurityContext.sysctls Set kernel settings using the sysctl interface
1357
## @param indexGateway.podSecurityContext.supplementalGroups Set filesystem extra groups
1358
## @param indexGateway.podSecurityContext.fsGroup Set index-gateway pod's Security Context fsGroup
1359
##
1360
podSecurityContext:
1361
enabled: true
1362
fsGroupChangePolicy: Always
1363
sysctls: []
1364
supplementalGroups: []
1365
fsGroup: 1001
1366
## Configure Container Security Context
1367
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1368
## @param indexGateway.containerSecurityContext.enabled Enabled containers' Security Context
1369
## @param indexGateway.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1370
## @param indexGateway.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
1371
## @param indexGateway.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
1372
## @param indexGateway.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
1373
## @param indexGateway.containerSecurityContext.privileged Set container's Security Context privileged
1374
## @param indexGateway.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
1375
## @param indexGateway.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
1376
## @param indexGateway.containerSecurityContext.capabilities.drop List of capabilities to be dropped
1377
## @param indexGateway.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1378
##
1379
containerSecurityContext:
1380
enabled: true
1381
seLinuxOptions: {}
1382
runAsUser: 1001
1383
runAsGroup: 1001
1384
runAsNonRoot: true
1385
privileged: false
1386
readOnlyRootFilesystem: true
1387
allowPrivilegeEscalation: false
1388
capabilities:
1389
drop: ["ALL"]
1390
seccompProfile:
1391
type: "RuntimeDefault"
1392
## @param indexGateway.lifecycleHooks for the indexGateway container(s) to automate configuration before or after startup
1393
##
1394
lifecycleHooks: {}
1395
## @param indexGateway.automountServiceAccountToken Mount Service Account token in pod
1396
##
1397
automountServiceAccountToken: false
1398
## @param indexGateway.hostAliases indexGateway pods host aliases
1399
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1400
##
1401
hostAliases: []
1402
## @param indexGateway.podLabels Extra labels for indexGateway pods
1403
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1404
##
1405
podLabels: {}
1406
## @param indexGateway.podAnnotations Annotations for indexGateway pods
1407
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1408
##
1409
podAnnotations: {}
1410
## @param indexGateway.podAffinityPreset Pod affinity preset. Ignored if `indexGateway.affinity` is set. Allowed values: `soft` or `hard`
1411
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1412
##
1413
podAffinityPreset: ""
1414
## @param indexGateway.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `indexGateway.affinity` is set. Allowed values: `soft` or `hard`
1415
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1416
##
1417
podAntiAffinityPreset: soft
1418
## Node indexGateway.affinity preset
1419
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1420
##
1421
nodeAffinityPreset:
1422
## @param indexGateway.nodeAffinityPreset.type Node affinity preset type. Ignored if `indexGateway.affinity` is set. Allowed values: `soft` or `hard`
1423
##
1424
type: ""
1425
## @param indexGateway.nodeAffinityPreset.key Node label key to match. Ignored if `indexGateway.affinity` is set
1426
##
1427
key: ""
1428
## @param indexGateway.nodeAffinityPreset.values Node label values to match. Ignored if `indexGateway.affinity` is set
1429
## E.g.
1430
## values:
1431
## - e2e-az1
1432
## - e2e-az2
1433
##
1434
values: []
1435
## @param indexGateway.affinity Affinity for index-gateway pods assignment
1436
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1437
## NOTE: `indexGateway.podAffinityPreset`, `indexGateway.podAntiAffinityPreset`, and `indexGateway.nodeAffinityPreset` will be ignored when it's set
1438
##
1439
affinity: {}
1440
## @param indexGateway.nodeSelector Node labels for index-gateway pods assignment
1441
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1442
##
1443
nodeSelector: {}
1444
## @param indexGateway.tolerations Tolerations for index-gateway pods assignment
1445
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1446
##
1447
tolerations: []
1448
## @param indexGateway.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains
1449
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
1450
##
1451
topologySpreadConstraints: []
1452
## @param indexGateway.priorityClassName index-gateway pods' priorityClassName
1453
##
1454
priorityClassName: ""
1455
## @param indexGateway.schedulerName Kubernetes pod scheduler registry
1456
## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
1457
##
1458
schedulerName: ""
1459
## @param indexGateway.updateStrategy.type index-gateway statefulset strategy type
1460
## @param indexGateway.updateStrategy.rollingUpdate [object,nullable] index-gateway statefulset rolling update configuration parameters
1461
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
1462
##
1463
updateStrategy:
1464
type: RollingUpdate
1465
rollingUpdate: null
1466
## @param indexGateway.extraVolumes Optionally specify extra list of additional volumes for the index-gateway pod(s)
1467
##
1468
extraVolumes: []
1469
## @param indexGateway.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the index-gateway container(s)
1470
##
1471
extraVolumeMounts: []
1472
## @param indexGateway.sidecars Add additional sidecar containers to the index-gateway pod(s)
1473
## e.g:
1474
## sidecars:
1475
## - name: your-image-name
1476
## image: your-image
1477
## imagePullPolicy: Always
1478
## ports:
1479
## - name: portname
1480
## containerPort: 1234
1481
##
1482
sidecars: []
1483
## @param indexGateway.initContainers Add additional init containers to the index-gateway pod(s)
1484
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
1485
## e.g:
1486
## initContainers:
1487
## - name: your-image-name
1488
## image: your-image
1489
## imagePullPolicy: Always
1490
## command: ['sh', '-c', 'echo "hello world"']
1491
##
1492
initContainers: []
1493
## @param indexGateway.enableServiceLinks Whether information about services should be injected into pod's environment variable
1494
## The environment variables injected by service links are not used, but can lead to slow boot times or slow running of the scripts when there are many services in the current namespace.
1495
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
1496
##
1497
enableServiceLinks: true
1498
## Pod Disruption Budget configuration
1499
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
1500
## @param indexGateway.pdb.create Enable/disable a Pod Disruption Budget creation
1501
## @param indexGateway.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
1502
## @param indexGateway.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `indexGateway.pdb.minAvailable` and `indexGateway.pdb.maxUnavailable` are empty.
1503
##
1504
pdb:
1505
create: true
1506
minAvailable: ""
1507
maxUnavailable: ""
1508
## @section index-gateway Persistence Parameters
1509
##
1510
1511
## Enable persistence using Persistent Volume Claims
1512
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
1513
##
1514
persistence:
1515
## @param indexGateway.persistence.enabled Enable persistence in index-gateway instances
1516
##
1517
enabled: false
1518
## @param indexGateway.persistence.storageClass PVC Storage Class for index-gateway's data volume
1519
## If defined, storageClassName: <storageClass>
1520
## If set to "-", storageClassName: "", which disables dynamic provisioning
1521
## If undefined (the default) or set to null, no storageClassName spec is
1522
## set, choosing the default provisioner. (gp2 on AWS, standard on
1523
## GKE, AWS & OpenStack)
1524
##
1525
storageClass: ""
1526
## @param indexGateway.persistence.subPath The subdirectory of the volume to mount to
1527
##
1528
subPath: ""
1529
## @param indexGateway.persistence.accessModes PVC Access modes
1530
##
1531
accessModes:
1532
- ReadWriteOnce
1533
## @param indexGateway.persistence.size PVC Storage Request for index-gateway's data volume
1534
##
1535
size: 8Gi
1536
## @param indexGateway.persistence.annotations Additional PVC annotations
1537
##
1538
annotations: {}
1539
## @param indexGateway.persistence.selector Selector to match an existing Persistent Volume for index-gateway's data PVC
1540
## If set, the PVC can't have a PV dynamically provisioned for it
1541
## E.g.
1542
## selector:
1543
## matchLabels:
1544
## app: my-app
1545
##
1546
selector: {}
1547
## @section index-gateway Traffic Exposure Parameters
1548
##
1549
1550
## indexGateway service parameters
1551
##
1552
service:
1553
## @param indexGateway.service.type index-gateway service type
1554
##
1555
type: ClusterIP
1556
## @param indexGateway.service.ports.http index-gateway HTTP service port
1557
## @param indexGateway.service.ports.grpc index-gateway GRPC service port
1558
##
1559
ports:
1560
http: 3100
1561
grpc: 9095
1562
## Node ports to expose
1563
## NOTE: choose port between <30000-32767>
1564
## @param indexGateway.service.nodePorts.http Node port for HTTP
1565
## @param indexGateway.service.nodePorts.grpc Node port for GRPC
1566
##
1567
nodePorts:
1568
http: ""
1569
grpc: ""
1570
## @param indexGateway.service.sessionAffinityConfig Additional settings for the sessionAffinity
1571
## sessionAffinityConfig:
1572
## clientIP:
1573
## timeoutSeconds: 300
1574
##
1575
sessionAffinityConfig: {}
1576
## @param indexGateway.service.sessionAffinity Control where client requests go, to the same pod or round-robin
1577
## Values: ClientIP or None
1578
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
1579
##
1580
sessionAffinity: None
1581
## @param indexGateway.service.clusterIP index-gateway service Cluster IP
1582
## e.g.:
1583
## clusterIP: None
1584
##
1585
clusterIP: ""
1586
## @param indexGateway.service.loadBalancerIP index-gateway service Load Balancer IP
1587
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1588
##
1589
loadBalancerIP: ""
1590
## @param indexGateway.service.loadBalancerSourceRanges index-gateway service Load Balancer sources
1591
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1592
## e.g:
1593
## loadBalancerSourceRanges:
1594
## - 10.10.10.0/24
1595
##
1596
loadBalancerSourceRanges: []
1597
## @param indexGateway.service.externalTrafficPolicy index-gateway service external traffic policy
1598
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1599
##
1600
externalTrafficPolicy: Cluster
1601
## @param indexGateway.service.annotations Additional custom annotations for index-gateway service
1602
##
1603
annotations: {}
1604
## @param indexGateway.service.extraPorts Extra ports to expose in the index-gateway service
1605
##
1606
extraPorts: []
1607
## Network Policies
1608
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1609
##
1610
networkPolicy:
1611
## @param indexGateway.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
1612
##
1613
enabled: true
1614
## @param indexGateway.networkPolicy.allowExternal Don't require server label for connections
1615
## The Policy model to apply. When set to false, only pods with the correct
1616
## server label will have network access to the ports server is listening
1617
## on. When true, server will accept connections from any source
1618
## (with the correct destination port).
1619
##
1620
allowExternal: true
1621
## @param indexGateway.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1622
##
1623
allowExternalEgress: true
1624
## @param indexGateway.networkPolicy.addExternalClientAccess Allow access from pods with client label set to "true". Ignored if `indexGateway.networkPolicy.allowExternal` is true.
1625
##
1626
addExternalClientAccess: true
1627
## @param indexGateway.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
1628
## e.g:
1629
## extraIngress:
1630
## - ports:
1631
## - port: 1234
1632
## from:
1633
## - podSelector:
1634
## - matchLabels:
1635
## - role: frontend
1636
## - podSelector:
1637
## - matchExpressions:
1638
## - key: role
1639
## operator: In
1640
## values:
1641
## - frontend
1642
extraIngress: []
1643
## @param indexGateway.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
1644
## e.g:
1645
## extraEgress:
1646
## - ports:
1647
## - port: 1234
1648
## to:
1649
## - podSelector:
1650
## - matchLabels:
1651
## - role: frontend
1652
## - podSelector:
1653
## - matchExpressions:
1654
## - key: role
1655
## operator: In
1656
## values:
1657
## - frontend
1658
##
1659
extraEgress: []
1660
## @param indexGateway.networkPolicy.ingressPodMatchLabels [object] Labels to match to allow traffic from other pods. Ignored if `indexGateway.networkPolicy.allowExternal` is true.
1661
## e.g:
1662
## ingressPodMatchLabels:
1663
## my-client: "true"
1664
#
1665
ingressPodMatchLabels: {}
1666
## @param indexGateway.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces. Ignored if `indexGateway.networkPolicy.allowExternal` is true.
1667
## @param indexGateway.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces. Ignored if `indexGateway.networkPolicy.allowExternal` is true.
1668
##
1669
ingressNSMatchLabels: {}
1670
ingressNSPodMatchLabels: {}
1671
## @section Distributor Deployment Parameters
1672
##
1673
distributor:
1674
## @param distributor.extraEnvVars Array with extra environment variables to add to distributor nodes
1675
## e.g:
1676
## extraEnvVars:
1677
## - name: FOO
1678
## value: "bar"
1679
##
1680
extraEnvVars: []
1681
## @param distributor.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for distributor nodes
1682
##
1683
extraEnvVarsCM: ""
1684
## @param distributor.extraEnvVarsSecret Name of existing Secret containing extra env vars for distributor nodes
1685
##
1686
extraEnvVarsSecret: ""
1687
## @param distributor.command Override default container command (useful when using custom images)
1688
##
1689
command: []
1690
## @param distributor.args Override default container args (useful when using custom images)
1691
##
1692
args: []
1693
## @param distributor.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled)
1694
##
1695
extraArgs: []
1696
## @param distributor.replicaCount Number of Distributor replicas to deploy
1697
##
1698
replicaCount: 1
1699
## Configure extra options for Distributor containers' liveness, readiness and startup probes
1700
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
1701
## @param distributor.livenessProbe.enabled Enable livenessProbe on Distributor nodes
1702
## @param distributor.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1703
## @param distributor.livenessProbe.periodSeconds Period seconds for livenessProbe
1704
## @param distributor.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1705
## @param distributor.livenessProbe.failureThreshold Failure threshold for livenessProbe
1706
## @param distributor.livenessProbe.successThreshold Success threshold for livenessProbe
1707
##
1708
livenessProbe:
1709
enabled: true
1710
failureThreshold: 3
1711
initialDelaySeconds: 10
1712
periodSeconds: 10
1713
successThreshold: 1
1714
timeoutSeconds: 1
1715
## @param distributor.readinessProbe.enabled Enable readinessProbe on Distributor nodes
1716
## @param distributor.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1717
## @param distributor.readinessProbe.periodSeconds Period seconds for readinessProbe
1718
## @param distributor.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1719
## @param distributor.readinessProbe.failureThreshold Failure threshold for readinessProbe
1720
## @param distributor.readinessProbe.successThreshold Success threshold for readinessProbe
1721
##
1722
readinessProbe:
1723
enabled: true
1724
failureThreshold: 3
1725
initialDelaySeconds: 10
1726
periodSeconds: 10
1727
successThreshold: 1
1728
timeoutSeconds: 1
1729
## @param distributor.startupProbe.enabled Enable startupProbe on Distributor containers
1730
## @param distributor.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1731
## @param distributor.startupProbe.periodSeconds Period seconds for startupProbe
1732
## @param distributor.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1733
## @param distributor.startupProbe.failureThreshold Failure threshold for startupProbe
1734
## @param distributor.startupProbe.successThreshold Success threshold for startupProbe
1735
##
1736
startupProbe:
1737
enabled: false
1738
initialDelaySeconds: 30
1739
periodSeconds: 10
1740
timeoutSeconds: 1
1741
failureThreshold: 15
1742
successThreshold: 1
1743
## @param distributor.customLivenessProbe Custom livenessProbe that overrides the default one
1744
##
1745
customLivenessProbe: {}
1746
## @param distributor.customReadinessProbe Custom readinessProbe that overrides the default one
1747
##
1748
customReadinessProbe: {}
1749
## @param distributor.customStartupProbe Custom startupProbe that overrides the default one
1750
##
1751
customStartupProbe: {}
1752
## distributor resource requests and limits
1753
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1754
## @param distributor.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if distributor.resources is set (distributor.resources is recommended for production).
1755
##
1756
resourcesPreset: "nano"
1757
## @param distributor.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1758
## Example:
1759
## resources:
1760
## requests:
1761
## cpu: 2
1762
## memory: 512Mi
1763
## limits:
1764
## cpu: 3
1765
## memory: 1024Mi
1766
##
1767
resources: {}
1768
## Configure Pods Security Context
1769
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1770
## @param distributor.podSecurityContext.enabled Enabled Distributor pods' Security Context
1771
## @param distributor.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
1772
## @param distributor.podSecurityContext.sysctls Set kernel settings using the sysctl interface
1773
## @param distributor.podSecurityContext.supplementalGroups Set filesystem extra groups
1774
## @param distributor.podSecurityContext.fsGroup Set Distributor pod's Security Context fsGroup
1775
##
1776
podSecurityContext:
1777
enabled: true
1778
fsGroupChangePolicy: Always
1779
sysctls: []
1780
supplementalGroups: []
1781
fsGroup: 1001
1782
## Configure Container Security Context
1783
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1784
## @param distributor.containerSecurityContext.enabled Enabled containers' Security Context
1785
## @param distributor.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1786
## @param distributor.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
1787
## @param distributor.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
1788
## @param distributor.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
1789
## @param distributor.containerSecurityContext.privileged Set container's Security Context privileged
1790
## @param distributor.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
1791
## @param distributor.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
1792
## @param distributor.containerSecurityContext.capabilities.drop List of capabilities to be dropped
1793
## @param distributor.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1794
##
1795
containerSecurityContext:
1796
enabled: true
1797
seLinuxOptions: {}
1798
runAsUser: 1001
1799
runAsGroup: 1001
1800
runAsNonRoot: true
1801
privileged: false
1802
readOnlyRootFilesystem: true
1803
allowPrivilegeEscalation: false
1804
capabilities:
1805
drop: ["ALL"]
1806
seccompProfile:
1807
type: "RuntimeDefault"
1808
## @param distributor.lifecycleHooks for the distributor container(s) to automate configuration before or after startup
1809
##
1810
lifecycleHooks: {}
1811
## @param distributor.automountServiceAccountToken Mount Service Account token in pod
1812
##
1813
automountServiceAccountToken: false
1814
## @param distributor.hostAliases distributor pods host aliases
1815
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1816
##
1817
hostAliases: []
1818
## @param distributor.podLabels Extra labels for distributor pods
1819
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1820
##
1821
podLabels: {}
1822
## @param distributor.podAnnotations Annotations for distributor pods
1823
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1824
##
1825
podAnnotations: {}
1826
## @param distributor.podAffinityPreset Pod affinity preset. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard`
1827
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1828
##
1829
podAffinityPreset: ""
1830
## @param distributor.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard`
1831
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1832
##
1833
podAntiAffinityPreset: soft
1834
## Node distributor.affinity preset
1835
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1836
##
1837
nodeAffinityPreset:
1838
## @param distributor.nodeAffinityPreset.type Node affinity preset type. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard`
1839
##
1840
type: ""
1841
## @param distributor.nodeAffinityPreset.key Node label key to match. Ignored if `distributor.affinity` is set
1842
##
1843
key: ""
1844
## @param distributor.nodeAffinityPreset.values Node label values to match. Ignored if `distributor.affinity` is set
1845
## E.g.
1846
## values:
1847
## - e2e-az1
1848
## - e2e-az2
1849
##
1850
values: []
1851
## @param distributor.affinity Affinity for Distributor pods assignment
1852
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1853
## NOTE: `distributor.podAffinityPreset`, `distributor.podAntiAffinityPreset`, and `distributor.nodeAffinityPreset` will be ignored when it's set
1854
##
1855
affinity: {}
1856
## @param distributor.nodeSelector Node labels for Distributor pods assignment
1857
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1858
##
1859
nodeSelector: {}
1860
## @param distributor.tolerations Tolerations for Distributor pods assignment
1861
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1862
##
1863
tolerations: []
1864
## @param distributor.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains
1865
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
1866
##
1867
topologySpreadConstraints: []
1868
## @param distributor.priorityClassName Distributor pods' priorityClassName
1869
##
1870
priorityClassName: ""
1871
## @param distributor.schedulerName Kubernetes pod scheduler registry
1872
## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
1873
##
1874
schedulerName: ""
1875
## @param distributor.updateStrategy.type Distributor statefulset strategy type
1876
## @param distributor.updateStrategy.rollingUpdate [object,nullable] Distributor statefulset rolling update configuration parameters
1877
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
1878
##
1879
updateStrategy:
1880
type: RollingUpdate
1881
rollingUpdate: null
1882
## @param distributor.extraVolumes Optionally specify extra list of additional volumes for the Distributor pod(s)
1883
##
1884
extraVolumes: []
1885
## @param distributor.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Distributor container(s)
1886
##
1887
extraVolumeMounts: []
1888
## @param distributor.sidecars Add additional sidecar containers to the Distributor pod(s)
1889
## e.g:
1890
## sidecars:
1891
## - name: your-image-name
1892
## image: your-image
1893
## imagePullPolicy: Always
1894
## ports:
1895
## - name: portname
1896
## containerPort: 1234
1897
##
1898
sidecars: []
1899
## @param distributor.initContainers Add additional init containers to the Distributor pod(s)
1900
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
1901
## e.g:
1902
## initContainers:
1903
## - name: your-image-name
1904
## image: your-image
1905
## imagePullPolicy: Always
1906
## command: ['sh', '-c', 'echo "hello world"']
1907
##
1908
initContainers: []
1909
## @param distributor.enableServiceLinks Whether information about services should be injected into pod's environment variable
1910
## The environment variables injected by service links are not used, but can lead to slow boot times or slow running of the scripts when there are many services in the current namespace.
1911
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
1912
##
1913
enableServiceLinks: true
1914
## Pod Disruption Budget configuration
1915
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
1916
## @param distributor.pdb.create Enable/disable a Pod Disruption Budget creation
1917
## @param distributor.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
1918
## @param distributor.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `distributor.pdb.minAvailable` and `distributor.pdb.maxUnavailable` are empty.
1919
##
1920
pdb:
1921
create: true
1922
minAvailable: ""
1923
maxUnavailable: ""
1924
## @section Distributor Traffic Exposure Parameters
1925
##
1926
1927
## distributor service parameters
1928
##
1929
service:
1930
## @param distributor.service.type Distributor service type
1931
##
1932
type: ClusterIP
1933
## @param distributor.service.ports.http Distributor HTTP service port
1934
## @param distributor.service.ports.grpc Distributor GRPC service port
1935
##
1936
ports:
1937
http: 3100
1938
grpc: 9095
1939
## Node ports to expose
1940
## NOTE: choose port between <30000-32767>
1941
## @param distributor.service.nodePorts.http Node port for HTTP
1942
## @param distributor.service.nodePorts.grpc Node port for GRPC
1943
##
1944
nodePorts:
1945
http: ""
1946
grpc: ""
1947
## @param distributor.service.sessionAffinityConfig Additional settings for the sessionAffinity
1948
## sessionAffinityConfig:
1949
## clientIP:
1950
## timeoutSeconds: 300
1951
##
1952
sessionAffinityConfig: {}
1953
## @param distributor.service.sessionAffinity Control where client requests go, to the same pod or round-robin
1954
## Values: ClientIP or None
1955
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
1956
##
1957
sessionAffinity: None
1958
## @param distributor.service.clusterIP Distributor service Cluster IP
1959
## e.g.:
1960
## clusterIP: None
1961
##
1962
clusterIP: ""
1963
## @param distributor.service.loadBalancerIP Distributor service Load Balancer IP
1964
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1965
##
1966
loadBalancerIP: ""
1967
## @param distributor.service.loadBalancerSourceRanges Distributor service Load Balancer sources
1968
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1969
## e.g:
1970
## loadBalancerSourceRanges:
1971
## - 10.10.10.0/24
1972
##
1973
loadBalancerSourceRanges: []
1974
## @param distributor.service.externalTrafficPolicy Distributor service external traffic policy
1975
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1976
##
1977
externalTrafficPolicy: Cluster
1978
## @param distributor.service.annotations Additional custom annotations for Distributor service
1979
##
1980
annotations: {}
1981
## @param distributor.service.extraPorts Extra ports to expose in the Distributor service
1982
##
1983
extraPorts: []
1984
## Network Policies
1985
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1986
##
1987
networkPolicy:
1988
## @param distributor.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
1989
##
1990
enabled: true
1991
## @param distributor.networkPolicy.allowExternal Don't require server label for connections
1992
## The Policy model to apply. When set to false, only pods with the correct
1993
## server label will have network access to the ports server is listening
1994
## on. When true, server will accept connections from any source
1995
## (with the correct destination port).
1996
##
1997
allowExternal: true
1998
## @param distributor.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1999
##
2000
allowExternalEgress: true
2001
## @param distributor.networkPolicy.addExternalClientAccess Allow access from pods with client label set to "true". Ignored if `distributor.networkPolicy.allowExternal` is true.
2002
##
2003
addExternalClientAccess: true
2004
## @param distributor.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
2005
## e.g:
2006
## extraIngress:
2007
## - ports:
2008
## - port: 1234
2009
## from:
2010
## - podSelector:
2011
## - matchLabels:
2012
## - role: frontend
2013
## - podSelector:
2014
## - matchExpressions:
2015
## - key: role
2016
## operator: In
2017
## values:
2018
## - frontend
2019
extraIngress: []
2020
## @param distributor.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
2021
## e.g:
2022
## extraEgress:
2023
## - ports:
2024
## - port: 1234
2025
## to:
2026
## - podSelector:
2027
## - matchLabels:
2028
## - role: frontend
2029
## - podSelector:
2030
## - matchExpressions:
2031
## - key: role
2032
## operator: In
2033
## values:
2034
## - frontend
2035
##
2036
extraEgress: []
2037
## @param distributor.networkPolicy.ingressPodMatchLabels [object] Labels to match to allow traffic from other pods. Ignored if `distributor.networkPolicy.allowExternal` is true.
2038
## e.g:
2039
## ingressPodMatchLabels:
2040
## my-client: "true"
2041
#
2042
ingressPodMatchLabels: {}
2043
## @param distributor.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces. Ignored if `distributor.networkPolicy.allowExternal` is true.
2044
## @param distributor.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces. Ignored if `distributor.networkPolicy.allowExternal` is true.
2045
##
2046
ingressNSMatchLabels: {}
2047
ingressNSPodMatchLabels: {}
2048
## @section Ingester Deployment Parameters
2049
##
2050
ingester:
2051
## @param ingester.extraEnvVars Array with extra environment variables to add to ingester nodes
2052
## e.g:
2053
## extraEnvVars:
2054
## - name: FOO
2055
## value: "bar"
2056
##
2057
extraEnvVars: []
2058
## @param ingester.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for ingester nodes
2059
##
2060
extraEnvVarsCM: ""
2061
## @param ingester.extraEnvVarsSecret Name of existing Secret containing extra env vars for ingester nodes
2062
##
2063
extraEnvVarsSecret: ""
2064
## @param ingester.command Override default container command (useful when using custom images)
2065
##
2066
command: []
2067
## @param ingester.args Override default container args (useful when using custom images)
2068
##
2069
args: []
2070
## @param ingester.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled)
2071
##
2072
extraArgs: []
2073
## @param ingester.replicaCount Number of Ingester replicas to deploy
2074
##
2075
replicaCount: 1
2076
## Configure extra options for Ingester containers' liveness, readiness and startup probes
2077
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
2078
## @param ingester.livenessProbe.enabled Enable livenessProbe on Ingester nodes
2079
## @param ingester.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
2080
## @param ingester.livenessProbe.periodSeconds Period seconds for livenessProbe
2081
## @param ingester.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
2082
## @param ingester.livenessProbe.failureThreshold Failure threshold for livenessProbe
2083
## @param ingester.livenessProbe.successThreshold Success threshold for livenessProbe
2084
##
2085
livenessProbe:
2086
enabled: true
2087
failureThreshold: 3
2088
initialDelaySeconds: 10
2089
periodSeconds: 10
2090
successThreshold: 1
2091
timeoutSeconds: 1
2092
## @param ingester.readinessProbe.enabled Enable readinessProbe on Ingester nodes
2093
## @param ingester.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
2094
## @param ingester.readinessProbe.periodSeconds Period seconds for readinessProbe
2095
## @param ingester.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
2096
## @param ingester.readinessProbe.failureThreshold Failure threshold for readinessProbe
2097
## @param ingester.readinessProbe.successThreshold Success threshold for readinessProbe
2098
##
2099
readinessProbe:
2100
enabled: true
2101
failureThreshold: 3
2102
initialDelaySeconds: 10
2103
periodSeconds: 10
2104
successThreshold: 1
2105
timeoutSeconds: 1
2106
## @param ingester.startupProbe.enabled Enable startupProbe on Ingester containers
2107
## @param ingester.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
2108
## @param ingester.startupProbe.periodSeconds Period seconds for startupProbe
2109
## @param ingester.startupProbe.timeoutSeconds Timeout seconds for startupProbe
2110
## @param ingester.startupProbe.failureThreshold Failure threshold for startupProbe
2111
## @param ingester.startupProbe.successThreshold Success threshold for startupProbe
2112
##
2113
startupProbe:
2114
enabled: false
2115
initialDelaySeconds: 30
2116
periodSeconds: 10
2117
timeoutSeconds: 1
2118
failureThreshold: 15
2119
successThreshold: 1
2120
## @param ingester.customLivenessProbe Custom livenessProbe that overrides the default one
2121
##
2122
customLivenessProbe: {}
2123
## @param ingester.customReadinessProbe Custom readinessProbe that overrides the default one
2124
##
2125
customReadinessProbe: {}
2126
## @param ingester.customStartupProbe Custom startupProbe that overrides the default one
2127
##
2128
customStartupProbe: {}
2129
## @param ingester.lifecycleHooks for the ingester container(s) to automate configuration before or after startup
2130
##
2131
lifecycleHooks: {}
2132
## ingester resource requests and limits
2133
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2134
## @param ingester.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if ingester.resources is set (ingester.resources is recommended for production).
2135
##
2136
resourcesPreset: "micro"
2137
## @param ingester.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2138
## Example:
2139
## resources:
2140
## requests:
2141
## cpu: 2
2142
## memory: 512Mi
2143
## limits:
2144
## cpu: 3
2145
## memory: 1024Mi
2146
##
2147
resources: {}
2148
## Configure Pods Security Context
2149
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2150
## @param ingester.podSecurityContext.enabled Enabled Ingester pods' Security Context
2151
## @param ingester.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
2152
## @param ingester.podSecurityContext.sysctls Set kernel settings using the sysctl interface
2153
## @param ingester.podSecurityContext.supplementalGroups Set filesystem extra groups
2154
## @param ingester.podSecurityContext.fsGroup Set Ingester pod's Security Context fsGroup
2155
##
2156
podSecurityContext:
2157
enabled: true
2158
fsGroupChangePolicy: Always
2159
sysctls: []
2160
supplementalGroups: []
2161
fsGroup: 1001
2162
## Configure Container Security Context
2163
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2164
## @param ingester.containerSecurityContext.enabled Enabled containers' Security Context
2165
## @param ingester.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
2166
## @param ingester.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
2167
## @param ingester.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
2168
## @param ingester.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
2169
## @param ingester.containerSecurityContext.privileged Set container's Security Context privileged
2170
## @param ingester.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
2171
## @param ingester.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
2172
## @param ingester.containerSecurityContext.capabilities.drop List of capabilities to be dropped
2173
## @param ingester.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
2174
##
2175
containerSecurityContext:
2176
enabled: true
2177
seLinuxOptions: {}
2178
runAsUser: 1001
2179
runAsGroup: 1001
2180
runAsNonRoot: true
2181
privileged: false
2182
readOnlyRootFilesystem: true
2183
allowPrivilegeEscalation: false
2184
capabilities:
2185
drop: ["ALL"]
2186
seccompProfile:
2187
type: "RuntimeDefault"
2188
## @param ingester.automountServiceAccountToken Mount Service Account token in pod
2189
##
2190
automountServiceAccountToken: false
2191
## @param ingester.hostAliases ingester pods host aliases
2192
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
2193
##
2194
hostAliases: []
2195
## @param ingester.podLabels Extra labels for ingester pods
2196
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
2197
##
2198
podLabels: {}
2199
## @param ingester.podAnnotations Annotations for ingester pods
2200
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
2201
##
2202
podAnnotations: {}
2203
## @param ingester.podAffinityPreset Pod affinity preset. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard`
2204
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2205
##
2206
podAffinityPreset: ""
2207
## @param ingester.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard`
2208
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2209
##
2210
podAntiAffinityPreset: soft
2211
## Node ingester.affinity preset
2212
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
2213
##
2214
nodeAffinityPreset:
2215
## @param ingester.nodeAffinityPreset.type Node affinity preset type. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard`
2216
##
2217
type: ""
2218
## @param ingester.nodeAffinityPreset.key Node label key to match. Ignored if `ingester.affinity` is set
2219
##
2220
key: ""
2221
## @param ingester.nodeAffinityPreset.values Node label values to match. Ignored if `ingester.affinity` is set
2222
## E.g.
2223
## values:
2224
## - e2e-az1
2225
## - e2e-az2
2226
##
2227
values: []
2228
## @param ingester.affinity Affinity for ingester pods assignment
2229
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
2230
## NOTE: `ingester.podAffinityPreset`, `ingester.podAntiAffinityPreset`, and `ingester.nodeAffinityPreset` will be ignored when it's set
2231
##
2232
affinity: {}
2233
## @param ingester.nodeSelector Node labels for Ingester pods assignment
2234
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
2235
##
2236
nodeSelector: {}
2237
## @param ingester.tolerations Tolerations for Ingester pods assignment
2238
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
2239
##
2240
tolerations: []
2241
## @param ingester.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains
2242
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
2243
##
2244
topologySpreadConstraints: []
2245
## @param ingester.podManagementPolicy podManagementPolicy to manage scaling operation
2246
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
2247
##
2248
podManagementPolicy: ""
2249
## @param ingester.priorityClassName Ingester pods' priorityClassName
2250
##
2251
priorityClassName: ""
2252
## @param ingester.schedulerName Kubernetes pod scheduler registry
2253
## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
2254
##
2255
schedulerName: ""
2256
## @param ingester.updateStrategy.type Ingester statefulset strategy type
2257
## @param ingester.updateStrategy.rollingUpdate [object,nullable] Ingester statefulset rolling update configuration parameters
2258
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
2259
##
2260
updateStrategy:
2261
type: RollingUpdate
2262
rollingUpdate: null
2263
## @param ingester.extraVolumes Optionally specify extra list of additional volumes for the Ingester pod(s)
2264
##
2265
extraVolumes: []
2266
## @param ingester.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the ingester container(s)
2267
##
2268
extraVolumeMounts: []
2269
## @param ingester.sidecars Add additional sidecar containers to the Ingester pod(s)
2270
## e.g:
2271
## sidecars:
2272
## - name: your-image-name
2273
## image: your-image
2274
## imagePullPolicy: Always
2275
## ports:
2276
## - name: portname
2277
## containerPort: 1234
2278
##
2279
sidecars: []
2280
## @param ingester.initContainers Add additional init containers to the Ingester pod(s)
2281
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
2282
## e.g:
2283
## initContainers:
2284
## - name: your-image-name
2285
## image: your-image
2286
## imagePullPolicy: Always
2287
## command: ['sh', '-c', 'echo "hello world"']
2288
##
2289
initContainers: []
2290
## @param ingester.enableServiceLinks Whether information about services should be injected into pod's environment variable
2291
## The environment variables injected by service links are not used, but can lead to slow boot times or slow running of the scripts when there are many services in the current namespace.
2292
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
2293
##
2294
enableServiceLinks: true
2295
## Pod Disruption Budget configuration
2296
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
2297
## @param ingester.pdb.create Enable/disable a Pod Disruption Budget creation
2298
## @param ingester.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
2299
## @param ingester.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `ingester.pdb.minAvailable` and `ingester.pdb.maxUnavailable` are empty.
2300
##
2301
pdb:
2302
create: true
2303
minAvailable: ""
2304
maxUnavailable: ""
2305
## @section Ingester Persistence Parameters
2306
##
2307
2308
## Enable persistence using Persistent Volume Claims
2309
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
2310
##
2311
persistence:
2312
## @param ingester.persistence.enabled Enable persistence in Ingester instances
2313
##
2314
enabled: true
2315
## @param ingester.persistence.storageClass PVC Storage Class for Memcached data volume
2316
## If defined, storageClassName: <storageClass>
2317
## If set to "-", storageClassName: "", which disables dynamic provisioning
2318
## If undefined (the default) or set to null, no storageClassName spec is
2319
## set, choosing the default provisioner. (gp2 on AWS, standard on
2320
## GKE, AWS & OpenStack)
2321
##
2322
storageClass: ""
2323
## @param ingester.persistence.subPath The subdirectory of the volume to mount to
2324
##
2325
subPath: ""
2326
## @param ingester.persistence.accessModes PVC Access modes
2327
##
2328
accessModes:
2329
- ReadWriteOnce
2330
## @param ingester.persistence.size PVC Storage Request for Memcached data volume
2331
##
2332
size: 8Gi
2333
## @param ingester.persistence.annotations Additional PVC annotations
2334
##
2335
annotations: {}
2336
## @param ingester.persistence.selector Selector to match an existing Persistent Volume for Ingester's data PVC
2337
## If set, the PVC can't have a PV dynamically provisioned for it
2338
## E.g.
2339
## selector:
2340
## matchLabels:
2341
## app: my-app
2342
##
2343
selector: {}
2344
## @section Ingester Traffic Exposure Parameters
2345
##
2346
2347
## ingester service parameters
2348
##
2349
service:
2350
## @param ingester.service.type Ingester service type
2351
##
2352
type: ClusterIP
2353
## @param ingester.service.ports.http Ingester HTTP service port
2354
## @param ingester.service.ports.grpc Ingester GRPC service port
2355
##
2356
ports:
2357
http: 3100
2358
grpc: 9095
2359
## Node ports to expose
2360
## NOTE: choose port between <30000-32767>
2361
## @param ingester.service.nodePorts.http Node port for HTTP
2362
## @param ingester.service.nodePorts.grpc Node port for GRPC
2363
##
2364
nodePorts:
2365
http: ""
2366
grpc: ""
2367
## @param ingester.service.sessionAffinityConfig Additional settings for the sessionAffinity
2368
## sessionAffinityConfig:
2369
## clientIP:
2370
## timeoutSeconds: 300
2371
##
2372
sessionAffinityConfig: {}
2373
## @param ingester.service.sessionAffinity Control where client requests go, to the same pod or round-robin
2374
## Values: ClientIP or None
2375
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
2376
##
2377
sessionAffinity: None
2378
## @param ingester.service.clusterIP Ingester service Cluster IP
2379
## e.g.:
2380
## clusterIP: None
2381
##
2382
clusterIP: ""
2383
## @param ingester.service.loadBalancerIP Ingester service Load Balancer IP
2384
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
2385
##
2386
loadBalancerIP: ""
2387
## @param ingester.service.loadBalancerSourceRanges Ingester service Load Balancer sources
2388
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
2389
## e.g:
2390
## loadBalancerSourceRanges:
2391
## - 10.10.10.0/24
2392
##
2393
loadBalancerSourceRanges: []
2394
## @param ingester.service.externalTrafficPolicy Ingester service external traffic policy
2395
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
2396
##
2397
externalTrafficPolicy: Cluster
2398
## @param ingester.service.annotations Additional custom annotations for Ingester service
2399
##
2400
annotations: {}
2401
## @param ingester.service.extraPorts Extra ports to expose in the Ingester service
2402
##
2403
extraPorts: []
2404
## Network Policies
2405
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
2406
##
2407
networkPolicy:
2408
## @param ingester.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
2409
##
2410
enabled: true
2411
## @param ingester.networkPolicy.allowExternal Don't require server label for connections
2412
## The Policy model to apply. When set to false, only pods with the correct
2413
## server label will have network access to the ports server is listening
2414
## on. When true, server will accept connections from any source
2415
## (with the correct destination port).
2416
##
2417
allowExternal: true
2418
## @param ingester.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
2419
##
2420
allowExternalEgress: true
2421
## @param ingester.networkPolicy.addExternalClientAccess Allow access from pods with client label set to "true". Ignored if `ingester.networkPolicy.allowExternal` is true.
2422
##
2423
addExternalClientAccess: true
2424
## @param ingester.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
2425
## e.g:
2426
## extraIngress:
2427
## - ports:
2428
## - port: 1234
2429
## from:
2430
## - podSelector:
2431
## - matchLabels:
2432
## - role: frontend
2433
## - podSelector:
2434
## - matchExpressions:
2435
## - key: role
2436
## operator: In
2437
## values:
2438
## - frontend
2439
extraIngress: []
2440
## @param ingester.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
2441
## e.g:
2442
## extraEgress:
2443
## - ports:
2444
## - port: 1234
2445
## to:
2446
## - podSelector:
2447
## - matchLabels:
2448
## - role: frontend
2449
## - podSelector:
2450
## - matchExpressions:
2451
## - key: role
2452
## operator: In
2453
## values:
2454
## - frontend
2455
##
2456
extraEgress: []
2457
## @param ingester.networkPolicy.ingressPodMatchLabels [object] Labels to match to allow traffic from other pods. Ignored if `ingester.networkPolicy.allowExternal` is true.
2458
## e.g:
2459
## ingressPodMatchLabels:
2460
## my-client: "true"
2461
#
2462
ingressPodMatchLabels: {}
2463
## @param ingester.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces. Ignored if `ingester.networkPolicy.allowExternal` is true.
2464
## @param ingester.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces. Ignored if `ingester.networkPolicy.allowExternal` is true.
2465
##
2466
ingressNSMatchLabels: {}
2467
ingressNSPodMatchLabels: {}
2468
## @section Querier Deployment Parameters
2469
##
2470
querier:
2471
## @param querier.replicaCount Number of Querier replicas to deploy
2472
##
2473
replicaCount: 1
2474
## @param querier.extraEnvVars Array with extra environment variables to add to Querier nodes
2475
## e.g:
2476
## extraEnvVars:
2477
## - name: FOO
2478
## value: "bar"
2479
##
2480
extraEnvVars: []
2481
## @param querier.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Querier nodes
2482
##
2483
extraEnvVarsCM: ""
2484
## @param querier.extraEnvVarsSecret Name of existing Secret containing extra env vars for Querier nodes
2485
##
2486
extraEnvVarsSecret: ""
2487
## @param querier.command Override default container command (useful when using custom images)
2488
##
2489
command: []
2490
## @param querier.args Override default container args (useful when using custom images)
2491
##
2492
args: []
2493
## @param querier.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled)
2494
##
2495
extraArgs: []
2496
## @param querier.podManagementPolicy podManagementPolicy to manage scaling operation
2497
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
2498
##
2499
podManagementPolicy: ""
2500
## Configure extra options for Querier containers' liveness, readiness and startup probes
2501
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
2502
## @param querier.livenessProbe.enabled Enable livenessProbe on Querier nodes
2503
## @param querier.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
2504
## @param querier.livenessProbe.periodSeconds Period seconds for livenessProbe
2505
## @param querier.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
2506
## @param querier.livenessProbe.failureThreshold Failure threshold for livenessProbe
2507
## @param querier.livenessProbe.successThreshold Success threshold for livenessProbe
2508
##
2509
livenessProbe:
2510
enabled: true
2511
failureThreshold: 3
2512
initialDelaySeconds: 10
2513
periodSeconds: 10
2514
successThreshold: 1
2515
timeoutSeconds: 1
2516
## @param querier.readinessProbe.enabled Enable readinessProbe on Querier nodes
2517
## @param querier.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
2518
## @param querier.readinessProbe.periodSeconds Period seconds for readinessProbe
2519
## @param querier.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
2520
## @param querier.readinessProbe.failureThreshold Failure threshold for readinessProbe
2521
## @param querier.readinessProbe.successThreshold Success threshold for readinessProbe
2522
##
2523
readinessProbe:
2524
enabled: true
2525
failureThreshold: 3
2526
initialDelaySeconds: 10
2527
periodSeconds: 10
2528
successThreshold: 1
2529
timeoutSeconds: 1
2530
## @param querier.startupProbe.enabled Enable startupProbe on Querier containers
2531
## @param querier.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
2532
## @param querier.startupProbe.periodSeconds Period seconds for startupProbe
2533
## @param querier.startupProbe.timeoutSeconds Timeout seconds for startupProbe
2534
## @param querier.startupProbe.failureThreshold Failure threshold for startupProbe
2535
## @param querier.startupProbe.successThreshold Success threshold for startupProbe
2536
##
2537
startupProbe:
2538
enabled: false
2539
initialDelaySeconds: 30
2540
periodSeconds: 10
2541
timeoutSeconds: 1
2542
failureThreshold: 15
2543
successThreshold: 1
2544
## @param querier.customLivenessProbe Custom livenessProbe that overrides the default one
2545
##
2546
customLivenessProbe: {}
2547
## @param querier.customReadinessProbe Custom readinessProbe that overrides the default one
2548
##
2549
customReadinessProbe: {}
2550
## @param querier.customStartupProbe Custom startupProbe that overrides the default one
2551
##
2552
customStartupProbe: {}
2553
## querier resource requests and limits
2554
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2555
## @param querier.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if querier.resources is set (querier.resources is recommended for production).
2556
##
2557
resourcesPreset: "nano"
2558
## @param querier.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2559
## Example:
2560
## resources:
2561
## requests:
2562
## cpu: 2
2563
## memory: 512Mi
2564
## limits:
2565
## cpu: 3
2566
## memory: 1024Mi
2567
##
2568
resources: {}
2569
## Configure Pods Security Context
2570
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2571
## @param querier.podSecurityContext.enabled Enabled Querier pods' Security Context
2572
## @param querier.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
2573
## @param querier.podSecurityContext.sysctls Set kernel settings using the sysctl interface
2574
## @param querier.podSecurityContext.supplementalGroups Set filesystem extra groups
2575
## @param querier.podSecurityContext.fsGroup Set Querier pod's Security Context fsGroup
2576
##
2577
podSecurityContext:
2578
enabled: true
2579
fsGroupChangePolicy: Always
2580
sysctls: []
2581
supplementalGroups: []
2582
fsGroup: 1001
2583
## Configure Container Security Context
2584
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2585
## @param querier.containerSecurityContext.enabled Enabled containers' Security Context
2586
## @param querier.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
2587
## @param querier.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
2588
## @param querier.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
2589
## @param querier.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
2590
## @param querier.containerSecurityContext.privileged Set container's Security Context privileged
2591
## @param querier.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
2592
## @param querier.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
2593
## @param querier.containerSecurityContext.capabilities.drop List of capabilities to be dropped
2594
## @param querier.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
2595
##
2596
containerSecurityContext:
2597
enabled: true
2598
seLinuxOptions: {}
2599
runAsUser: 1001
2600
runAsGroup: 1001
2601
runAsNonRoot: true
2602
privileged: false
2603
readOnlyRootFilesystem: true
2604
allowPrivilegeEscalation: false
2605
capabilities:
2606
drop: ["ALL"]
2607
seccompProfile:
2608
type: "RuntimeDefault"
2609
## @param querier.lifecycleHooks for the Querier container(s) to automate configuration before or after startup
2610
##
2611
lifecycleHooks: {}
2612
## @param querier.automountServiceAccountToken Mount Service Account token in pod
2613
##
2614
automountServiceAccountToken: false
2615
## @param querier.hostAliases querier pods host aliases
2616
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
2617
##
2618
hostAliases: []
2619
## @param querier.podLabels Extra labels for querier pods
2620
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
2621
##
2622
podLabels: {}
2623
## @param querier.podAnnotations Annotations for querier pods
2624
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
2625
##
2626
podAnnotations: {}
2627
## @param querier.podAffinityPreset Pod affinity preset. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard`
2628
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2629
##
2630
podAffinityPreset: ""
2631
## @param querier.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard`
2632
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2633
##
2634
podAntiAffinityPreset: soft
2635
## Node querier.affinity preset
2636
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
2637
##
2638
nodeAffinityPreset:
2639
## @param querier.nodeAffinityPreset.type Node affinity preset type. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard`
2640
##
2641
type: ""
2642
## @param querier.nodeAffinityPreset.key Node label key to match. Ignored if `querier.affinity` is set
2643
##
2644
key: ""
2645
## @param querier.nodeAffinityPreset.values Node label values to match. Ignored if `querier.affinity` is set
2646
## E.g.
2647
## values:
2648
## - e2e-az1
2649
## - e2e-az2
2650
##
2651
values: []
2652
## @param querier.affinity Affinity for Querier pods assignment
2653
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
2654
## NOTE: `querier.podAffinityPreset`, `querier.podAntiAffinityPreset`, and `querier.nodeAffinityPreset` will be ignored when it's set
2655
##
2656
affinity: {}
2657
## @param querier.nodeSelector Node labels for Querier pods assignment
2658
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
2659
##
2660
nodeSelector: {}
2661
## @param querier.tolerations Tolerations for Querier pods assignment
2662
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
2663
##
2664
tolerations: []
2665
## @param querier.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains
2666
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
2667
##
2668
topologySpreadConstraints: []
2669
## @param querier.priorityClassName Querier pods' priorityClassName
2670
##
2671
priorityClassName: ""
2672
## @param querier.schedulerName Kubernetes pod scheduler registry
2673
## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
2674
##
2675
schedulerName: ""
2676
## @param querier.updateStrategy.type Querier statefulset strategy type
2677
## @param querier.updateStrategy.rollingUpdate [object,nullable] Querier statefulset rolling update configuration parameters
2678
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
2679
##
2680
updateStrategy:
2681
type: RollingUpdate
2682
rollingUpdate: null
2683
## @param querier.extraVolumes Optionally specify extra list of additional volumes for the Querier pod(s)
2684
##
2685
extraVolumes: []
2686
## @param querier.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the querier container(s)
2687
##
2688
extraVolumeMounts: []
2689
## @param querier.sidecars Add additional sidecar containers to the Querier pod(s)
2690
## e.g:
2691
## sidecars:
2692
## - name: your-image-name
2693
## image: your-image
2694
## imagePullPolicy: Always
2695
## ports:
2696
## - name: portname
2697
## containerPort: 1234
2698
##
2699
sidecars: []
2700
## @param querier.initContainers Add additional init containers to the Querier pod(s)
2701
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
2702
## e.g:
2703
## initContainers:
2704
## - name: your-image-name
2705
## image: your-image
2706
## imagePullPolicy: Always
2707
## command: ['sh', '-c', 'echo "hello world"']
2708
##
2709
initContainers: []
2710
## @param querier.enableServiceLinks Whether information about services should be injected into pod's environment variable
2711
## The environment variables injected by service links are not used, but can lead to slow boot times or slow running of the scripts when there are many services in the current namespace.
2712
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
2713
##
2714
enableServiceLinks: true
2715
## Pod Disruption Budget configuration
2716
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
2717
## @param querier.pdb.create Enable/disable a Pod Disruption Budget creation
2718
## @param querier.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
2719
## @param querier.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `querier.pdb.minAvailable` and `querier.pdb.maxUnavailable` are empty.
2720
##
2721
pdb:
2722
create: true
2723
minAvailable: ""
2724
maxUnavailable: ""
2725
## @section Querier Persistence Parameters
2726
##
2727
2728
## Enable persistence using Persistent Volume Claims
2729
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
2730
##
2731
persistence:
2732
## @param querier.persistence.enabled Enable persistence in Querier instances
2733
##
2734
enabled: true
2735
## @param querier.persistence.storageClass PVC Storage Class for Memcached data volume
2736
## If defined, storageClassName: <storageClass>
2737
## If set to "-", storageClassName: "", which disables dynamic provisioning
2738
## If undefined (the default) or set to null, no storageClassName spec is
2739
## set, choosing the default provisioner. (gp2 on AWS, standard on
2740
## GKE, AWS & OpenStack)
2741
##
2742
storageClass: ""
2743
## @param querier.persistence.subPath The subdirectory of the volume to mount to
2744
##
2745
subPath: ""
2746
## @param querier.persistence.accessModes PVC Access modes
2747
##
2748
accessModes:
2749
- ReadWriteOnce
2750
## @param querier.persistence.size PVC Storage Request for Memcached data volume
2751
##
2752
size: 8Gi
2753
## @param querier.persistence.annotations Additional PVC annotations
2754
##
2755
annotations: {}
2756
## @param querier.persistence.selector Selector to match an existing Persistent Volume for Querier's data PVC
2757
## If set, the PVC can't have a PV dynamically provisioned for it
2758
## E.g.
2759
## selector:
2760
## matchLabels:
2761
## app: my-app
2762
##
2763
selector: {}
2764
## @section Querier Traffic Exposure Parameters
2765
##
2766
2767
## querier service parameters
2768
##
2769
service:
2770
## @param querier.service.type Querier service type
2771
##
2772
type: ClusterIP
2773
## @param querier.service.ports.http Querier HTTP service port
2774
## @param querier.service.ports.grpc Querier GRPC service port
2775
##
2776
ports:
2777
http: 3100
2778
grpc: 9095
2779
## Node ports to expose
2780
## NOTE: choose port between <30000-32767>
2781
## @param querier.service.nodePorts.http Node port for HTTP
2782
## @param querier.service.nodePorts.grpc Node port for GRPC
2783
##
2784
nodePorts:
2785
http: ""
2786
grpc: ""
2787
## @param querier.service.sessionAffinityConfig Additional settings for the sessionAffinity
2788
## sessionAffinityConfig:
2789
## clientIP:
2790
## timeoutSeconds: 300
2791
##
2792
sessionAffinityConfig: {}
2793
## @param querier.service.sessionAffinity Control where client requests go, to the same pod or round-robin
2794
## Values: ClientIP or None
2795
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
2796
##
2797
sessionAffinity: None
2798
## @param querier.service.clusterIP Querier service Cluster IP
2799
## e.g.:
2800
## clusterIP: None
2801
##
2802
clusterIP: ""
2803
## @param querier.service.loadBalancerIP Querier service Load Balancer IP
2804
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
2805
##
2806
loadBalancerIP: ""
2807
## @param querier.service.loadBalancerSourceRanges Querier service Load Balancer sources
2808
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
2809
## e.g:
2810
## loadBalancerSourceRanges:
2811
## - 10.10.10.0/24
2812
##
2813
loadBalancerSourceRanges: []
2814
## @param querier.service.externalTrafficPolicy Querier service external traffic policy
2815
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
2816
##
2817
externalTrafficPolicy: Cluster
2818
## @param querier.service.annotations Additional custom annotations for Querier service
2819
##
2820
annotations: {}
2821
## @param querier.service.extraPorts Extra ports to expose in the Querier service
2822
##
2823
extraPorts: []
2824
## Network Policies
2825
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
2826
##
2827
networkPolicy:
2828
## @param querier.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
2829
##
2830
enabled: true
2831
## @param querier.networkPolicy.allowExternal Don't require server label for connections
2832
## The Policy model to apply. When set to false, only pods with the correct
2833
## server label will have network access to the ports server is listening
2834
## on. When true, server will accept connections from any source
2835
## (with the correct destination port).
2836
##
2837
allowExternal: true
2838
## @param querier.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
2839
##
2840
allowExternalEgress: true
2841
## @param querier.networkPolicy.addExternalClientAccess Allow access from pods with client label set to "true". Ignored if `querier.networkPolicy.allowExternal` is true.
2842
##
2843
addExternalClientAccess: true
2844
## @param querier.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
2845
## e.g:
2846
## extraIngress:
2847
## - ports:
2848
## - port: 1234
2849
## from:
2850
## - podSelector:
2851
## - matchLabels:
2852
## - role: frontend
2853
## - podSelector:
2854
## - matchExpressions:
2855
## - key: role
2856
## operator: In
2857
## values:
2858
## - frontend
2859
extraIngress: []
2860
## @param querier.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
2861
## e.g:
2862
## extraEgress:
2863
## - ports:
2864
## - port: 1234
2865
## to:
2866
## - podSelector:
2867
## - matchLabels:
2868
## - role: frontend
2869
## - podSelector:
2870
## - matchExpressions:
2871
## - key: role
2872
## operator: In
2873
## values:
2874
## - frontend
2875
##
2876
extraEgress: []
2877
## @param querier.networkPolicy.ingressPodMatchLabels [object] Labels to match to allow traffic from other pods. Ignored if `querier.networkPolicy.allowExternal` is true.
2878
## e.g:
2879
## ingressPodMatchLabels:
2880
## my-client: "true"
2881
#
2882
ingressPodMatchLabels: {}
2883
## @param querier.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces. Ignored if `querier.networkPolicy.allowExternal` is true.
2884
## @param querier.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces. Ignored if `querier.networkPolicy.allowExternal` is true.
2885
##
2886
ingressNSMatchLabels: {}
2887
ingressNSPodMatchLabels: {}
2888
## @section Query Frontend Deployment Parameters
2889
##
2890
queryFrontend:
2891
## @param queryFrontend.extraEnvVars Array with extra environment variables to add to queryFrontend nodes
2892
## e.g:
2893
## extraEnvVars:
2894
## - name: FOO
2895
## value: "bar"
2896
##
2897
extraEnvVars: []
2898
## @param queryFrontend.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for queryFrontend nodes
2899
##
2900
extraEnvVarsCM: ""
2901
## @param queryFrontend.extraEnvVarsSecret Name of existing Secret containing extra env vars for queryFrontend nodes
2902
##
2903
extraEnvVarsSecret: ""
2904
## @param queryFrontend.command Override default container command (useful when using custom images)
2905
##
2906
command: []
2907
## @param queryFrontend.args Override default container args (useful when using custom images)
2908
##
2909
args: []
2910
## @param queryFrontend.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled)
2911
##
2912
extraArgs: []
2913
## @param queryFrontend.replicaCount Number of queryFrontend replicas to deploy
2914
##
2915
replicaCount: 1
2916
## Configure extra options for queryFrontend containers' liveness, readiness and startup probes
2917
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
2918
## @param queryFrontend.livenessProbe.enabled Enable livenessProbe on queryFrontend nodes
2919
## @param queryFrontend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
2920
## @param queryFrontend.livenessProbe.periodSeconds Period seconds for livenessProbe
2921
## @param queryFrontend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
2922
## @param queryFrontend.livenessProbe.failureThreshold Failure threshold for livenessProbe
2923
## @param queryFrontend.livenessProbe.successThreshold Success threshold for livenessProbe
2924
##
2925
livenessProbe:
2926
enabled: true
2927
failureThreshold: 3
2928
initialDelaySeconds: 10
2929
periodSeconds: 10
2930
successThreshold: 1
2931
timeoutSeconds: 1
2932
## @param queryFrontend.readinessProbe.enabled Enable readinessProbe on queryFrontend nodes
2933
## @param queryFrontend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
2934
## @param queryFrontend.readinessProbe.periodSeconds Period seconds for readinessProbe
2935
## @param queryFrontend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
2936
## @param queryFrontend.readinessProbe.failureThreshold Failure threshold for readinessProbe
2937
## @param queryFrontend.readinessProbe.successThreshold Success threshold for readinessProbe
2938
##
2939
readinessProbe:
2940
enabled: true
2941
failureThreshold: 3
2942
initialDelaySeconds: 10
2943
periodSeconds: 10
2944
successThreshold: 1
2945
timeoutSeconds: 1
2946
## @param queryFrontend.startupProbe.enabled Enable startupProbe on queryFrontend containers
2947
## @param queryFrontend.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
2948
## @param queryFrontend.startupProbe.periodSeconds Period seconds for startupProbe
2949
## @param queryFrontend.startupProbe.timeoutSeconds Timeout seconds for startupProbe
2950
## @param queryFrontend.startupProbe.failureThreshold Failure threshold for startupProbe
2951
## @param queryFrontend.startupProbe.successThreshold Success threshold for startupProbe
2952
##
2953
startupProbe:
2954
enabled: false
2955
initialDelaySeconds: 30
2956
periodSeconds: 10
2957
timeoutSeconds: 1
2958
failureThreshold: 15
2959
successThreshold: 1
2960
## @param queryFrontend.customLivenessProbe Custom livenessProbe that overrides the default one
2961
##
2962
customLivenessProbe: {}
2963
## @param queryFrontend.customReadinessProbe Custom readinessProbe that overrides the default one
2964
##
2965
customReadinessProbe: {}
2966
## @param queryFrontend.customStartupProbe Custom startupProbe that overrides the default one
2967
##
2968
customStartupProbe: {}
2969
## queryFrontend resource requests and limits
2970
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2971
## @param queryFrontend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if queryFrontend.resources is set (queryFrontend.resources is recommended for production).
2972
##
2973
resourcesPreset: "nano"
2974
## @param queryFrontend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2975
## Example:
2976
## resources:
2977
## requests:
2978
## cpu: 2
2979
## memory: 512Mi
2980
## limits:
2981
## cpu: 3
2982
## memory: 1024Mi
2983
##
2984
resources: {}
2985
## Configure Pods Security Context
2986
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2987
## @param queryFrontend.podSecurityContext.enabled Enabled queryFrontend pods' Security Context
2988
## @param queryFrontend.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
2989
## @param queryFrontend.podSecurityContext.sysctls Set kernel settings using the sysctl interface
2990
## @param queryFrontend.podSecurityContext.supplementalGroups Set filesystem extra groups
2991
## @param queryFrontend.podSecurityContext.fsGroup Set queryFrontend pod's Security Context fsGroup
2992
##
2993
podSecurityContext:
2994
enabled: true
2995
fsGroupChangePolicy: Always
2996
sysctls: []
2997
supplementalGroups: []
2998
fsGroup: 1001
2999
## Configure Container Security Context
3000
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
3001
## @param queryFrontend.containerSecurityContext.enabled Enabled containers' Security Context
3002
## @param queryFrontend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
3003
## @param queryFrontend.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
3004
## @param queryFrontend.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
3005
## @param queryFrontend.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
3006
## @param queryFrontend.containerSecurityContext.privileged Set container's Security Context privileged
3007
## @param queryFrontend.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
3008
## @param queryFrontend.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
3009
## @param queryFrontend.containerSecurityContext.capabilities.drop List of capabilities to be dropped
3010
## @param queryFrontend.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
3011
##
3012
containerSecurityContext:
3013
enabled: true
3014
seLinuxOptions: {}
3015
runAsUser: 1001
3016
runAsGroup: 1001
3017
runAsNonRoot: true
3018
privileged: false
3019
readOnlyRootFilesystem: true
3020
allowPrivilegeEscalation: false
3021
capabilities:
3022
drop: ["ALL"]
3023
seccompProfile:
3024
type: "RuntimeDefault"
3025
## @param queryFrontend.lifecycleHooks for the queryFrontend container(s) to automate configuration before or after startup
3026
##
3027
lifecycleHooks: {}
3028
## @param queryFrontend.automountServiceAccountToken Mount Service Account token in pod
3029
##
3030
automountServiceAccountToken: false
3031
## @param queryFrontend.hostAliases queryFrontend pods host aliases
3032
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
3033
##
3034
hostAliases: []
3035
## @param queryFrontend.podLabels Extra labels for queryFrontend pods
3036
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
3037
##
3038
podLabels: {}
3039
## @param queryFrontend.podAnnotations Annotations for queryFrontend pods
3040
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
3041
##
3042
podAnnotations: {}
3043
## @param queryFrontend.podAffinityPreset Pod affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard`
3044
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
3045
##
3046
podAffinityPreset: ""
3047
## @param queryFrontend.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard`
3048
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
3049
##
3050
podAntiAffinityPreset: soft
3051
## Node queryFrontend.affinity preset
3052
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
3053
##
3054
nodeAffinityPreset:
3055
## @param queryFrontend.nodeAffinityPreset.type Node affinity preset type. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard`
3056
##
3057
type: ""
3058
## @param queryFrontend.nodeAffinityPreset.key Node label key to match. Ignored if `queryFrontend.affinity` is set
3059
##
3060
key: ""
3061
## @param queryFrontend.nodeAffinityPreset.values Node label values to match. Ignored if `queryFrontend.affinity` is set
3062
## E.g.
3063
## values:
3064
## - e2e-az1
3065
## - e2e-az2
3066
##
3067
values: []
3068
## @param queryFrontend.affinity Affinity for queryFrontend pods assignment
3069
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
3070
## NOTE: `queryFrontend.podAffinityPreset`, `queryFrontend.podAntiAffinityPreset`, and `queryFrontend.nodeAffinityPreset` will be ignored when it's set
3071
##
3072
affinity: {}
3073
## @param queryFrontend.nodeSelector Node labels for queryFrontend pods assignment
3074
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
3075
##
3076
nodeSelector: {}
3077
## @param queryFrontend.tolerations Tolerations for queryFrontend pods assignment
3078
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
3079
##
3080
tolerations: []
3081
## @param queryFrontend.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains
3082
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
3083
##
3084
topologySpreadConstraints: []
3085
## @param queryFrontend.priorityClassName queryFrontend pods' priorityClassName
3086
##
3087
priorityClassName: ""
3088
## @param queryFrontend.schedulerName Kubernetes pod scheduler registry
3089
## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
3090
##
3091
schedulerName: ""
3092
## @param queryFrontend.updateStrategy.type queryFrontend statefulset strategy type
3093
## @param queryFrontend.updateStrategy.rollingUpdate [object,nullable] queryFrontend statefulset rolling update configuration parameters
3094
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
3095
##
3096
updateStrategy:
3097
type: RollingUpdate
3098
rollingUpdate: null
3099
## @param queryFrontend.extraVolumes Optionally specify extra list of additional volumes for the queryFrontend pod(s)
3100
##
3101
extraVolumes: []
3102
## @param queryFrontend.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the queryFrontend container(s)
3103
##
3104
extraVolumeMounts: []
3105
## @param queryFrontend.sidecars Add additional sidecar containers to the queryFrontend pod(s)
3106
## e.g:
3107
## sidecars:
3108
## - name: your-image-name
3109
## image: your-image
3110
## imagePullPolicy: Always
3111
## ports:
3112
## - name: portname
3113
## containerPort: 1234
3114
##
3115
sidecars: []
3116
## @param queryFrontend.initContainers Add additional init containers to the queryFrontend pod(s)
3117
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
3118
## e.g:
3119
## initContainers:
3120
## - name: your-image-name
3121
## image: your-image
3122
## imagePullPolicy: Always
3123
## command: ['sh', '-c', 'echo "hello world"']
3124
##
3125
initContainers: []
3126
## @param queryFrontend.enableServiceLinks Whether information about services should be injected into pod's environment variable
3127
## The environment variables injected by service links are not used, but can lead to slow boot times or slow running of the scripts when there are many services in the current namespace.
3128
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
3129
##
3130
enableServiceLinks: true
3131
## Pod Disruption Budget configuration
3132
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
3133
## @param queryFrontend.pdb.create Enable/disable a Pod Disruption Budget creation
3134
## @param queryFrontend.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
3135
## @param queryFrontend.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `queryFrontend.pdb.minAvailable` and `queryFrontend.pdb.maxUnavailable` are empty.
3136
##
3137
pdb:
3138
create: true
3139
minAvailable: ""
3140
maxUnavailable: ""
3141
## @section Query Frontend Traffic Exposure Parameters
3142
##
3143
3144
## queryFrontend service parameters
3145
##
3146
service:
3147
## @param queryFrontend.service.type queryFrontend service type
3148
##
3149
type: ClusterIP
3150
## @param queryFrontend.service.ports.http queryFrontend HTTP service port
3151
## @param queryFrontend.service.ports.grpc queryFrontend GRPC service port
3152
##
3153
ports:
3154
http: 3100
3155
grpc: 9095
3156
## Node ports to expose
3157
## NOTE: choose port between <30000-32767>
3158
## @param queryFrontend.service.nodePorts.http Node port for HTTP
3159
## @param queryFrontend.service.nodePorts.grpc Node port for GRPC
3160
##
3161
nodePorts:
3162
http: ""
3163
grpc: ""
3164
## @param queryFrontend.service.sessionAffinityConfig Additional settings for the sessionAffinity
3165
## sessionAffinityConfig:
3166
## clientIP:
3167
## timeoutSeconds: 300
3168
##
3169
sessionAffinityConfig: {}
3170
## @param queryFrontend.service.sessionAffinity Control where client requests go, to the same pod or round-robin
3171
## Values: ClientIP or None
3172
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
3173
##
3174
sessionAffinity: None
3175
## @param queryFrontend.service.clusterIP queryFrontend service Cluster IP
3176
## e.g.:
3177
## clusterIP: None
3178
##
3179
clusterIP: ""
3180
## @param queryFrontend.service.loadBalancerIP queryFrontend service Load Balancer IP
3181
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
3182
##
3183
loadBalancerIP: ""
3184
## @param queryFrontend.service.loadBalancerSourceRanges queryFrontend service Load Balancer sources
3185
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
3186
## e.g:
3187
## loadBalancerSourceRanges:
3188
## - 10.10.10.0/24
3189
##
3190
loadBalancerSourceRanges: []
3191
## @param queryFrontend.service.externalTrafficPolicy queryFrontend service external traffic policy
3192
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
3193
##
3194
externalTrafficPolicy: Cluster
3195
## @param queryFrontend.service.annotations Additional custom annotations for queryFrontend service
3196
##
3197
annotations: {}
3198
## @param queryFrontend.service.extraPorts Extra ports to expose in the queryFrontend service
3199
##
3200
extraPorts: []
3201
## Headless service properties
3202
##
3203
headless:
3204
## @param queryFrontend.service.headless.annotations Annotations for the headless service.
3205
##
3206
annotations: {}
3207
## Network Policies
3208
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
3209
##
3210
networkPolicy:
3211
## @param queryFrontend.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
3212
##
3213
enabled: true
3214
## @param queryFrontend.networkPolicy.allowExternal Don't require server label for connections
3215
## The Policy model to apply. When set to false, only pods with the correct
3216
## server label will have network access to the ports server is listening
3217
## on. When true, server will accept connections from any source
3218
## (with the correct destination port).
3219
##
3220
allowExternal: true
3221
## @param queryFrontend.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
3222
##
3223
allowExternalEgress: true
3224
## @param queryFrontend.networkPolicy.addExternalClientAccess Allow access from pods with client label set to "true". Ignored if `queryFrontend.networkPolicy.allowExternal` is true.
3225
##
3226
addExternalClientAccess: true
3227
## @param queryFrontend.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
3228
## e.g:
3229
## extraIngress:
3230
## - ports:
3231
## - port: 1234
3232
## from:
3233
## - podSelector:
3234
## - matchLabels:
3235
## - role: frontend
3236
## - podSelector:
3237
## - matchExpressions:
3238
## - key: role
3239
## operator: In
3240
## values:
3241
## - frontend
3242
extraIngress: []
3243
## @param queryFrontend.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
3244
## e.g:
3245
## extraEgress:
3246
## - ports:
3247
## - port: 1234
3248
## to:
3249
## - podSelector:
3250
## - matchLabels:
3251
## - role: frontend
3252
## - podSelector:
3253
## - matchExpressions:
3254
## - key: role
3255
## operator: In
3256
## values:
3257
## - frontend
3258
##
3259
extraEgress: []
3260
## @param queryFrontend.networkPolicy.ingressPodMatchLabels [object] Labels to match to allow traffic from other pods. Ignored if `queryFrontend.networkPolicy.allowExternal` is true.
3261
## e.g:
3262
## ingressPodMatchLabels:
3263
## my-client: "true"
3264
#
3265
ingressPodMatchLabels: {}
3266
## @param queryFrontend.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces. Ignored if `queryFrontend.networkPolicy.allowExternal` is true.
3267
## @param queryFrontend.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces. Ignored if `queryFrontend.networkPolicy.allowExternal` is true.
3268
##
3269
ingressNSMatchLabels: {}
3270
ingressNSPodMatchLabels: {}
3271
## @section Query Scheduler Deployment Parameters
3272
##
3273
queryScheduler:
3274
## @param queryScheduler.enabled Deploy Query Scheduler component
3275
##
3276
enabled: false
3277
## @param queryScheduler.extraEnvVars Array with extra environment variables to add to queryScheduler nodes
3278
## e.g:
3279
## extraEnvVars:
3280
## - name: FOO
3281
## value: "bar"
3282
##
3283
extraEnvVars: []
3284
## @param queryScheduler.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for queryScheduler nodes
3285
##
3286
extraEnvVarsCM: ""
3287
## @param queryScheduler.extraEnvVarsSecret Name of existing Secret containing extra env vars for queryScheduler nodes
3288
##
3289
extraEnvVarsSecret: ""
3290
## @param queryScheduler.command Override default container command (useful when using custom images)
3291
##
3292
command: []
3293
## @param queryScheduler.args Override default container args (useful when using custom images)
3294
##
3295
args: []
3296
## @param queryScheduler.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled)
3297
##
3298
extraArgs: []
3299
## @param queryScheduler.replicaCount Number of queryScheduler replicas to deploy
3300
##
3301
replicaCount: 1
3302
## Configure extra options for queryScheduler containers' liveness, readiness and startup probes
3303
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
3304
## @param queryScheduler.livenessProbe.enabled Enable livenessProbe on queryScheduler nodes
3305
## @param queryScheduler.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
3306
## @param queryScheduler.livenessProbe.periodSeconds Period seconds for livenessProbe
3307
## @param queryScheduler.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
3308
## @param queryScheduler.livenessProbe.failureThreshold Failure threshold for livenessProbe
3309
## @param queryScheduler.livenessProbe.successThreshold Success threshold for livenessProbe
3310
##
3311
livenessProbe:
3312
enabled: true
3313
failureThreshold: 3
3314
initialDelaySeconds: 10
3315
periodSeconds: 10
3316
successThreshold: 1
3317
timeoutSeconds: 1
3318
## @param queryScheduler.minReadySeconds Minimum time to wait before performing readiness check
3319
##
3320
minReadySeconds: 10
3321
## @param queryScheduler.readinessProbe.enabled Enable readinessProbe on queryScheduler nodes
3322
## @param queryScheduler.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
3323
## @param queryScheduler.readinessProbe.periodSeconds Period seconds for readinessProbe
3324
## @param queryScheduler.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
3325
## @param queryScheduler.readinessProbe.failureThreshold Failure threshold for readinessProbe
3326
## @param queryScheduler.readinessProbe.successThreshold Success threshold for readinessProbe
3327
##
3328
readinessProbe:
3329
enabled: true
3330
failureThreshold: 3
3331
initialDelaySeconds: 10
3332
periodSeconds: 10
3333
successThreshold: 1
3334
timeoutSeconds: 1
3335
## @param queryScheduler.startupProbe.enabled Enable startupProbe on queryScheduler containers
3336
## @param queryScheduler.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
3337
## @param queryScheduler.startupProbe.periodSeconds Period seconds for startupProbe
3338
## @param queryScheduler.startupProbe.timeoutSeconds Timeout seconds for startupProbe
3339
## @param queryScheduler.startupProbe.failureThreshold Failure threshold for startupProbe
3340
## @param queryScheduler.startupProbe.successThreshold Success threshold for startupProbe
3341
##
3342
startupProbe:
3343
enabled: false
3344
initialDelaySeconds: 30
3345
periodSeconds: 10
3346
timeoutSeconds: 1
3347
failureThreshold: 15
3348
successThreshold: 1
3349
## @param queryScheduler.customLivenessProbe Custom livenessProbe that overrides the default one
3350
##
3351
customLivenessProbe: {}
3352
## @param queryScheduler.customReadinessProbe Custom readinessProbe that overrides the default one
3353
##
3354
customReadinessProbe: {}
3355
## @param queryScheduler.customStartupProbe Custom startupProbe that overrides the default one
3356
##
3357
customStartupProbe: {}
3358
## queryScheduler resource requests and limits
3359
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
3360
## @param queryScheduler.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if queryScheduler.resources is set (queryScheduler.resources is recommended for production).
3361
##
3362
resourcesPreset: "nano"
3363
## @param queryScheduler.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
3364
## Example:
3365
## resources:
3366
## requests:
3367
## cpu: 2
3368
## memory: 512Mi
3369
## limits:
3370
## cpu: 3
3371
## memory: 1024Mi
3372
##
3373
resources: {}
3374
## Configure Pods Security Context
3375
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
3376
## @param queryScheduler.podSecurityContext.enabled Enabled queryScheduler pods' Security Context
3377
## @param queryScheduler.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
3378
## @param queryScheduler.podSecurityContext.sysctls Set kernel settings using the sysctl interface
3379
## @param queryScheduler.podSecurityContext.supplementalGroups Set filesystem extra groups
3380
## @param queryScheduler.podSecurityContext.fsGroup Set queryScheduler pod's Security Context fsGroup
3381
##
3382
podSecurityContext:
3383
enabled: true
3384
fsGroupChangePolicy: Always
3385
sysctls: []
3386
supplementalGroups: []
3387
fsGroup: 1001
3388
## Configure Container Security Context
3389
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
3390
## @param queryScheduler.containerSecurityContext.enabled Enabled containers' Security Context
3391
## @param queryScheduler.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
3392
## @param queryScheduler.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
3393
## @param queryScheduler.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
3394
## @param queryScheduler.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
3395
## @param queryScheduler.containerSecurityContext.privileged Set container's Security Context privileged
3396
## @param queryScheduler.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
3397
## @param queryScheduler.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
3398
## @param queryScheduler.containerSecurityContext.capabilities.drop List of capabilities to be dropped
3399
## @param queryScheduler.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
3400
##
3401
containerSecurityContext:
3402
enabled: true
3403
seLinuxOptions: {}
3404
runAsUser: 1001
3405
runAsGroup: 1001
3406
runAsNonRoot: true
3407
privileged: false
3408
readOnlyRootFilesystem: true
3409
allowPrivilegeEscalation: false
3410
capabilities:
3411
drop: ["ALL"]
3412
seccompProfile:
3413
type: "RuntimeDefault"
3414
## @param queryScheduler.lifecycleHooks for the queryScheduler container(s) to automate configuration before or after startup
3415
##
3416
lifecycleHooks: {}
3417
## @param queryScheduler.automountServiceAccountToken Mount Service Account token in pod
3418
##
3419
automountServiceAccountToken: false
3420
## @param queryScheduler.hostAliases queryScheduler pods host aliases
3421
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
3422
##
3423
hostAliases: []
3424
## @param queryScheduler.podLabels Extra labels for queryScheduler pods
3425
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
3426
##
3427
podLabels: {}
3428
## @param queryScheduler.podAnnotations Annotations for queryScheduler pods
3429
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
3430
##
3431
podAnnotations: {}
3432
## @param queryScheduler.podAffinityPreset Pod affinity preset. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard`
3433
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
3434
##
3435
podAffinityPreset: ""
3436
## @param queryScheduler.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard`
3437
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
3438
##
3439
podAntiAffinityPreset: soft
3440
## Node queryScheduler.affinity preset
3441
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
3442
##
3443
nodeAffinityPreset:
3444
## @param queryScheduler.nodeAffinityPreset.type Node affinity preset type. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard`
3445
##
3446
type: ""
3447
## @param queryScheduler.nodeAffinityPreset.key Node label key to match. Ignored if `queryScheduler.affinity` is set
3448
##
3449
key: ""
3450
## @param queryScheduler.nodeAffinityPreset.values Node label values to match. Ignored if `queryScheduler.affinity` is set
3451
## E.g.
3452
## values:
3453
## - e2e-az1
3454
## - e2e-az2
3455
##
3456
values: []
3457
## @param queryScheduler.affinity Affinity for queryScheduler pods assignment
3458
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
3459
## NOTE: `queryScheduler.podAffinityPreset`, `queryScheduler.podAntiAffinityPreset`, and `queryScheduler.nodeAffinityPreset` will be ignored when it's set
3460
##
3461
affinity: {}
3462
## @param queryScheduler.nodeSelector Node labels for queryScheduler pods assignment
3463
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
3464
##
3465
nodeSelector: {}
3466
## @param queryScheduler.tolerations Tolerations for queryScheduler pods assignment
3467
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
3468
##
3469
tolerations: []
3470
## @param queryScheduler.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains
3471
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
3472
##
3473
topologySpreadConstraints: []
3474
## @param queryScheduler.priorityClassName queryScheduler pods' priorityClassName
3475
##
3476
priorityClassName: ""
3477
## @param queryScheduler.schedulerName Kubernetes pod scheduler registry
3478
## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
3479
##
3480
schedulerName: ""
3481
## @param queryScheduler.updateStrategy.type queryScheduler statefulset strategy type
3482
## @param queryScheduler.updateStrategy.rollingUpdate [object,nullable] queryScheduler statefulset rolling update configuration parameters
3483
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
3484
##
3485
updateStrategy:
3486
type: RollingUpdate
3487
rollingUpdate: null
3488
## @param queryScheduler.extraVolumes Optionally specify extra list of additional volumes for the queryScheduler pod(s)
3489
##
3490
extraVolumes: []
3491
## @param queryScheduler.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the queryScheduler container(s)
3492
##
3493
extraVolumeMounts: []
3494
## @param queryScheduler.sidecars Add additional sidecar containers to the queryScheduler pod(s)
3495
## e.g:
3496
## sidecars:
3497
## - name: your-image-name
3498
## image: your-image
3499
## imagePullPolicy: Always
3500
## ports:
3501
## - name: portname
3502
## containerPort: 1234
3503
##
3504
sidecars: []
3505
## @param queryScheduler.initContainers Add additional init containers to the queryScheduler pod(s)
3506
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
3507
## e.g:
3508
## initContainers:
3509
## - name: your-image-name
3510
## image: your-image
3511
## imagePullPolicy: Always
3512
## command: ['sh', '-c', 'echo "hello world"']
3513
##
3514
initContainers: []
3515
## @param queryScheduler.enableServiceLinks Whether information about services should be injected into pod's environment variable
3516
## The environment variables injected by service links are not used, but can lead to slow boot times or slow running of the scripts when there are many services in the current namespace.
3517
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
3518
##
3519
enableServiceLinks: true
3520
## Pod Disruption Budget configuration
3521
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
3522
## @param queryScheduler.pdb.create Enable/disable a Pod Disruption Budget creation
3523
## @param queryScheduler.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
3524
## @param queryScheduler.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `queryScheduler.pdb.minAvailable` and `queryScheduler.pdb.maxUnavailable` are empty.
3525
##
3526
pdb:
3527
create: true
3528
minAvailable: ""
3529
maxUnavailable: ""
3530
## @section Query Scheduler Traffic Exposure Parameters
3531
##
3532
3533
## queryScheduler service parameters
3534
##
3535
service:
3536
## @param queryScheduler.service.type queryScheduler service type
3537
##
3538
type: ClusterIP
3539
## @param queryScheduler.service.ports.http queryScheduler HTTP service port
3540
## @param queryScheduler.service.ports.grpc queryScheduler GRPC service port
3541
##
3542
ports:
3543
http: 3100
3544
grpc: 9095
3545
## Node ports to expose
3546
## NOTE: choose port between <30000-32767>
3547
## @param queryScheduler.service.nodePorts.http Node port for HTTP
3548
## @param queryScheduler.service.nodePorts.grpc Node port for GRPC
3549
##
3550
nodePorts:
3551
http: ""
3552
grpc: ""
3553
## @param queryScheduler.service.sessionAffinityConfig Additional settings for the sessionAffinity
3554
## sessionAffinityConfig:
3555
## clientIP:
3556
## timeoutSeconds: 300
3557
##
3558
sessionAffinityConfig: {}
3559
## @param queryScheduler.service.sessionAffinity Control where client requests go, to the same pod or round-robin
3560
## Values: ClientIP or None
3561
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
3562
##
3563
sessionAffinity: None
3564
## @param queryScheduler.service.clusterIP queryScheduler service Cluster IP
3565
## e.g.:
3566
## clusterIP: None
3567
##
3568
clusterIP: ""
3569
## @param queryScheduler.service.loadBalancerIP queryScheduler service Load Balancer IP
3570
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
3571
##
3572
loadBalancerIP: ""
3573
## @param queryScheduler.service.loadBalancerSourceRanges queryScheduler service Load Balancer sources
3574
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
3575
## e.g:
3576
## loadBalancerSourceRanges:
3577
## - 10.10.10.0/24
3578
##
3579
loadBalancerSourceRanges: []
3580
## @param queryScheduler.service.externalTrafficPolicy queryScheduler service external traffic policy
3581
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
3582
##
3583
externalTrafficPolicy: Cluster
3584
## @param queryScheduler.service.annotations Additional custom annotations for queryScheduler service
3585
##
3586
annotations: {}
3587
## @param queryScheduler.service.extraPorts Extra ports to expose in the queryScheduler service
3588
##
3589
extraPorts: []
3590
## Network Policies
3591
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
3592
##
3593
networkPolicy:
3594
## @param queryScheduler.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
3595
##
3596
enabled: true
3597
## @param queryScheduler.networkPolicy.allowExternal Don't require server label for connections
3598
## The Policy model to apply. When set to false, only pods with the correct
3599
## server label will have network access to the ports server is listening
3600
## on. When true, server will accept connections from any source
3601
## (with the correct destination port).
3602
##
3603
allowExternal: true
3604
## @param queryScheduler.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
3605
##
3606
allowExternalEgress: true
3607
## @param queryScheduler.networkPolicy.addExternalClientAccess Allow access from pods with client label set to "true". Ignored if `queryScheduler.networkPolicy.allowExternal` is true.
3608
##
3609
addExternalClientAccess: true
3610
## @param queryScheduler.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
3611
## e.g:
3612
## extraIngress:
3613
## - ports:
3614
## - port: 1234
3615
## from:
3616
## - podSelector:
3617
## - matchLabels:
3618
## - role: frontend
3619
## - podSelector:
3620
## - matchExpressions:
3621
## - key: role
3622
## operator: In
3623
## values:
3624
## - frontend
3625
extraIngress: []
3626
## @param queryScheduler.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
3627
## e.g:
3628
## extraEgress:
3629
## - ports:
3630
## - port: 1234
3631
## to:
3632
## - podSelector:
3633
## - matchLabels:
3634
## - role: frontend
3635
## - podSelector:
3636
## - matchExpressions:
3637
## - key: role
3638
## operator: In
3639
## values:
3640
## - frontend
3641
##
3642
extraEgress: []
3643
## @param queryScheduler.networkPolicy.ingressPodMatchLabels [object] Labels to match to allow traffic from other pods. Ignored if `queryScheduler.networkPolicy.allowExternal` is true.
3644
## e.g:
3645
## ingressPodMatchLabels:
3646
## my-client: "true"
3647
#
3648
ingressPodMatchLabels: {}
3649
## @param queryScheduler.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces. Ignored if `queryScheduler.networkPolicy.allowExternal` is true.
3650
## @param queryScheduler.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces. Ignored if `queryScheduler.networkPolicy.allowExternal` is true.
3651
##
3652
ingressNSMatchLabels: {}
3653
ingressNSPodMatchLabels: {}
3654
## @section Ruler Deployment Parameters
3655
##
3656
ruler:
3657
## @param ruler.enabled Deploy ruler component
3658
##
3659
enabled: false
3660
## @param ruler.extraEnvVars Array with extra environment variables to add to ruler nodes
3661
## e.g:
3662
## extraEnvVars:
3663
## - name: FOO
3664
## value: "bar"
3665
##
3666
extraEnvVars: []
3667
## @param ruler.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for ruler nodes
3668
##
3669
extraEnvVarsCM: ""
3670
## @param ruler.extraEnvVarsSecret Name of existing Secret containing extra env vars for ruler nodes
3671
##
3672
extraEnvVarsSecret: ""
3673
## @param ruler.command Override default container command (useful when using custom images)
3674
##
3675
command: []
3676
## @param ruler.args Override default container args (useful when using custom images)
3677
##
3678
args: []
3679
## @param ruler.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled)
3680
##
3681
extraArgs: []
3682
## @param ruler.podManagementPolicy podManagementPolicy to manage scaling operation
3683
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
3684
##
3685
podManagementPolicy: ""
3686
## @param ruler.replicaCount Number of Ruler replicas to deploy
3687
##
3688
replicaCount: 1
3689
## Configure extra options for Ruler containers' liveness, readiness and startup probes
3690
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
3691
## @param ruler.livenessProbe.enabled Enable livenessProbe on Ruler nodes
3692
## @param ruler.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
3693
## @param ruler.livenessProbe.periodSeconds Period seconds for livenessProbe
3694
## @param ruler.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
3695
## @param ruler.livenessProbe.failureThreshold Failure threshold for livenessProbe
3696
## @param ruler.livenessProbe.successThreshold Success threshold for livenessProbe
3697
##
3698
livenessProbe:
3699
enabled: true
3700
failureThreshold: 3
3701
initialDelaySeconds: 10
3702
periodSeconds: 10
3703
successThreshold: 1
3704
timeoutSeconds: 1
3705
## @param ruler.readinessProbe.enabled Enable readinessProbe on Ruler nodes
3706
## @param ruler.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
3707
## @param ruler.readinessProbe.periodSeconds Period seconds for readinessProbe
3708
## @param ruler.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
3709
## @param ruler.readinessProbe.failureThreshold Failure threshold for readinessProbe
3710
## @param ruler.readinessProbe.successThreshold Success threshold for readinessProbe
3711
##
3712
readinessProbe:
3713
enabled: true
3714
failureThreshold: 3
3715
initialDelaySeconds: 10
3716
periodSeconds: 10
3717
successThreshold: 1
3718
timeoutSeconds: 1
3719
## @param ruler.startupProbe.enabled Enable startupProbe on Ruler containers
3720
## @param ruler.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
3721
## @param ruler.startupProbe.periodSeconds Period seconds for startupProbe
3722
## @param ruler.startupProbe.timeoutSeconds Timeout seconds for startupProbe
3723
## @param ruler.startupProbe.failureThreshold Failure threshold for startupProbe
3724
## @param ruler.startupProbe.successThreshold Success threshold for startupProbe
3725
##
3726
startupProbe:
3727
enabled: false
3728
initialDelaySeconds: 30
3729
periodSeconds: 10
3730
timeoutSeconds: 1
3731
failureThreshold: 15
3732
successThreshold: 1
3733
## @param ruler.customLivenessProbe Custom livenessProbe that overrides the default one
3734
##
3735
customLivenessProbe: {}
3736
## @param ruler.customReadinessProbe Custom readinessProbe that overrides the default one
3737
##
3738
customReadinessProbe: {}
3739
## @param ruler.customStartupProbe Custom startupProbe that overrides the default one
3740
##
3741
customStartupProbe: {}
3742
## @param ruler.lifecycleHooks for the ruler container(s) to automate configuration before or after startup
3743
##
3744
lifecycleHooks: {}
3745
## ruler resource requests and limits
3746
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
3747
## @param ruler.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if ruler.resources is set (ruler.resources is recommended for production).
3748
##
3749
resourcesPreset: "nano"
3750
## @param ruler.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
3751
## Example:
3752
## resources:
3753
## requests:
3754
## cpu: 2
3755
## memory: 512Mi
3756
## limits:
3757
## cpu: 3
3758
## memory: 1024Mi
3759
##
3760
resources: {}
3761
## Configure Pods Security Context
3762
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
3763
## @param ruler.podSecurityContext.enabled Enabled Ruler pods' Security Context
3764
## @param ruler.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
3765
## @param ruler.podSecurityContext.sysctls Set kernel settings using the sysctl interface
3766
## @param ruler.podSecurityContext.supplementalGroups Set filesystem extra groups
3767
## @param ruler.podSecurityContext.fsGroup Set Ruler pod's Security Context fsGroup
3768
##
3769
podSecurityContext:
3770
enabled: true
3771
fsGroupChangePolicy: Always
3772
sysctls: []
3773
supplementalGroups: []
3774
fsGroup: 1001
3775
## Configure Container Security Context
3776
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
3777
## @param ruler.containerSecurityContext.enabled Enabled containers' Security Context
3778
## @param ruler.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
3779
## @param ruler.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
3780
## @param ruler.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
3781
## @param ruler.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
3782
## @param ruler.containerSecurityContext.privileged Set container's Security Context privileged
3783
## @param ruler.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
3784
## @param ruler.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
3785
## @param ruler.containerSecurityContext.capabilities.drop List of capabilities to be dropped
3786
## @param ruler.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
3787
##
3788
containerSecurityContext:
3789
enabled: true
3790
seLinuxOptions: {}
3791
runAsUser: 1001
3792
runAsGroup: 1001
3793
runAsNonRoot: true
3794
privileged: false
3795
readOnlyRootFilesystem: true
3796
allowPrivilegeEscalation: false
3797
capabilities:
3798
drop: ["ALL"]
3799
seccompProfile:
3800
type: "RuntimeDefault"
3801
## @param ruler.automountServiceAccountToken Mount Service Account token in pod
3802
##
3803
automountServiceAccountToken: false
3804
## @param ruler.hostAliases ruler pods host aliases
3805
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
3806
##
3807
hostAliases: []
3808
## @param ruler.podLabels Extra labels for ruler pods
3809
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
3810
##
3811
podLabels: {}
3812
## @param ruler.podAnnotations Annotations for ruler pods
3813
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
3814
##
3815
podAnnotations: {}
3816
## @param ruler.podAffinityPreset Pod affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard`
3817
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
3818
##
3819
podAffinityPreset: ""
3820
## @param ruler.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard`
3821
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
3822
##
3823
podAntiAffinityPreset: soft
3824
## Node ruler.affinity preset
3825
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
3826
##
3827
nodeAffinityPreset:
3828
## @param ruler.nodeAffinityPreset.type Node affinity preset type. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard`
3829
##
3830
type: ""
3831
## @param ruler.nodeAffinityPreset.key Node label key to match. Ignored if `ruler.affinity` is set
3832
##
3833
key: ""
3834
## @param ruler.nodeAffinityPreset.values Node label values to match. Ignored if `ruler.affinity` is set
3835
## E.g.
3836
## values:
3837
## - e2e-az1
3838
## - e2e-az2
3839
##
3840
values: []
3841
## @param ruler.affinity Affinity for ruler pods assignment
3842
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
3843
## NOTE: `ruler.podAffinityPreset`, `ruler.podAntiAffinityPreset`, and `ruler.nodeAffinityPreset` will be ignored when it's set
3844
##
3845
affinity: {}
3846
## @param ruler.nodeSelector Node labels for Ruler pods assignment
3847
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
3848
##
3849
nodeSelector: {}
3850
## @param ruler.tolerations Tolerations for Ruler pods assignment
3851
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
3852
##
3853
tolerations: []
3854
## @param ruler.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains
3855
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
3856
##
3857
topologySpreadConstraints: []
3858
## @param ruler.priorityClassName Ruler pods' priorityClassName
3859
##
3860
priorityClassName: ""
3861
## @param ruler.schedulerName Kubernetes pod scheduler registry
3862
## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
3863
##
3864
schedulerName: ""
3865
## @param ruler.updateStrategy.type Ruler statefulset strategy type
3866
## @param ruler.updateStrategy.rollingUpdate [object,nullable] Ruler statefulset rolling update configuration parameters
3867
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
3868
##
3869
updateStrategy:
3870
type: RollingUpdate
3871
rollingUpdate: null
3872
## @param ruler.extraVolumes Optionally specify extra list of additional volumes for the Ruler pod(s)
3873
##
3874
extraVolumes: []
3875
## @param ruler.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the ruler container(s)
3876
##
3877
extraVolumeMounts: []
3878
## @param ruler.sidecars Add additional sidecar containers to the Ruler pod(s)
3879
## e.g:
3880
## sidecars:
3881
## - name: your-image-name
3882
## image: your-image
3883
## imagePullPolicy: Always
3884
## ports:
3885
## - name: portname
3886
## containerPort: 1234
3887
##
3888
sidecars: []
3889
## @param ruler.initContainers Add additional init containers to the Ruler pod(s)
3890
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
3891
## e.g:
3892
## initContainers:
3893
## - name: your-image-name
3894
## image: your-image
3895
## imagePullPolicy: Always
3896
## command: ['sh', '-c', 'echo "hello world"']
3897
##
3898
initContainers: []
3899
## @param ruler.enableServiceLinks Whether information about services should be injected into pod's environment variable
3900
## The environment variables injected by service links are not used, but can lead to slow boot times or slow running of the scripts when there are many services in the current namespace.
3901
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
3902
##
3903
enableServiceLinks: true
3904
## Pod Disruption Budget configuration
3905
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
3906
## @param ruler.pdb.create Enable/disable a Pod Disruption Budget creation
3907
## @param ruler.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
3908
## @param ruler.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `ruler.pdb.minAvailable` and `ruler.pdb.maxUnavailable` are empty.
3909
##
3910
pdb:
3911
create: true
3912
minAvailable: ""
3913
maxUnavailable: ""
3914
## @section Ruler Persistence Parameters
3915
##
3916
3917
## Enable persistence using Persistent Volume Claims
3918
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
3919
##
3920
persistence:
3921
## @param ruler.persistence.enabled Enable persistence in Ruler instances
3922
##
3923
enabled: true
3924
## @param ruler.persistence.storageClass PVC Storage Class for Memcached data volume
3925
## If defined, storageClassName: <storageClass>
3926
## If set to "-", storageClassName: "", which disables dynamic provisioning
3927
## If undefined (the default) or set to null, no storageClassName spec is
3928
## set, choosing the default provisioner. (gp2 on AWS, standard on
3929
## GKE, AWS & OpenStack)
3930
##
3931
storageClass: ""
3932
## @param ruler.persistence.subPath The subdirectory of the volume to mount to
3933
##
3934
subPath: ""
3935
## @param ruler.persistence.accessModes PVC Access modes
3936
##
3937
accessModes:
3938
- ReadWriteOnce
3939
## @param ruler.persistence.size PVC Storage Request for Memcached data volume
3940
##
3941
size: 8Gi
3942
## @param ruler.persistence.annotations Additional PVC annotations
3943
##
3944
annotations: {}
3945
## @param ruler.persistence.selector Selector to match an existing Persistent Volume for Ruler's data PVC
3946
## If set, the PVC can't have a PV dynamically provisioned for it
3947
## E.g.
3948
## selector:
3949
## matchLabels:
3950
## app: my-app
3951
##
3952
selector: {}
3953
## @section Ruler Traffic Exposure Parameters
3954
##
3955
3956
## ruler service parameters
3957
##
3958
service:
3959
## @param ruler.service.type Ruler service type
3960
##
3961
type: ClusterIP
3962
## @param ruler.service.ports.http Ruler HTTP service port
3963
## @param ruler.service.ports.grpc Ruler GRPC service port
3964
##
3965
ports:
3966
http: 3100
3967
grpc: 9095
3968
## Node ports to expose
3969
## NOTE: choose port between <30000-32767>
3970
## @param ruler.service.nodePorts.http Node port for HTTP
3971
## @param ruler.service.nodePorts.grpc Node port for GRPC
3972
##
3973
nodePorts:
3974
http: ""
3975
grpc: ""
3976
## @param ruler.service.sessionAffinityConfig Additional settings for the sessionAffinity
3977
## sessionAffinityConfig:
3978
## clientIP:
3979
## timeoutSeconds: 300
3980
##
3981
sessionAffinityConfig: {}
3982
## @param ruler.service.sessionAffinity Control where client requests go, to the same pod or round-robin
3983
## Values: ClientIP or None
3984
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
3985
##
3986
sessionAffinity: None
3987
## @param ruler.service.clusterIP Ruler service Cluster IP
3988
## e.g.:
3989
## clusterIP: None
3990
##
3991
clusterIP: ""
3992
## @param ruler.service.loadBalancerIP Ruler service Load Balancer IP
3993
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
3994
##
3995
loadBalancerIP: ""
3996
## @param ruler.service.loadBalancerSourceRanges Ruler service Load Balancer sources
3997
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
3998
## e.g:
3999
## loadBalancerSourceRanges:
4000
## - 10.10.10.0/24
4001
##
4002
loadBalancerSourceRanges: []
4003
## @param ruler.service.externalTrafficPolicy Ruler service external traffic policy
4004
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
4005
##
4006
externalTrafficPolicy: Cluster
4007
## @param ruler.service.annotations Additional custom annotations for Ruler service
4008
##
4009
annotations: {}
4010
## @param ruler.service.extraPorts Extra ports to expose in the Ruler service
4011
##
4012
extraPorts: []
4013
## Network Policies
4014
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
4015
##
4016
networkPolicy:
4017
## @param ruler.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
4018
##
4019
enabled: true
4020
## @param ruler.networkPolicy.allowExternal Don't require server label for connections
4021
## The Policy model to apply. When set to false, only pods with the correct
4022
## server label will have network access to the ports server is listening
4023
## on. When true, server will accept connections from any source
4024
## (with the correct destination port).
4025
##
4026
allowExternal: true
4027
## @param ruler.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
4028
##
4029
allowExternalEgress: true
4030
## @param ruler.networkPolicy.addExternalClientAccess Allow access from pods with client label set to "true". Ignored if `ruler.networkPolicy.allowExternal` is true.
4031
##
4032
addExternalClientAccess: true
4033
## @param ruler.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
4034
## e.g:
4035
## extraIngress:
4036
## - ports:
4037
## - port: 1234
4038
## from:
4039
## - podSelector:
4040
## - matchLabels:
4041
## - role: frontend
4042
## - podSelector:
4043
## - matchExpressions:
4044
## - key: role
4045
## operator: In
4046
## values:
4047
## - frontend
4048
extraIngress: []
4049
## @param ruler.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
4050
## e.g:
4051
## extraEgress:
4052
## - ports:
4053
## - port: 1234
4054
## to:
4055
## - podSelector:
4056
## - matchLabels:
4057
## - role: frontend
4058
## - podSelector:
4059
## - matchExpressions:
4060
## - key: role
4061
## operator: In
4062
## values:
4063
## - frontend
4064
##
4065
extraEgress: []
4066
## @param ruler.networkPolicy.ingressPodMatchLabels [object] Labels to match to allow traffic from other pods. Ignored if `ruler.networkPolicy.allowExternal` is true.
4067
## e.g:
4068
## ingressPodMatchLabels:
4069
## my-client: "true"
4070
#
4071
ingressPodMatchLabels: {}
4072
## @param ruler.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces. Ignored if `ruler.networkPolicy.allowExternal` is true.
4073
## @param ruler.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces. Ignored if `ruler.networkPolicy.allowExternal` is true.
4074
##
4075
ingressNSMatchLabels: {}
4076
ingressNSPodMatchLabels: {}
4077
## @section table-manager Deployment Parameters
4078
##
4079
tableManager:
4080
## @param tableManager.enabled Deploy table-manager
4081
##
4082
enabled: false
4083
## @param tableManager.extraEnvVars Array with extra environment variables to add to tableManager nodes
4084
## e.g:
4085
## extraEnvVars:
4086
## - name: FOO
4087
## value: "bar"
4088
##
4089
extraEnvVars: []
4090
## @param tableManager.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for tableManager nodes
4091
##
4092
extraEnvVarsCM: ""
4093
## @param tableManager.extraEnvVarsSecret Name of existing Secret containing extra env vars for tableManager nodes
4094
##
4095
extraEnvVarsSecret: ""
4096
## @param tableManager.command Override default container command (useful when using custom images)
4097
##
4098
command: []
4099
## @param tableManager.args Override default container args (useful when using custom images)
4100
##
4101
args: []
4102
## @param tableManager.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled)
4103
##
4104
extraArgs: []
4105
## @param tableManager.replicaCount Number of table-manager replicas to deploy
4106
##
4107
replicaCount: 1
4108
## Configure extra options for table-manager containers' liveness, readiness and startup probes
4109
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
4110
## @param tableManager.livenessProbe.enabled Enable livenessProbe on table-manager nodes
4111
## @param tableManager.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
4112
## @param tableManager.livenessProbe.periodSeconds Period seconds for livenessProbe
4113
## @param tableManager.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
4114
## @param tableManager.livenessProbe.failureThreshold Failure threshold for livenessProbe
4115
## @param tableManager.livenessProbe.successThreshold Success threshold for livenessProbe
4116
##
4117
livenessProbe:
4118
enabled: true
4119
failureThreshold: 3
4120
initialDelaySeconds: 10
4121
periodSeconds: 10
4122
successThreshold: 1
4123
timeoutSeconds: 1
4124
## @param tableManager.readinessProbe.enabled Enable readinessProbe on table-manager nodes
4125
## @param tableManager.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
4126
## @param tableManager.readinessProbe.periodSeconds Period seconds for readinessProbe
4127
## @param tableManager.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
4128
## @param tableManager.readinessProbe.failureThreshold Failure threshold for readinessProbe
4129
## @param tableManager.readinessProbe.successThreshold Success threshold for readinessProbe
4130
##
4131
readinessProbe:
4132
enabled: true
4133
failureThreshold: 3
4134
initialDelaySeconds: 10
4135
periodSeconds: 10
4136
successThreshold: 1
4137
timeoutSeconds: 1
4138
## @param tableManager.startupProbe.enabled Enable startupProbe on table-manager containers
4139
## @param tableManager.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
4140
## @param tableManager.startupProbe.periodSeconds Period seconds for startupProbe
4141
## @param tableManager.startupProbe.timeoutSeconds Timeout seconds for startupProbe
4142
## @param tableManager.startupProbe.failureThreshold Failure threshold for startupProbe
4143
## @param tableManager.startupProbe.successThreshold Success threshold for startupProbe
4144
##
4145
startupProbe:
4146
enabled: false
4147
initialDelaySeconds: 30
4148
periodSeconds: 10
4149
timeoutSeconds: 1
4150
failureThreshold: 15
4151
successThreshold: 1
4152
## @param tableManager.customLivenessProbe Custom livenessProbe that overrides the default one
4153
##
4154
customLivenessProbe: {}
4155
## @param tableManager.customReadinessProbe Custom readinessProbe that overrides the default one
4156
##
4157
customReadinessProbe: {}
4158
## @param tableManager.customStartupProbe Custom startupProbe that overrides the default one
4159
##
4160
customStartupProbe: {}
4161
## tableManager resource requests and limits
4162
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
4163
## @param tableManager.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if tableManager.resources is set (tableManager.resources is recommended for production).
4164
##
4165
resourcesPreset: "nano"
4166
## @param tableManager.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
4167
## Example:
4168
## resources:
4169
## requests:
4170
## cpu: 2
4171
## memory: 512Mi
4172
## limits:
4173
## cpu: 3
4174
## memory: 1024Mi
4175
##
4176
resources: {}
4177
## Configure Pods Security Context
4178
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
4179
## @param tableManager.podSecurityContext.enabled Enabled table-manager pods' Security Context
4180
## @param tableManager.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
4181
## @param tableManager.podSecurityContext.sysctls Set kernel settings using the sysctl interface
4182
## @param tableManager.podSecurityContext.supplementalGroups Set filesystem extra groups
4183
## @param tableManager.podSecurityContext.fsGroup Set table-manager pod's Security Context fsGroup
4184
##
4185
podSecurityContext:
4186
enabled: true
4187
fsGroupChangePolicy: Always
4188
sysctls: []
4189
supplementalGroups: []
4190
fsGroup: 1001
4191
## Configure Container Security Context
4192
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
4193
## @param tableManager.containerSecurityContext.enabled Enabled containers' Security Context
4194
## @param tableManager.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
4195
## @param tableManager.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
4196
## @param tableManager.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
4197
## @param tableManager.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
4198
## @param tableManager.containerSecurityContext.privileged Set container's Security Context privileged
4199
## @param tableManager.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
4200
## @param tableManager.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
4201
## @param tableManager.containerSecurityContext.capabilities.drop List of capabilities to be dropped
4202
## @param tableManager.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
4203
##
4204
containerSecurityContext:
4205
enabled: true
4206
seLinuxOptions: {}
4207
runAsUser: 1001
4208
runAsGroup: 1001
4209
runAsNonRoot: true
4210
privileged: false
4211
readOnlyRootFilesystem: true
4212
allowPrivilegeEscalation: false
4213
capabilities:
4214
drop: ["ALL"]
4215
seccompProfile:
4216
type: "RuntimeDefault"
4217
## @param tableManager.lifecycleHooks for the tableManager container(s) to automate configuration before or after startup
4218
##
4219
lifecycleHooks: {}
4220
## @param tableManager.automountServiceAccountToken Mount Service Account token in pod
4221
##
4222
automountServiceAccountToken: false
4223
## @param tableManager.hostAliases tableManager pods host aliases
4224
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
4225
##
4226
hostAliases: []
4227
## @param tableManager.podLabels Extra labels for tableManager pods
4228
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
4229
##
4230
podLabels: {}
4231
## @param tableManager.podAnnotations Annotations for tableManager pods
4232
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
4233
##
4234
podAnnotations: {}
4235
## @param tableManager.podAffinityPreset Pod affinity preset. Ignored if `tableManager.affinity` is set. Allowed values: `soft` or `hard`
4236
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
4237
##
4238
podAffinityPreset: ""
4239
## @param tableManager.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `tableManager.affinity` is set. Allowed values: `soft` or `hard`
4240
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
4241
##
4242
podAntiAffinityPreset: soft
4243
## Node tableManager.affinity preset
4244
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
4245
##
4246
nodeAffinityPreset:
4247
## @param tableManager.nodeAffinityPreset.type Node affinity preset type. Ignored if `tableManager.affinity` is set. Allowed values: `soft` or `hard`
4248
##
4249
type: ""
4250
## @param tableManager.nodeAffinityPreset.key Node label key to match. Ignored if `tableManager.affinity` is set
4251
##
4252
key: ""
4253
## @param tableManager.nodeAffinityPreset.values Node label values to match. Ignored if `tableManager.affinity` is set
4254
## E.g.
4255
## values:
4256
## - e2e-az1
4257
## - e2e-az2
4258
##
4259
values: []
4260
## @param tableManager.affinity Affinity for table-manager pods assignment
4261
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
4262
## NOTE: `tableManager.podAffinityPreset`, `tableManager.podAntiAffinityPreset`, and `tableManager.nodeAffinityPreset` will be ignored when it's set
4263
##
4264
affinity: {}
4265
## @param tableManager.nodeSelector Node labels for table-manager pods assignment
4266
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
4267
##
4268
nodeSelector: {}
4269
## @param tableManager.tolerations Tolerations for table-manager pods assignment
4270
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
4271
##
4272
tolerations: []
4273
## @param tableManager.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains
4274
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
4275
##
4276
topologySpreadConstraints: []
4277
## @param tableManager.priorityClassName table-manager pods' priorityClassName
4278
##
4279
priorityClassName: ""
4280
## @param tableManager.schedulerName Kubernetes pod scheduler registry
4281
## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
4282
##
4283
schedulerName: ""
4284
## @param tableManager.updateStrategy.type table-manager statefulset strategy type
4285
## @param tableManager.updateStrategy.rollingUpdate [object,nullable] table-manager statefulset rolling update configuration parameters
4286
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
4287
##
4288
updateStrategy:
4289
type: RollingUpdate
4290
rollingUpdate: null
4291
## @param tableManager.extraVolumes Optionally specify extra list of additional volumes for the table-manager pod(s)
4292
##
4293
extraVolumes: []
4294
## @param tableManager.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the table-manager container(s)
4295
##
4296
extraVolumeMounts: []
4297
## @param tableManager.sidecars Add additional sidecar containers to the table-manager pod(s)
4298
## e.g:
4299
## sidecars:
4300
## - name: your-image-name
4301
## image: your-image
4302
## imagePullPolicy: Always
4303
## ports:
4304
## - name: portname
4305
## containerPort: 1234
4306
##
4307
sidecars: []
4308
## @param tableManager.initContainers Add additional init containers to the table-manager pod(s)
4309
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
4310
## e.g:
4311
## initContainers:
4312
## - name: your-image-name
4313
## image: your-image
4314
## imagePullPolicy: Always
4315
## command: ['sh', '-c', 'echo "hello world"']
4316
##
4317
initContainers: []
4318
## @param tableManager.enableServiceLinks Whether information about services should be injected into pod's environment variable
4319
## The environment variables injected by service links are not used, but can lead to slow boot times or slow running of the scripts when there are many services in the current namespace.
4320
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
4321
##
4322
enableServiceLinks: true
4323
## Pod Disruption Budget configuration
4324
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
4325
## @param tableManager.pdb.create Enable/disable a Pod Disruption Budget creation
4326
## @param tableManager.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
4327
## @param tableManager.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `tableManager.pdb.minAvailable` and `tableManager.pdb.maxUnavailable` are empty.
4328
##
4329
pdb:
4330
create: true
4331
minAvailable: ""
4332
maxUnavailable: ""
4333
## @section table-manager Traffic Exposure Parameters
4334
##
4335
4336
## tableManager service parameters
4337
##
4338
service:
4339
## @param tableManager.service.type table-manager service type
4340
##
4341
type: ClusterIP
4342
## @param tableManager.service.ports.http table-manager HTTP service port
4343
## @param tableManager.service.ports.grpc table-manager GRPC service port
4344
##
4345
ports:
4346
http: 3100
4347
grpc: 9095
4348
## Node ports to expose
4349
## NOTE: choose port between <30000-32767>
4350
## @param tableManager.service.nodePorts.http Node port for HTTP
4351
## @param tableManager.service.nodePorts.grpc Node port for GRPC
4352
##
4353
nodePorts:
4354
http: ""
4355
grpc: ""
4356
## @param tableManager.service.sessionAffinityConfig Additional settings for the sessionAffinity
4357
## sessionAffinityConfig:
4358
## clientIP:
4359
## timeoutSeconds: 300
4360
##
4361
sessionAffinityConfig: {}
4362
## @param tableManager.service.sessionAffinity Control where client requests go, to the same pod or round-robin
4363
## Values: ClientIP or None
4364
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
4365
##
4366
sessionAffinity: None
4367
## @param tableManager.service.clusterIP table-manager service Cluster IP
4368
## e.g.:
4369
## clusterIP: None
4370
##
4371
clusterIP: ""
4372
## @param tableManager.service.loadBalancerIP table-manager service Load Balancer IP
4373
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
4374
##
4375
loadBalancerIP: ""
4376
## @param tableManager.service.loadBalancerSourceRanges table-manager service Load Balancer sources
4377
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
4378
## e.g:
4379
## loadBalancerSourceRanges:
4380
## - 10.10.10.0/24
4381
##
4382
loadBalancerSourceRanges: []
4383
## @param tableManager.service.externalTrafficPolicy table-manager service external traffic policy
4384
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
4385
##
4386
externalTrafficPolicy: Cluster
4387
## @param tableManager.service.annotations Additional custom annotations for table-manager service
4388
##
4389
annotations: {}
4390
## @param tableManager.service.extraPorts Extra ports to expose in the table-manager service
4391
##
4392
extraPorts: []
4393
## Network Policies
4394
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
4395
##
4396
networkPolicy:
4397
## @param tableManager.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
4398
##
4399
enabled: true
4400
## @param tableManager.networkPolicy.allowExternal Don't require server label for connections
4401
## The Policy model to apply. When set to false, only pods with the correct
4402
## server label will have network access to the ports server is listening
4403
## on. When true, server will accept connections from any source
4404
## (with the correct destination port).
4405
##
4406
allowExternal: true
4407
## @param tableManager.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
4408
##
4409
allowExternalEgress: true
4410
## @param tableManager.networkPolicy.addExternalClientAccess Allow access from pods with client label set to "true". Ignored if `tableManager.networkPolicy.allowExternal` is true.
4411
##
4412
addExternalClientAccess: true
4413
## @param tableManager.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
4414
## e.g:
4415
## extraIngress:
4416
## - ports:
4417
## - port: 1234
4418
## from:
4419
## - podSelector:
4420
## - matchLabels:
4421
## - role: frontend
4422
## - podSelector:
4423
## - matchExpressions:
4424
## - key: role
4425
## operator: In
4426
## values:
4427
## - frontend
4428
extraIngress: []
4429
## @param tableManager.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
4430
## e.g:
4431
## extraEgress:
4432
## - ports:
4433
## - port: 1234
4434
## to:
4435
## - podSelector:
4436
## - matchLabels:
4437
## - role: frontend
4438
## - podSelector:
4439
## - matchExpressions:
4440
## - key: role
4441
## operator: In
4442
## values:
4443
## - frontend
4444
##
4445
extraEgress: []
4446
## @param tableManager.networkPolicy.ingressPodMatchLabels [object] Labels to match to allow traffic from other pods. Ignored if `tableManager.networkPolicy.allowExternal` is true.
4447
## e.g:
4448
## ingressPodMatchLabels:
4449
## my-client: "true"
4450
#
4451
ingressPodMatchLabels: {}
4452
## @param tableManager.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces. Ignored if `tableManager.networkPolicy.allowExternal` is true.
4453
## @param tableManager.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces. Ignored if `tableManager.networkPolicy.allowExternal` is true.
4454
##
4455
ingressNSMatchLabels: {}
4456
ingressNSPodMatchLabels: {}
4457
## @section Grafana Alloy Deployment Parameters
4458
##
4459
grafanaalloy:
4460
## @param grafanaalloy.enabled Deploy Grafana Alloy
4461
##
4462
enabled: true
4463
## @param grafanaalloy.resourceType Type of controller to use for deploying Grafana Alloy in the cluster.
4464
## Must be one of 'daemonset', 'deployment', or 'statefulset'.
4465
##
4466
resourceType: 'daemonset'
4467
## @param grafanaalloy.replicaCount Number of pods to deploy. Ignored when grafanaalloy.resourceType is 'daemonset'.
4468
##
4469
replicaCount: 1
4470
## @section Alloy container specific parameters
4471
##
4472
configReloader:
4473
image:
4474
registry: cgr.dev
4475
repository: chainguard-private/configmap-reload-iamguarded
4476
tag: 0.15.0
4477
digest: ""
4478
volumePermissions:
4479
image:
4480
registry: cgr.dev
4481
repository: ""
4482
tag: ""
4483
digest: ""
4484
alloy:
4485
image:
4486
registry: cgr.dev
4487
repository: chainguard-private/grafana-alloy-iamguarded
4488
tag: 1.14.1
4489
digest: ""
4490
volumePermissions:
4491
image:
4492
registry: cgr.dev
4493
repository: ""
4494
tag: ""
4495
digest: ""
4496
## @param grafanaalloy.alloy.stabilityLevel Minimum stability level of components and behavior to enable. Must be
4497
## one of "experimental", "public-preview", or "generally-available".
4498
stabilityLevel: "generally-available"
4499
## @param grafanaalloy.alloy.listenAddr Address to listen for traffic on. 0.0.0.0 exposes the UI to other containers.
4500
listenAddr: 0.0.0.0
4501
## @param grafanaalloy.alloy.uiPathPrefix Base path where the UI is exposed.
4502
uiPathPrefix: /
4503
## @param grafanaalloy.alloy.storagePath Path to where Grafana Alloy stores data (for example, the Write-Ahead Log).
4504
storagePath: /tmp/alloy
4505
## @param grafanaalloy.alloy.enableReporting Enables sending Grafana Labs anonymous usage stats to help improve Grafana grafanaalloy.alloy.
4506
enableReporting: true
4507
## @param grafanaalloy.alloy.mounts.varlog Mount /var/log from the host into the container for log collection.
4508
## @param grafanaalloy.alloy.mounts.dockercontainers Mount /var/lib/docker/containers from the host into the container for log
4509
##
4510
mounts:
4511
varlog: true
4512
dockercontainers: true
4513
## @param grafanaalloy.alloy.clustering.enabled Deploy Grafana Alloy in a cluster to allow for load distribution.
4514
## @param grafanaalloy.alloy.clustering.name Name for the Grafana Alloy cluster. Used for differentiating between clusters.
4515
## @param grafanaalloy.alloy.clustering.portName Name for the port used for clustering, useful if running inside an Istio Mesh
4516
##
4517
clustering:
4518
enabled: false
4519
name: ""
4520
portName: http
4521
## @param grafanaalloy.alloy.createSecret Create a Secret with the default configuration for Grafana Alloy to send logs to Loki.
4522
##
4523
createSecret: true
4524
## @param grafanaalloy.alloy.existingSecret The name of an existing Secret with your custom configuration for Grafana Alloy. If the grafanaalloy.alloy.createSecret is set, it will create a Secret with this name.
4525
##
4526
existingSecret: "{{ ternary (printf \"%s-alloy\" (lower .Release.Name)) \"\" .Values.alloy.createSecret }}"
4527
## @param grafanaalloy.alloy.configuration Specify content for Grafana Alloy config file. Omitted if grafanaalloy.alloy.existingSecret is provided.
4528
## e.g:
4529
## configuration: |-
4530
## ...
4531
##
4532
configuration: ""
4533
## @param grafanaalloy.alloy.extraConfig Append extra configuration to the default config file
4534
##
4535
extraConfig: ""
4536
## @section Init Container Parameters
4537
##
4538
4539
## 'volumePermissions' init container parameters
4540
## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values
4541
## based on the *podSecurityContext/*containerSecurityContext parameters
4542
##
4543
volumePermissions:
4544
## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`
4545
##
4546
enabled: false
4547
## OS Shell + Utility image
4548
## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry
4549
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository
4550
## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended)
4551
## @param volumePermissions.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
4552
## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy
4553
## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets
4554
##
4555
image:
4556
registry: cgr.dev
4557
repository: chainguard-private/os-shell-iamguarded
4558
tag: 1.0.0
4559
digest: ""
4560
pullPolicy: IfNotPresent
4561
## Optionally specify an array of imagePullSecrets.
4562
## Secrets must be manually created in the namespace.
4563
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
4564
## e.g:
4565
## pullSecrets:
4566
## - myRegistryKeySecretName
4567
##
4568
pullSecrets: []
4569
## Init container's resource requests and limits
4570
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
4571
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
4572
##
4573
resourcesPreset: "nano"
4574
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
4575
## Example:
4576
## resources:
4577
## requests:
4578
## cpu: 2
4579
## memory: 512Mi
4580
## limits:
4581
## cpu: 3
4582
## memory: 1024Mi
4583
##
4584
resources: {}
4585
## Init container Container Security Context
4586
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
4587
## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
4588
## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser
4589
## @param volumePermissions.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
4590
## NOTE: when runAsUser is set to special value "auto", init container will try to chown the
4591
## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
4592
## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
4593
##
4594
containerSecurityContext:
4595
seLinuxOptions: {}
4596
runAsUser: 0
4597
seccompProfile:
4598
type: "RuntimeDefault"
4599
## @section Other Parameters
4600
##
4601
4602
## Service account for Loki to use
4603
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
4604
##
4605
serviceAccount:
4606
## @param serviceAccount.create Enable creation of ServiceAccount for Loki pods
4607
##
4608
create: true
4609
## @param serviceAccount.name The name of the ServiceAccount to use
4610
## If not set and create is true, a name is generated using the common.names.fullname template
4611
##
4612
name: ""
4613
## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
4614
## Can be set to false if pods using this serviceAccount do not need to use K8s API
4615
##
4616
automountServiceAccountToken: false
4617
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
4618
##
4619
annotations: {}
4620
## @section Metrics Parameters
4621
## Prometheus Exporter / Metrics
4622
##
4623
metrics:
4624
## @param metrics.enabled Enable metrics
4625
##
4626
enabled: false
4627
## Prometheus Operator ServiceMonitor configuration
4628
##
4629
serviceMonitor:
4630
## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator
4631
##
4632
enabled: false
4633
## @param metrics.serviceMonitor.namespace Namespace for the ServiceMonitor Resource (defaults to the Release Namespace)
4634
##
4635
namespace: ""
4636
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped.
4637
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
4638
##
4639
interval: ""
4640
## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
4641
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
4642
##
4643
scrapeTimeout: ""
4644
## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus
4645
##
4646
labels: {}
4647
## @param metrics.serviceMonitor.selector Prometheus instance selector labels
4648
##
4649
selector: {}
4650
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
4651
##
4652
relabelings: []
4653
## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
4654
##
4655
metricRelabelings: []
4656
## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
4657
##
4658
honorLabels: false
4659
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
4660
##
4661
jobLabel: ""
4662
## @section External Memcached (Chunks) Parameters
4663
##
4664
externalMemcachedChunks:
4665
## @param externalMemcachedChunks.host Host of a running external memcached instance
4666
##
4667
host: ""
4668
## @param externalMemcachedChunks.port Port of a running external memcached instance
4669
##
4670
port: 11211
4671
## @section Memcached Sub-chart Parameters (Chunks)
4672
## Memcached sub-chart (Chunks)
4673
##
4674
memcachedchunks:
4675
image:
4676
registry: cgr.dev
4677
repository: chainguard-private/memcached-iamguarded
4678
tag: 1.6.41
4679
digest: ""
4680
volumePermissions:
4681
image:
4682
registry: cgr.dev
4683
repository: ""
4684
tag: ""
4685
digest: ""
4686
## @param memcachedchunks.enabled Deploy memcached sub-chart
4687
##
4688
enabled: true
4689
## @param memcachedchunks.nameOverride override the subchart name
4690
##
4691
nameOverride: ""
4692
## @param memcachedchunks.architecture Memcached architecture
4693
##
4694
architecture: high-availability
4695
## @param memcachedchunks.service.ports.memcached Memcached service port
4696
##
4697
service:
4698
ports:
4699
memcached: 11211
4700
## Memcached resource requests and limits
4701
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
4702
## @param memcachedchunks.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
4703
##
4704
resourcesPreset: "nano"
4705
## @param memcachedchunks.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
4706
## Example:
4707
## resources:
4708
## requests:
4709
## cpu: 2
4710
## memory: 512Mi
4711
## limits:
4712
## cpu: 3
4713
## memory: 1024Mi
4714
##
4715
resources: {}
4716
## @section External Memcached (Frontend) Parameters
4717
##
4718
externalMemcachedFrontend:
4719
## @param externalMemcachedFrontend.host Host of a running external memcached instance
4720
##
4721
host: ""
4722
## @param externalMemcachedFrontend.port Port of a running external memcached instance
4723
##
4724
port: 11211
4725
## @section Memcached Sub-chart Parameters (Frontend)
4726
## Memcached sub-chart (Frontend)
4727
##
4728
memcachedfrontend:
4729
image:
4730
registry: cgr.dev
4731
repository: chainguard-private/memcached-iamguarded
4732
tag: 1.6.41
4733
digest: ""
4734
volumePermissions:
4735
image:
4736
registry: cgr.dev
4737
repository: ""
4738
tag: ""
4739
digest: ""
4740
## @param memcachedfrontend.enabled Deploy memcached sub-chart
4741
##
4742
enabled: true
4743
## @param memcachedfrontend.architecture Memcached architecture
4744
##
4745
architecture: high-availability
4746
## @param memcachedfrontend.nameOverride override the subchart name
4747
##
4748
nameOverride: ""
4749
## @param memcachedfrontend.service.ports.memcached Memcached service port
4750
##
4751
service:
4752
ports:
4753
memcached: 11211
4754
## Memcached resource requests and limits
4755
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
4756
## @param memcachedfrontend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
4757
##
4758
resourcesPreset: "nano"
4759
## @param memcachedfrontend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
4760
## Example:
4761
## resources:
4762
## requests:
4763
## cpu: 2
4764
## memory: 512Mi
4765
## limits:
4766
## cpu: 3
4767
## memory: 1024Mi
4768
##
4769
resources: {}
4770
## @section External Memcached (Index-Queries) Parameters
4771
##
4772
externalMemcachedIndexQueries:
4773
## @param externalMemcachedIndexQueries.host Host of a running external memcached instance
4774
##
4775
host: ""
4776
## @param externalMemcachedIndexQueries.port Port of a running external memcached instance
4777
##
4778
port: 11211
4779
## @section Memcached Sub-chart Parameters (Index-Queries)
4780
## Memcached sub-chart (Index-Queries)
4781
##
4782
memcachedindexqueries:
4783
image:
4784
registry: cgr.dev
4785
repository: chainguard-private/memcached-iamguarded
4786
tag: 1.6.41
4787
digest: ""
4788
volumePermissions:
4789
image:
4790
registry: cgr.dev
4791
repository: ""
4792
tag: ""
4793
digest: ""
4794
## @param memcachedindexqueries.enabled Deploy memcached sub-chart
4795
##
4796
enabled: false
4797
## @param memcachedindexqueries.architecture Memcached architecture
4798
##
4799
architecture: high-availability
4800
## @param memcachedindexqueries.nameOverride override the subchart name
4801
##
4802
nameOverride: ""
4803
## @param memcachedindexqueries.service.ports.memcached Memcached service port
4804
##
4805
service:
4806
ports:
4807
memcached: 11211
4808
## Memcached resource requests and limits
4809
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
4810
## @param memcachedindexqueries.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
4811
##
4812
resourcesPreset: "nano"
4813
## @param memcachedindexqueries.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
4814
## Example:
4815
## resources:
4816
## requests:
4817
## cpu: 2
4818
## memory: 512Mi
4819
## limits:
4820
## cpu: 3
4821
## memory: 1024Mi
4822
##
4823
resources: {}
4824
## @section External Memcached (IndexWrites) Parameters
4825
##
4826
externalMemcachedIndexWrites:
4827
## @param externalMemcachedIndexWrites.host Host of a running external memcached instance
4828
##
4829
host: ""
4830
## @param externalMemcachedIndexWrites.port Port of a running external memcached instance
4831
##
4832
port: 11211
4833
## @section Memcached Sub-chart Parameters (Index-Writes)
4834
## Memcached sub-chart (Index-Writes)
4835
##
4836
memcachedindexwrites:
4837
image:
4838
registry: cgr.dev
4839
repository: chainguard-private/memcached-exporter-iamguarded
4840
tag: 0.15.5
4841
digest: ""
4842
volumePermissions:
4843
image:
4844
registry: cgr.dev
4845
repository: ""
4846
tag: ""
4847
digest: ""
4848
## @param memcachedindexwrites.enabled Deploy memcached sub-chart
4849
##
4850
enabled: false
4851
## @param memcachedindexwrites.architecture Memcached architecture
4852
##
4853
architecture: high-availability
4854
## @param memcachedindexwrites.nameOverride override the subchart name
4855
##
4856
nameOverride: ""
4857
## @param memcachedindexwrites.service.ports.memcached Memcached service port
4858
##
4859
service:
4860
ports:
4861
memcached: 11211
4862
## Memcached resource requests and limits
4863
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
4864
## @param memcachedindexwrites.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
4865
##
4866
resourcesPreset: "nano"
4867
## @param memcachedindexwrites.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
4868
## Example:
4869
## resources:
4870
## requests:
4871
## cpu: 2
4872
## memory: 512Mi
4873
## limits:
4874
## cpu: 3
4875
## memory: 1024Mi
4876
##
4877
resources: {}
4878
The trusted source for open source
Talk to an expertCustomers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.