Helm Chart Options
Release Notice
GoodData.CN ready for Kubernetes will be published during May 2021. Stay tuned and watch GoodData Developers website.
A Helm chart for the GoodData.CN
Note: The dependent subcharts (redisa-ha and postgresql-ha) are included in the GoodData.CN chart.
Requirements
| Repository | Name | Version |
|---|---|---|
| https://charts.bitnami.com/bitnami | postgresql-ha | 6.3.3 |
| https://dandydeveloper.github.io/charts | redis-ha | 4.12.1 |
Values
| Key | Type | Default | Description |
|---|---|---|---|
| afmExecApi.actuator.port | int | 9001 | |
| afmExecApi.image.name | string | "afm-exec-api" | |
| afmExecApi.service.externalPort | int | 9000 | |
| afmExecApi.service.internalPort | int | 9000 | |
| afmExecApi.service.name | string | "afm-exec-api" | |
| afmExecApi.service.type | string | "ClusterIP" | |
| analyticalDesigner.image.name | string | "analytical-designer" | |
| analyticalDesigner.resources.limits.cpu | string | "20m" | |
| analyticalDesigner.resources.limits.memory | string | "20Mi" | |
| analyticalDesigner.resources.requests.cpu | string | "10m" | |
| analyticalDesigner.resources.requests.memory | string | "10Mi" | |
| analyticalDesigner.service.externalPort | int | 9300 | |
| analyticalDesigner.service.internalPort | int | 9300 | |
| analyticalDesigner.service.name | string | "analytical-designer" | |
| analyticalDesigner.service.type | string | "ClusterIP" | |
| apiDocs.enabled | bool | true | Can be optionally disabled by setting enabled: false |
| apiDocs.image.name | string | "apidocs" | |
| apiDocs.replicaCount | int | 1 | |
| apiDocs.resources.limits.cpu | string | "50m" | |
| apiDocs.resources.limits.memory | string | "30Mi" | |
| apiDocs.resources.requests.cpu | string | "20m" | |
| apiDocs.resources.requests.memory | string | "15Mi" | |
| apiDocs.service.externalPort | int | 9999 | |
| apiDocs.service.internalPort | int | 8080 | |
| apiDocs.service.name | string | "apidocs" | |
| apiDocs.service.type | string | "ClusterIP" | |
| aqe.image.name | string | "aqe" | |
| aqe.maqlTopic | string | "xae.maql" | |
| aqe.mdTopic | string | "metadata.model" | |
| aqe.resources.limits.cpu | string | "200m" | |
| aqe.resources.limits.memory | string | "160Mi" | |
| aqe.resources.requests.cpu | string | "20m" | |
| aqe.resources.requests.memory | string | "80Mi" | |
| aqe.service.externalPort | int | 6569 | |
| aqe.service.internalPort | int | 6569 | |
| aqe.service.name | string | "aqe" | |
| aqe.service.type | string | "ClusterIP" | |
| aqe.sqlTopic | string | "sql.select" | |
| authService.actuator.port | int | 9051 | |
| authService.image.name | string | "auth-service" | |
| authService.service.externalPort | int | 9050 | |
| authService.service.internalPort | int | 9050 | |
| authService.service.name | string | "auth-service" | |
| authService.service.type | string | "ClusterIP" | |
| cacheGC | object | {"image":{"name":"apachepulsar/pulsar","tag":"2.6.1"},"pulsar":{"topic":"caches.garbage_collect"},"schedule":"0 * * * *"} | CronJob executing garbage collector of caches |
| cookiePolicy | string | "Lax" | |
| dashboards.image.name | string | "dashboards" | |
| dashboards.resources.limits.cpu | string | "20m" | |
| dashboards.resources.limits.memory | string | "20Mi" | |
| dashboards.resources.requests.cpu | string | "10m" | |
| dashboards.resources.requests.memory | string | "10Mi" | |
| dashboards.service.externalPort | int | 9500 | |
| dashboards.service.internalPort | int | 9500 | |
| dashboards.service.name | string | "dashboards" | |
| dashboards.service.type | string | "ClusterIP" | |
| deployDexIdP | bool | true | If set to true, Dex Identity Provider will be installed and configured according to values in “dex:” key below. Follow the guidelines in https://github.com/helm/charts/tree/master/stable/dex how to customize settings. Disabling this component will require every Organization to use an external Identity Provider. |
| deployPostgresHA | bool | true | If set to true, this chart will install bitnami/postgresql-ha as a part of the deployment. Postgres will be used for hosting Metadata and application configuration databases and optionally also as a data source. If false, your existing, external Postgresql-compatible server must be configured in section service.postgres below. This option is useful for hosting metadata database in AWS RDS, for example. |
| deployRedisHA | bool | true | If set to true, this chart will install stable/redis-ha as a part of the deployment. If false, your existing Redis-compatible server must be configured in section service.redis below. |
| dex.config.database.name | string | "dex" | |
| dex.config.database.sslMode | string | "disable" | |
| dex.config.enablePasswordDB | bool | true | Map containing set of configured connectors. The key is the id of a connector, value is a map of connector’s parameters (excluding id and redirectURI that are added by template automatically). |
| dex.config.expiry.deviceRequests | string | "5m" | |
| dex.config.expiry.idTokens | string | "1h" | |
| dex.config.expiry.signingKeys | string | "6h" | |
| dex.config.grpc.address | string | "0.0.0.0" | port is taken from ports section above |
| dex.config.logger.format | string | "json" | |
| dex.config.logger.level | string | "info" | |
| dex.config.oauth2.alwaysShowLoginScreen | bool | false | |
| dex.config.oauth2.responseTypes[0] | string | "code" | |
| dex.config.oauth2.responseTypes[1] | string | "token" | |
| dex.config.oauth2.responseTypes[2] | string | "id_token" | |
| dex.config.oauth2.skipApprovalScreen | bool | true | |
| dex.config.web.address | string | "0.0.0.0" | port is taken from ports section above |
| dex.image.name | string | "quay.io/dexidp/dex" | set to repository in local registry for air-gapped installations |
| dex.image.tag | string | "v2.26.0" | |
| dex.ingress.annotations | object | {} | Custom annotations that will be added to every Ingress object created by this chart, e.g. cert-manager.io/cluster-issuer: letsencrypt-auth-production or using namespace-specific Issuer: cert-manager.io/issuer: local-ca-issuer |
| dex.ingress.authHost | string | "localhost" | hostname where the application will have its authentication Endpoint (Dex). It will be used for organizations without their own external Identity Provider. |
| dex.ingress.tls.authSecretName | string | "" | If you have pre-existing secret with your own certificate and key, put its name here. Also, if you want cert-manager, set to some Secret name where TLS certificate and key will be stored. Note that dex.ingress.authHost is required when enabling TLS. If you’re deploying to AWS, you may prefer TLS termination on AWS ELB and keep this value empty. |
| dex.podAnnotations | object | {} | |
| dex.ports.grpc.containerPort | int | 5000 | |
| dex.ports.grpc.servicePort | int | 35000 | |
| dex.ports.metrics.containerPort | int | 5558 | |
| dex.ports.metrics.servicePort | int | 37000 | |
| dex.ports.web.containerPort | int | 5556 | |
| dex.ports.web.servicePort | int | 32000 | |
| dex.replicaCount | int | 2 | |
| dex.resources.limits.cpu | string | "100m" | |
| dex.resources.limits.memory | string | "50Mi" | |
| dex.resources.requests.cpu | string | "100m" | |
| dex.resources.requests.memory | string | "50Mi" | |
| dex.service.name | string | "dex" | |
| dex.service.type | string | "ClusterIP" | |
| dex.uriPrefix | string | "/dex" | base context path prefix used by Dex to serve its resources |
| fullnameOverride | string | "" | If not set, a name is generated using the fullname template. |
| global.imageRegistry | string | nil | Set the following variable to your private docker registry if you want to deploy to air-gapped installations. This affects images needed to deploy postgresql-ha subchart. |
| homeUi.image.name | string | "home-ui" | |
| homeUi.resources.limits.cpu | string | "20m" | |
| homeUi.resources.limits.memory | string | "20Mi" | |
| homeUi.resources.requests.cpu | string | "10m" | |
| homeUi.resources.requests.memory | string | "10Mi" | |
| homeUi.service.externalPort | int | 9600 | |
| homeUi.service.internalPort | int | 9600 | |
| homeUi.service.name | string | "home-ui" | |
| homeUi.service.type | string | "ClusterIP" | |
| image.defaultTag | string | "latest" | default image tag that will be used on all Tiger apps unless specific per-application tag is specified. |
| image.dockerhubPrefix | string | "docker.io" | Registry prefix for DockerHub images. Set to docker.io if your cluster has access to DockerHub either directly or via configured registry proxy On air-gapped installations, set to local registry namespace with pre-pulled images |
| image.pullPolicy | string | "Always" | |
| image.repositoryPrefix | string | "registry.anywhere.gooddata.com" | Registry where the GoodData.CN images are stored. Normally it points to GoodData registry host. Set to repository prefix in local registry if you plan deploying to air-gapped installation |
| imagePullSecrets | list | [] | List of secret name(s) to be used for pulling images from private registry. |
| images | object | {"curlJq":{"name":"peterevans/curl-jq","tag":"1.0"},"postgres":{"name":"postgres","tag":"11.6"}} | Common definition of upstream images Image names are relative to image.dockerhubPrefix |
| ingress.annotations | object | {} | |
| ingress.lbProtocol | string | "https" | This setting informs applications if the load balancer exposes the applications on HTTPS or plain unencrypted HTTP. For production workload, we strongly suggest using HTTPS. For local development purposes (e.g. in k3d cluster), HTTP is sufficient. |
| ldmModeler.image.name | string | "ldm-modeler" | |
| ldmModeler.resources.limits.cpu | string | "20m" | |
| ldmModeler.resources.limits.memory | string | "20Mi" | |
| ldmModeler.resources.requests.cpu | string | "10m" | |
| ldmModeler.resources.requests.memory | string | "10Mi" | |
| ldmModeler.service.externalPort | int | 9400 | |
| ldmModeler.service.internalPort | int | 8080 | |
| ldmModeler.service.name | string | "ldm-modeler" | |
| ldmModeler.service.type | string | "ClusterIP" | |
| loggerRingBufferSize | int | 262144 | Default Log4J ring buffer size (in bytes). |
| metadataApi.actuator.port | int | 9008 | |
| metadataApi.bootstrap | object | {"existingSecret":"","password":"VerySecretPassword","user":"bootstrap"} | This config is used inside the Organization operator to communicate with metadata-api service using the Authenticated gRPC channel. It’s recommended to update the value for each helm release. |
| metadataApi.bootstrap.existingSecret | string | "" | If set, existing secret containing user and password can be used instead of the two values above. |
| metadataApi.dataSourceTopic | string | "data-source.change" | |
| metadataApi.image.name | string | "metadata-api" | |
| metadataApi.resources.limits.cpu | string | "1500m" | |
| metadataApi.resources.limits.memory | string | "500Mi" | |
| metadataApi.resources.requests.cpu | string | "150m" | |
| metadataApi.resources.requests.memory | string | "350Mi" | |
| metadataApi.service.externalPort | int | 9007 | |
| metadataApi.service.grpcExternalPort | int | 6572 | |
| metadataApi.service.grpcInternalPort | int | 6572 | |
| metadataApi.service.internalPort | int | 9007 | |
| metadataApi.service.name | string | "metadata-api" | |
| metadataApi.service.type | string | "ClusterIP" | |
| metadataApi.topic | string | "metadata.model" | |
| monitoring.tracing.enabled | bool | false | |
| monitoring.tracing.zipkin.host | string | "jaeger-collector" | |
| monitoring.tracing.zipkin.namespace | string | "monitoring" | |
| monitoring.tracing.zipkin.port | int | 9411 | |
| nameOverride | string | "" | If not set, a name is generated using the name template. |
| organizationController.image.name | string | "organization-controller" | |
| podSecurityContext | object | {} | Kubernetes Pod Security Context settings. |
| postgresql-ha.metrics.enabled | bool | true | |
| postgresql-ha.nameOverride | string | "db" | |
| postgresql-ha.pgpool.maxPool | int | 4 | |
| postgresql-ha.pgpool.numInitChildren | int | 70 | |
| postgresql-ha.pgpool.replicaCount | int | 2 | |
| postgresql-ha.postgresql.existingSecret | string | "" | If set, existing secret containing password and repmgrPassword can be used. See more details in the postgresql chart mentioned above. |
| postgresql-ha.postgresql.extendedConf.maxConnections | int | 500 | |
| postgresql-ha.postgresql.password | string | "secret" | |
| postgresql-ha.postgresql.repmgrPassword | string | "repmgrpassword" | |
| postgresql-ha.postgresql.username | string | "postgres" | |
| postgresql-ha.volumePermissions.enabled | bool | true | |
| pulsarJob.namespacePerRelease | bool | true | If false, uncomment and set the ’tenant’ and ’namespace’ below. If true, the name of Pulsar’s tenant and namespace will be generated from the k8s namespace and release name. Note that if you set fixed names, you must avoid conflicts among multiple instances of this chart sharing the same Pulsar cluster. |
| redis-ha.exporter.enabled | bool | true | |
| redis-ha.exporter.image | string | "oliver006/redis_exporter" | set to repository in local registry for air-gapped installations |
| redis-ha.image.repository | string | "redis" | set to repository in local registry for air-gapped installations |
| redis-ha.redis.config.maxmemory | string | "100m" | This value should be tuned according to the real load |
| redis-ha.redis.config.maxmemory-policy | string | "allkeys-lru" | |
| replicaCount | int | 2 | Default replica count (if not overridden for specific component). |
| resources.limits.cpu | string | "500m" | |
| resources.limits.memory | string | "500Mi" | |
| resources.requests.cpu | string | "150m" | |
| resources.requests.memory | string | "250Mi" | |
| resultCache.actuator.port | int | 9041 | |
| resultCache.image.name | string | "result-cache" | |
| resultCache.pulsar.deadLetter.topic | string | "result.xtab.DLQ" | |
| resultCache.pulsar.topic | string | "result.xtab" | |
| resultCache.resources.limits.cpu | string | "500m" | |
| resultCache.resources.limits.memory | string | "500Mi" | |
| resultCache.resources.requests.cpu | string | "150m" | |
| resultCache.resources.requests.memory | string | "350Mi" | |
| resultCache.service.externalPort | int | 6567 | |
| resultCache.service.internalPort | int | 6567 | |
| resultCache.service.name | string | "result-cache" | |
| resultCache.service.type | string | "ClusterIP" | |
| scanModel.actuator.port | int | 9061 | |
| scanModel.image.name | string | "scan-model" | |
| scanModel.resources.limits.cpu | string | "1500m" | |
| scanModel.resources.limits.memory | string | "500Mi" | |
| scanModel.resources.requests.cpu | string | "150m" | |
| scanModel.resources.requests.memory | string | "250Mi" | |
| scanModel.service.externalPort | int | 9060 | |
| scanModel.service.internalPort | int | 9060 | |
| scanModel.service.name | string | "scan-model" | |
| scanModel.service.type | string | "ClusterIP" | |
| securityContext | object | {} | Kubernetes Security Context settings. |
| service.postgres.databaseExecution | string | "execution" | Database containing internal AFM execution related data, such as cache metadata. |
| service.postgres.databaseMd | string | "md" | Here are the names of databases the GoodData.CN application uses |
| service.postgres.existingSecret | string | "" | You can define your own existing secret here containing postgresql-password key with the actual password. Not applicable when deployPostgresHA: true. |
| service.postgres.host | string | "" | Here you should define basic parameters for connecting to external, Postgresql-compatible DB engine (like RDS) where metadata and application configuration will be stored. Mandatory when you set deployPostgresHA: false above. When using built-in Postgresql HA chart, the configuration is retrieved automatically and these settings are not used. |
| service.postgres.password | string | "topsecret" | |
| service.postgres.port | int | 5432 | |
| service.postgres.username | string | "postgres" | |
| service.pulsar.brokerPort | int | 6650 | |
| service.pulsar.host | string | "pulsar-broker.pulsar" | If you have Apache Pulsar deployed externally, set host to fully qualified name of the broker. For default setup, when Pulsar is deployed to Kubernetes cluster using Helm chart, using pattern |
| service.pulsar.wsPort | int | 8080 | |
| service.redis.clusterMode | bool | false | When true, it will use Redis cluster protocol for communication. Useful for HA deployment. |
| service.redis.hosts | list | [] | Used when using external redis service (like Elasticache on AWS, Memorystore on GCP or so). Format is a list of hostnames where the redis is running. |
| service.redis.port | int | 6379 | |
| serviceAccount.create | bool | true | Specifies whether a service account should be created. |
| serviceAccount.name | bool | nil | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. |
| sqlExecutor.actuator.port | int | 9101 | |
| sqlExecutor.extraDriversInitContainer | string | "" | |
| sqlExecutor.image.name | string | "sql-executor" | |
| sqlExecutor.pulsar.deadLetter.topic | string | "sql.select.DLQ" | |
| sqlExecutor.pulsar.topic | string | "sql.select" | |
| sqlExecutor.resources.limits.cpu | string | "1500m" | |
| sqlExecutor.resources.limits.ephemeral-storage | string | "300Mi" | |
| sqlExecutor.resources.limits.memory | string | "500Mi" | |
| sqlExecutor.resources.requests.cpu | string | "150m" | |
| sqlExecutor.resources.requests.ephemeral-storage | string | "300Mi" | |
| sqlExecutor.resources.requests.memory | string | "350Mi" | |
| sqlExecutor.service.externalPort | int | 6570 | |
| sqlExecutor.service.internalPort | int | 6570 | |
| sqlExecutor.service.name | string | "sql-executor" | |
| sqlExecutor.service.type | string | "ClusterIP" | |
| telemetryEnabled | bool | true | If set to true, deployed services will report telemetry data to https://matomo.anywhere.gooddata.com/matomo.php |
| tools.image.name | string | "tools" | |
| tools.replicaCount | int | 1 | |
| tools.resources.limits.cpu | string | "200m" | |
| tools.resources.limits.memory | string | "200Mi" | |
| tools.resources.requests.cpu | string | "10m" | |
| tools.resources.requests.memory | string | "5Mi" |