Helm Chart Options
Helm chart for GoodData.CN
Note: The dependent subcharts (redisa-ha and postgresql-ha) are included in the GoodData.CN chart.
Requirements
| Repository | Name | Version |
|---|---|---|
| https://charts.bitnami.com/bitnami | postgresql-ha | 6.3.3 |
| https://dandydeveloper.github.io/charts | redis-ha | 4.12.1 |
Values
| Key | Type | Default | Description |
|---|---|---|---|
| afmExecApi.actuator.port | int | 9001 | |
| afmExecApi.image.name | string | "afm-exec-api" | |
| afmExecApi.resources.limits.memory | string | "600Mi" | |
| afmExecApi.resources.requests.memory | string | "350Mi" | |
| afmExecApi.service.externalPort | int | 9000 | |
| afmExecApi.service.internalPort | int | 9000 | |
| afmExecApi.service.name | string | "afm-exec-api" | |
| afmExecApi.service.type | string | "ClusterIP" | |
| analyticalDesigner.image.name | string | "analytical-designer" | |
| analyticalDesigner.resources.limits.cpu | string | "50m" | |
| analyticalDesigner.resources.limits.memory | string | "25Mi" | |
| analyticalDesigner.resources.requests.cpu | string | "10m" | |
| analyticalDesigner.resources.requests.memory | string | "15Mi" | |
| analyticalDesigner.service.externalPort | int | 9300 | |
| analyticalDesigner.service.internalPort | int | 9300 | |
| analyticalDesigner.service.name | string | "analytical-designer" | |
| analyticalDesigner.service.type | string | "ClusterIP" | |
| apiDocs.enabled | bool | true | Can be optionally disabled by setting enabled: false |
| apiDocs.image.name | string | "apidocs" | |
| apiDocs.replicaCount | int | 2 | |
| apiDocs.resources.limits.cpu | string | "50m" | |
| apiDocs.resources.limits.memory | string | "30Mi" | |
| apiDocs.resources.requests.cpu | string | "20m" | |
| apiDocs.resources.requests.memory | string | "15Mi" | |
| apiDocs.service.externalPort | int | 9999 | |
| apiDocs.service.internalPort | int | 8080 | |
| apiDocs.service.name | string | "apidocs" | |
| apiDocs.service.type | string | "ClusterIP" | |
| aqe.image.name | string | "aqe" | |
| aqe.maqlTopic | string | "xae.maql" | |
| aqe.mdTopic | string | "metadata.model" | |
| aqe.resources.limits.cpu | string | "200m" | |
| aqe.resources.limits.memory | string | "160Mi" | |
| aqe.resources.requests.cpu | string | "20m" | |
| aqe.resources.requests.memory | string | "80Mi" | |
| aqe.service.externalPort | int | 6569 | |
| aqe.service.internalPort | int | 6569 | |
| aqe.service.name | string | "aqe" | |
| aqe.service.type | string | "ClusterIP" | |
| aqe.sqlTopic | string | "sql.select" | |
| authService.actuator.port | int | 9051 | |
| authService.image.name | string | "auth-service" | |
| authService.resources.limits.memory | string | "600Mi" | |
| authService.resources.requests.memory | string | "300Mi" | |
| authService.service.externalPort | int | 9050 | |
| authService.service.grpcExternalPort | int | 6573 | |
| authService.service.grpcInternalPort | int | 6573 | |
| authService.service.internalPort | int | 9050 | |
| authService.service.name | string | "auth-service" | |
| authService.service.type | string | "ClusterIP" | |
| cookiePolicy | string | "Lax" | |
| dashboards.image.name | string | "dashboards" | |
| dashboards.resources.limits.cpu | string | "20m" | |
| dashboards.resources.limits.memory | string | "20Mi" | |
| dashboards.resources.requests.cpu | string | "10m" | |
| dashboards.resources.requests.memory | string | "10Mi" | |
| dashboards.service.externalPort | int | 9500 | |
| dashboards.service.internalPort | int | 9500 | |
| dashboards.service.name | string | "dashboards" | |
| dashboards.service.type | string | "ClusterIP" | |
| deployDexIdP | bool | true | If set to true, Dex Identity Provider will be installed and configured according to values in “dex:” key below. Follow the guidelines in https://github.com/helm/charts/tree/master/stable/dex for how to customize settings. Disabling this component will require every Organization to use an external Identity Provider. |
| deployPostgresHA | bool | true | If set to true, this chart will install bitnami/postgresql-ha as a part of the deployment. Postgres will be used for hosting Metadata and application configuration databases, and optionally used as a data source. If false, your existing, external Postgresql-compatible server must be configured in the section for service.postgres parameters. This option is useful for hosting a metadata database in AWS RDS, for example. |
| deployRedisHA | bool | true | If set to true, this chart will install stable/redis-ha as a part of the deployment. If false, your existing Redis-compatible server must be configured in the section for service.redis parameters. |
| dex.config.database.name | string | "dex" | |
| dex.config.database.sslMode | string | "disable" | |
| dex.config.enablePasswordDB | bool | true | Map containing set of configured connectors. The key is the id of a connector. The value is a map of the connector’s parameters (excluding id and redirectURI that are added by template automatically). |
| dex.config.expiry.deviceRequests | string | "24h" | |
| dex.config.expiry.idTokens | string | "24h" | |
| dex.config.expiry.signingKeys | string | "48h" | |
| dex.config.frontend.issuer | string | "GoodData.CN" | |
| dex.config.frontend.logoUrl | string | "theme/logo.svg" | |
| dex.config.frontend.theme | string | "gdc" | |
| dex.config.grpc.address | string | "0.0.0.0" | Port is taken from ports section above |
| dex.config.logger.format | string | "json" | |
| dex.config.logger.level | string | "info" | |
| dex.config.oauth2.alwaysShowLoginScreen | bool | false | |
| dex.config.oauth2.responseTypes[0] | string | "code" | |
| dex.config.oauth2.responseTypes[1] | string | "token" | |
| dex.config.oauth2.responseTypes[2] | string | "id_token" | |
| dex.config.oauth2.skipApprovalScreen | bool | true | |
| dex.config.web.address | string | "0.0.0.0" | port is taken from ports section above |
| dex.image.name | string | "dex" | set to repository in local registry for air-gapped installations |
| dex.ingress.annotations | object | {} | Custom annotations that will be added to every Ingress object created by this chart, e.g. cert-manager.io/cluster-issuer: letsencrypt-auth-production or using namespace-specific Issuer: cert-manager.io/issuer: local-ca-issuer |
| dex.ingress.authHost | string | "localhost" | hostname where the application will have its authentication Endpoint (Dex). It will be used for organizations without their own external Identity Provider. |
| dex.ingress.tls.authSecretName | string | "" | If you have pre-existing secret with your own certificate and key, put its name here. Also, if you want cert-manager, set to some Secret name where TLS certificate and key will be stored. Note that dex.ingress.authHost is required when enabling TLS. If you’re deploying to AWS, you may prefer TLS termination on AWS ELB and keep this value empty. |
| dex.podAnnotations | object | {} | |
| dex.ports.grpc.containerPort | int | 5000 | |
| dex.ports.grpc.servicePort | int | 35000 | |
| dex.ports.metrics.containerPort | int | 5558 | |
| dex.ports.metrics.servicePort | int | 37000 | |
| dex.ports.web.containerPort | int | 5556 | |
| dex.ports.web.servicePort | int | 32000 | |
| dex.replicaCount | int | 2 | |
| dex.resources.limits.cpu | string | "100m" | |
| dex.resources.limits.memory | string | "50Mi" | |
| dex.resources.requests.cpu | string | "100m" | |
| dex.resources.requests.memory | string | "50Mi" | |
| dex.service.name | string | "dex" | |
| dex.service.type | string | "ClusterIP" | |
| dex.uriPrefix | string | "/dex" | base context path prefix used by Dex to serve its resources |
| fullnameOverride | string | "" | If not set, a name is generated using the fullname template. |
| global.imageRegistry | string | nil | Set the following variable to your private docker registry if you want to deploy to air-gapped installations. This affects images needed to deploy postgresql-ha subchart. |
| homeUi.image.name | string | "home-ui" | |
| homeUi.resources.limits.cpu | string | "20m" | |
| homeUi.resources.limits.memory | string | "20Mi" | |
| homeUi.resources.requests.cpu | string | "10m" | |
| homeUi.resources.requests.memory | string | "15Mi" | |
| homeUi.service.externalPort | int | 9600 | |
| homeUi.service.internalPort | int | 9600 | |
| homeUi.service.name | string | "home-ui" | |
| homeUi.service.type | string | "ClusterIP" | |
| image.defaultTag | string | "latest" | The default image tag that will be used on all Tiger apps unless specific per-application tag is specified. |
| image.dockerhubPrefix | string | "docker.io" | Registry prefix for DockerHub images. Set to docker.io if your cluster has access to DockerHub either directly or via configured registry proxy. On air-gapped installations, set to local registry namespace with pre-pulled images |
| image.pullPolicy | string | "Always" | |
| image.repositoryPrefix | string | "gooddata" | Registry where the GoodData.CN images are stored. Normally it points to the GoodData namespace on Docker Hub. Set to repository prefix in local registry if you plan deploying to air-gapped installation |
| imagePullSecrets | list | [] | List of secret name(s) to be used for pulling images from private registry. |
| ingress.annotations | object | {} | |
| ingress.lbProtocol | string | "https" | This setting informs applications if the load balancer exposes the applications on HTTPS or plain unencrypted HTTP. For production workload, we strongly suggest using HTTPS. For local development purposes (e.g. in k3d cluster), HTTP is sufficient. |
| ldmModeler.image.name | string | "ldm-modeler" | |
| ldmModeler.resources.limits.cpu | string | "50m" | |
| ldmModeler.resources.limits.memory | string | "30Mi" | |
| ldmModeler.resources.requests.cpu | string | "10m" | |
| ldmModeler.resources.requests.memory | string | "15Mi" | |
| ldmModeler.service.externalPort | int | 9400 | |
| ldmModeler.service.internalPort | int | 8080 | |
| ldmModeler.service.name | string | "ldm-modeler" | |
| ldmModeler.service.type | string | "ClusterIP" | |
| license.existingSecret | string | "" | |
| license.key | string | "<put-your-license-key-here>" | |
| loggerRingBufferSize | int | 262144 | Default Log4J ring buffer size (in bytes). |
| metadataApi.actuator.port | int | 9008 | |
| metadataApi.bootstrap.existingSecret | string | "" | If set, existing secret containing user and password can be used instead of the two values above. |
| metadataApi.dataSourceTopic | string | "data-source.change" | |
| metadataApi.image.name | string | "metadata-api" | |
| metadataApi.resources.limits.cpu | string | "1500m" | |
| metadataApi.resources.limits.memory | string | "900Mi" | |
| metadataApi.resources.requests.cpu | string | "250m" | |
| metadataApi.resources.requests.memory | string | "600Mi" | |
| metadataApi.service.externalPort | int | 9007 | |
| metadataApi.service.grpcExternalPort | int | 6572 | |
| metadataApi.service.grpcInternalPort | int | 6572 | |
| metadataApi.service.internalPort | int | 9007 | |
| metadataApi.service.name | string | "metadata-api" | |
| metadataApi.service.type | string | "ClusterIP" | |
| metadataApi.topic | string | "metadata.model" | |
| monitoring.tracing.enabled | bool | false | |
| monitoring.tracing.zipkin.host | string | "jaeger-collector" | |
| monitoring.tracing.zipkin.namespace | string | "monitoring" | |
| monitoring.tracing.zipkin.port | int | 9411 | |
| nameOverride | string | "" | If not set, a name is generated using the name template. |
| networkPolicy.enabled | bool | false | Kubernetes Network Policy enablement. |
| networkPolicy.nginxIngressLabelSelector | string | "app.kubernetes.io/name: ingress-nginx" | Kubernetes Pod label of Nginx Ingress. Required to allow ingress traffic. |
| networkPolicy.nginxIngressNamespace | string | "ingress-nginx" | Kubernetes Namespace of Nginx Ingress. Required to allow ingress traffic. |
| organizationController.image.name | string | "organization-controller" | |
| organizationController.resources.limits.cpu | string | "20m" | |
| organizationController.resources.limits.memory | string | "100Mi" | |
| organizationController.resources.requests.cpu | string | "10m" | |
| organizationController.resources.requests.memory | string | "50Mi" | |
| podSecurityContext | object | {"runAsNonRoot":true} | Kubernetes Pod Security Context settings. |
| postgresql-ha.metrics.enabled | bool | true | |
| postgresql-ha.nameOverride | string | "db" | |
| postgresql-ha.pgpool.maxPool | int | 4 | |
| postgresql-ha.pgpool.numInitChildren | int | 70 | |
| postgresql-ha.pgpool.replicaCount | int | 2 | |
| postgresql-ha.postgresql.existingSecret | string | "" | If set, existing secret containing password and repmgrPassword can be used. See more details in the postgresql chart mentioned above. |
| postgresql-ha.postgresql.extendedConf.maxConnections | int | 500 | |
| postgresql-ha.postgresql.password | string | "secret" | |
| postgresql-ha.postgresql.repmgrPassword | string | "repmgrpassword" | |
| postgresql-ha.postgresql.username | string | "postgres" | |
| postgresql-ha.volumePermissions.enabled | bool | true | |
| pulsarJob.namespacePerRelease | bool | true | If false, uncomment and set the ’tenant’ and ’namespace’ below. If true, the name of Pulsar’s tenant and namespace will be generated from the k8s namespace and release name. Note that if you set fixed names, you must avoid conflicts among multiple instances of this chart sharing the same Pulsar cluster. |
| redis-ha.exporter.enabled | bool | true | |
| redis-ha.exporter.image | string | "oliver006/redis_exporter" | set to repository in local registry for air-gapped installations |
| redis-ha.image.repository | string | "redis" | set to repository in local registry for air-gapped installations |
| redis-ha.redis.config.maxmemory | string | "100m" | This value should be tuned according to the real load |
| redis-ha.redis.config.maxmemory-policy | string | "allkeys-lru" | |
| replicaCount | int | 2 | Default replica count (if not overridden for specific component). |
| resources.limits.cpu | string | "500m" | |
| resources.limits.memory | string | "500Mi" | |
| resources.requests.cpu | string | "150m" | |
| resources.requests.memory | string | "250Mi" | |
| resultCache.actuator.port | int | 9041 | |
| resultCache.image.name | string | "result-cache" | |
| resultCache.pulsar.deadLetter.topic | string | "result.xtab.DLQ" | |
| resultCache.pulsar.topic | string | "result.xtab" | |
| resultCache.resources.limits.cpu | string | "500m" | |
| resultCache.resources.limits.memory | string | "700Mi" | |
| resultCache.resources.requests.cpu | string | "150m" | |
| resultCache.resources.requests.memory | string | "400Mi" | |
| resultCache.service.externalPort | int | 6567 | |
| resultCache.service.internalPort | int | 6567 | |
| resultCache.service.name | string | "result-cache" | |
| resultCache.service.type | string | "ClusterIP" | |
| scanModel.actuator.port | int | 9061 | |
| scanModel.image.name | string | "scan-model" | |
| scanModel.resources.limits.cpu | string | "1500m" | |
| scanModel.resources.limits.memory | string | "600Mi" | |
| scanModel.resources.requests.cpu | string | "150m" | |
| scanModel.resources.requests.memory | string | "350Mi" | |
| scanModel.service.externalPort | int | 9060 | |
| scanModel.service.internalPort | int | 9060 | |
| scanModel.service.name | string | "scan-model" | |
| scanModel.service.type | string | "ClusterIP" | |
| securityContext | object | {} | Kubernetes Security Context settings. |
| service.postgres.databaseExecution | string | "execution" | Database containing internal AFM execution related data, such as cache metadata. |
| service.postgres.databaseMd | string | "md" | Here are the names of databases the GoodData.CN application uses |
| service.postgres.existingSecret | string | "" | You can define your own existing secret here containing postgresql-password key with the actual password. Not applicable when deployPostgresHA: true. |
| service.postgres.host | string | "" | Here you should define basic parameters for connecting to external, Postgresql-compatible DB engine (like RDS) where metadata and application configuration will be stored. Mandatory when you set deployPostgresHA: false above. When using built-in Postgresql HA chart, the configuration is retrieved automatically and these settings are not used. |
| service.postgres.password | string | "topsecret" | |
| service.postgres.port | int | 5432 | |
| service.postgres.username | string | "postgres" | |
| service.pulsar.brokerPort | int | 6650 | |
| service.pulsar.host | string | "pulsar-broker.pulsar" | If you have Apache Pulsar deployed externally, set host to fully qualified name of the broker. For default setup, when Pulsar is deployed to Kubernetes cluster using Helm chart, using pattern |
| service.pulsar.wsPort | int | 8080 | |
| service.redis.clusterMode | bool | false | When true, it will use Redis cluster protocol for communication. Useful for HA deployment. |
| service.redis.hosts | list | [] | Used when using external redis service (like Elasticache on AWS, Memorystore on GCP or so). Format is a list of hostnames where the redis is running. |
| service.redis.port | int | 6379 | |
| serviceAccount.create | bool | true | Specifies whether a service account should be created. |
| serviceAccount.name | bool | nil | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. |
| sqlExecutor.actuator.port | int | 9101 | |
| sqlExecutor.extraDriversInitContainer | string | "" | |
| sqlExecutor.image.name | string | "sql-executor" | |
| sqlExecutor.pulsar.deadLetter.topic | string | "sql.select.DLQ" | |
| sqlExecutor.pulsar.topic | string | "sql.select" | |
| sqlExecutor.resources.limits.cpu | string | "1500m" | |
| sqlExecutor.resources.limits.ephemeral-storage | string | "300Mi" | |
| sqlExecutor.resources.limits.memory | string | "700Mi" | |
| sqlExecutor.resources.requests.cpu | string | "150m" | |
| sqlExecutor.resources.requests.ephemeral-storage | string | "300Mi" | |
| sqlExecutor.resources.requests.memory | string | "400Mi" | |
| sqlExecutor.service.externalPort | int | 6570 | |
| sqlExecutor.service.internalPort | int | 6570 | |
| sqlExecutor.service.name | string | "sql-executor" | |
| sqlExecutor.service.type | string | "ClusterIP" | |
| telemetryEnabled | bool | true | If set to true, deployed services will report telemetry data to https://matomo.anywhere.gooddata.com/matomo.php |
| tools.image.name | string | "tools" | |
| tools.replicaCount | int | 1 | |
| tools.resources.limits.cpu | string | "200m" | |
| tools.resources.limits.memory | string | "200Mi" | |
| tools.resources.requests.cpu | string | "10m" | |
| tools.resources.requests.memory | string | "5Mi" |