Helm Chart Options

Helm chart for GoodData.CN

Note: The dependent subcharts (redis-ha and postgresql-ha) are included in the GoodData.CN chart.

Requirements

RepositoryNameVersion
https://charts.bitnami.com/bitnamietcd9.5.7
https://charts.bitnami.com/bitnamipostgresql-ha9.4.9
https://dandydeveloper.github.io/chartsredis-ha4.23.0

Values

KeyTypeDefaultDescription
afmExecApi.actuator.portint9001
afmExecApi.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
afmExecApi.image.namestring"afm-exec-api"
afmExecApi.jvmOptionsstring"-XX:ReservedCodeCacheSize=100M -Xms320m -Xmx320m -XX:MaxMetaspaceSize=170M"Custom JVM options
afmExecApi.podDisruptionBudget.maxUnavailablestring""
afmExecApi.podDisruptionBudget.minAvailablestring""
afmExecApi.resources.limits.cpustring"750m"
afmExecApi.resources.limits.memorystring"965Mi"
afmExecApi.resources.requests.cpustring"100m"
afmExecApi.resources.requests.memorystring"600Mi"
afmExecApi.service.externalPortint9000
afmExecApi.service.internalPortint9000
afmExecApi.service.namestring"afm-exec-api"
afmExecApi.service.typestring"ClusterIP"
analyticalDesigner.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
analyticalDesigner.image.namestring"analytical-designer"
analyticalDesigner.podDisruptionBudget.maxUnavailablestring""
analyticalDesigner.podDisruptionBudget.minAvailablestring""
analyticalDesigner.resources.limits.cpustring"100m"
analyticalDesigner.resources.limits.memorystring"35Mi"
analyticalDesigner.resources.requests.cpustring"10m"
analyticalDesigner.resources.requests.memorystring"15Mi"
analyticalDesigner.service.externalPortint9300
analyticalDesigner.service.internalPortint9300
analyticalDesigner.service.namestring"analytical-designer"
analyticalDesigner.service.typestring"ClusterIP"
antiAffinity.enabledboolfalseenables antiAffinity for all GoodData.CN Pods
antiAffinity.topologyKeystring"kubernetes.io/hostname"Topology key for antiAffinity
antiAffinity.typestring"preferredDuringSchedulingIgnoredDuringExecution"“requiredDuringSchedulingIgnoredDuringExecution” or “preferredDuringSchedulingIgnoredDuringExecution”
apiDocs.enabledbooltrueCan be optionally disabled by setting enabled: false
apiDocs.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
apiDocs.image.namestring"apidocs"
apiDocs.podDisruptionBudget.maxUnavailablestring""
apiDocs.podDisruptionBudget.minAvailablestring""
apiDocs.replicaCountinttaken from .Values.replicaCountNumber of pod replicas
apiDocs.resources.limits.cpustring"100m"
apiDocs.resources.limits.memorystring"35Mi"
apiDocs.resources.requests.cpustring"10m"
apiDocs.resources.requests.memorystring"15Mi"
apiDocs.service.externalPortint9999
apiDocs.service.internalPortint8080
apiDocs.service.namestring"apidocs"
apiDocs.service.typestring"ClusterIP"
apiGateway.actuator.portint9093
apiGateway.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
apiGateway.image.namestring"api-gateway"
apiGateway.jvmOptionsstring"-XX:ReservedCodeCacheSize=60M -Xms140m -Xmx140m -XX:MaxMetaspaceSize=100M"Custom JVM options
apiGateway.podDisruptionBudget.maxUnavailablestring""
apiGateway.podDisruptionBudget.minAvailablestring""
apiGateway.resources.limits.cpustring"500m"
apiGateway.resources.limits.memorystring"540Mi"
apiGateway.resources.requests.cpustring"100m"
apiGateway.resources.requests.memorystring"300Mi"
apiGateway.service.externalPortint9092
apiGateway.service.grpcExternalPortint6572
apiGateway.service.grpcInternalPortint6572
apiGateway.service.internalPortint9092
apiGateway.service.namestring"api-gateway"
apiGateway.service.typestring"ClusterIP"
authService.actuator.portint9051
authService.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
authService.image.namestring"auth-service"
authService.jvmOptionsstring"-XX:ReservedCodeCacheSize=100M -Xms190m -Xmx190m -XX:MaxMetaspaceSize=150M"Custom JVM options
authService.podDisruptionBudget.maxUnavailablestring""
authService.podDisruptionBudget.minAvailablestring""
authService.pulsar.inviteGenerator.enabledboolfalse
authService.pulsar.inviteGenerator.messageTTLint300
authService.pulsar.inviteGenerator.topicstring"invitations"
authService.resources.limits.cpustring"500m"
authService.resources.limits.memorystring"750Mi"
authService.resources.requests.cpustring"100m"
authService.resources.requests.memorystring"400Mi"
authService.service.externalPortint9050
authService.service.grpcExternalPortint6573
authService.service.grpcInternalPortint6573
authService.service.internalPortint9050
authService.service.namestring"auth-service"
authService.service.typestring"ClusterIP"
calcique.actuator.portint9012
calcique.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
calcique.image.namestring"calcique"
calcique.jvmOptionsstring"-XX:ReservedCodeCacheSize=110M -Xms380m -Xmx380m -XX:MaxMetaspaceSize=170M"Custom JVM options
calcique.podDisruptionBudget.maxUnavailablestring""
calcique.podDisruptionBudget.minAvailablestring""
calcique.pulsar.calcique.deadLetter.topicstring"compute.calcique.DLQ"
calcique.pulsar.calcique.messageTTLint300
calcique.pulsar.calcique.topicstring"compute.calcique"
calcique.pulsar.dataSourceChange.deadLetter.topicstring"data-source.change.calcique.DLQ"
calcique.pulsar.dataSourceChange.topicstring"data-source.change"
calcique.pulsar.modelUpdate.deadLetter.topicstring"metadata.model.calcique.DLQ"
calcique.pulsar.modelUpdate.topicstring"metadata.model"
calcique.pulsar.sqlExecutor.messageTTLint300
calcique.pulsar.sqlExecutor.topicstring"sql.select"
calcique.resources.limits.cpustring"500m"
calcique.resources.limits.memorystring"1024Mi"
calcique.resources.requests.cpustring"150m"
calcique.resources.requests.memorystring"500Mi"
calcique.service.externalPortint9011
calcique.service.grpcExternalPortint6577
calcique.service.grpcInternalPortint6577
calcique.service.internalPortint9011
calcique.service.namestring"calcique"
calcique.service.typestring"ClusterIP"
cookiePolicystring"Lax"Defines value for SameSite attribute of authentication cookies. Allowed values are ‘Strict’, ‘Lax’ and ‘None’ When set to ‘None’, GoodData.UI applications can run on different domains.
dashboards.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
dashboards.image.namestring"dashboards"
dashboards.podDisruptionBudget.maxUnavailablestring""
dashboards.podDisruptionBudget.minAvailablestring""
dashboards.resources.limits.cpustring"100m"
dashboards.resources.limits.memorystring"35Mi"
dashboards.resources.requests.cpustring"10m"
dashboards.resources.requests.memorystring"15Mi"
dashboards.service.externalPortint9500
dashboards.service.internalPortint9500
dashboards.service.namestring"dashboards"
dashboards.service.typestring"ClusterIP"
deployDexIdPbooltrueIf set to true, Dex Identity Provider will be installed and configured according to values in “dex:” key below. Follow the guidelines in https://github.com/helm/charts/tree/master/stable/dex how to customize settings. Disabling this component will require every Organization to use an external Identity Provider.
deployPostgresHAbooltrueIf set to true, this chart will install bitnami/postgresql-ha as a part of the deployment. Postgres will be used for hosting Metadata and application configuration databases. If false, your existing, external Postgresql-compatible server must be configured in section service.postgres below. This option is useful for hosting metadata database in AWS RDS, for example.
deployQuiverbooltrueIf set to true, caching and cross-tabulation will be done by FlexQuery module. Note that quiver is an internal name for FlexQuery.
deployQuiverDatasourceFsboolfalseIf set to true, additional FlexQuery nodes will be deployed and used to provide additional FS-based datasource capabilities.
deployRedisHAbooltrueIf set to true, this chart will install stable/redis-ha as a part of the deployment. If false, your existing Redis-compatible server must be configured in section service.redis below.
deployVisualExporterbooltrueIf set to true, Visual exporter will be deployed
dex.config.database.existingSecretstring""you can specify custom secret with dex database password; the key needs to be “postgresql-password”
dex.config.database.namestring"dex"
dex.config.database.passwordstring""
dex.config.database.sslModestring"disable"possible values: disable, require, verify-ca, verify-full
dex.config.database.userstring""if user is empty, default postgres user and password is used
dex.config.enablePasswordDBbooltrueMap containing set of configured connectors. The key is the id of a connector, value is a map of connector’s parameters (excluding id and redirectURI that are added by template automatically).
dex.config.expiry.deviceRequestsstring"24h"
dex.config.expiry.idTokensstring"24h"
dex.config.expiry.signingKeysstring"48h"
dex.config.frontend.dirstring"web/"
dex.config.frontend.issuerstring"GoodData.CN"
dex.config.frontend.logoUrlstring"theme/logo.svg"
dex.config.frontend.themestring"gdc"
dex.config.grpc.addressstring"0.0.0.0"port is taken from ports section above
dex.config.logger.formatstring"json"
dex.config.logger.levelstring"info"
dex.config.oauth2.alwaysShowLoginScreenboolfalse
dex.config.oauth2.responseTypes[0]string"code"
dex.config.oauth2.responseTypes[1]string"token"
dex.config.oauth2.responseTypes[2]string"id_token"
dex.config.oauth2.skipApprovalScreenbooltrue
dex.config.web.addressstring"0.0.0.0"port is taken from ports section above
dex.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
dex.image.namestring"dex"set to repository in local registry for air-gapped installations
dex.ingress.annotationsobject{}Custom annotations that will be added to every Ingress object created by this chart, e.g. cert-manager.io/cluster-issuer: letsencrypt-auth-production or using namespace-specific Issuer: cert-manager.io/issuer: local-ca-issuer
dex.ingress.authHoststring"localhost"hostname where the application will have its authentication Endpoint (Dex). It will be used for organizations without their own external Identity Provider.
dex.ingress.tls.authSecretNamestring""If you have pre-existing secret with your own certificate and key, put its name here. Also, if you want cert-manager, set to some Secret name where TLS certificate and key will be stored. Note that dex.ingress.authHost is required when enabling TLS. If you’re deploying to AWS, you may prefer TLS termination on AWS ELB and keep this value empty.
dex.podAnnotationsobject{}
dex.podDisruptionBudget.maxUnavailablestring""
dex.podDisruptionBudget.minAvailablestring""
dex.ports.grpc.containerPortint5000
dex.ports.grpc.servicePortint5000
dex.ports.metrics.containerPortint5558
dex.ports.metrics.servicePortint37000
dex.ports.web.containerPortint5556
dex.ports.web.servicePortint32000
dex.replicaCountinttaken from .Values.replicaCountNumber of pod replicas
dex.resources.limits.cpustring"100m"
dex.resources.limits.memorystring"50Mi"
dex.resources.requests.cpustring"30m"
dex.resources.requests.memorystring"50Mi"
dex.service.namestring"dex"
dex.service.typestring"ClusterIP"
dex.serviceMonitor.additionalLabelsobject{}
dex.serviceMonitor.enabledboolfalse
dex.serviceMonitor.intervalstring"20s"
dex.serviceMonitor.scrapeTimeoutstring"10s"
dex.uriPrefixstring"/dex"base context path prefix used by Dex to serve its resources
enableCompositeGrainbooltrueIf set to true, composite grain is enabled
enablePdmRemovalbooltrueIf set to true, PDM removal is enabled and metadata are migrated
etcd.auth.rbac.createboolfalse
etcd.autoCompactionModestring"periodic"
etcd.autoCompactionRetentionstring"5m"
etcd.extraEnvVars[0].namestring"ETCD_SNAPSHOT_COUNT"
etcd.extraEnvVars[0].valuestring"5000"
etcd.initialClusterStatestring"new"
etcd.metrics.enabledbooltrue
etcd.persistence.enabledbooltrue
etcd.replicaCountint3
etcd.resources.limits.cpustring"300m"
etcd.resources.limits.memorystring"512Mi"
etcd.resources.requests.cpustring"100m"
etcd.resources.requests.memorystring"256Mi"
exportController.actuator.portint6581
exportController.existingSecretstring""you can specify existing secret with cloud credentials instead. For s3:// URLs, it mus contain keys access-key-id and secret-access-key
exportController.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
exportController.fileStorageBaseUrlstring"/tmp/exports"Base url for export file storage. Can be local directory or S3 bucket s3://.s3-.amazonaws.com/prefix
exportController.globalCspDirectivesobject{}
exportController.image.namestring"export-controller"
exportController.jvmOptionsstring"-XX:ReservedCodeCacheSize=90M -Xms130m -Xmx130m -XX:MaxMetaspaceSize=155M"Custom JVM options
exportController.podDisruptionBudget.maxUnavailablestring""
exportController.podDisruptionBudget.minAvailablestring""
exportController.pulsar.exportTabular.deadLetter.topicstring"export-tabular.request.DLQ"
exportController.pulsar.exportTabular.messageTTLint300
exportController.pulsar.exportTabular.topicstring"export-tabular.request"
exportController.pulsar.exportVisual.deadLetter.topicstring"export-visual.request.DLQ"
exportController.pulsar.exportVisual.messageTTLint300
exportController.pulsar.exportVisual.topicstring"export-visual.request"
exportController.resources.limits.cpustring"500m"
exportController.resources.limits.memorystring"685Mi"
exportController.resources.requests.cpustring"100m"
exportController.resources.requests.memorystring"450Mi"
exportController.s3.accessKeystring""AWS access key id of IAM account with access to S3 bucket
exportController.s3.secretKeystring""AWS secret access key of IAM account with access to S3 bucket
exportController.service.externalPortint6580
exportController.service.internalPortint6580
exportController.service.namestring"export-controller"
exportController.service.typestring"ClusterIP"
fullnameOverridestring""If not set, a name is generated using the fullname template.
global.imageRegistrystringnilSet the following variable to your private docker registry if you want to deploy to air-gapped installations. This affects images needed to deploy postgresql-ha subchart.
gracefulShutdownTimeoutSecondsint60Default timeout for a microservice to gracefully stop, i.e. to wait for active requests to finish (in seconds). It might be overridden in component definitions.
grpcServerMaxConnectionAgeint300Maximum time the GRPC connection is kept alive on the server side. After the time elapses the connection is closed. This impacts GRPC load balancing, since client only rediscovers new servers when some connection is closed. In other words the newly spawned GRPC service is discovered after this time in worst case. The value is in seconds. Can be overridden per service.
grpcServerPermitKeepAliveTimeint25Minimum time the GRPC client is allowed sending keep alive to the server. This must be lower than keep alive time on clients (currently 30s by default)
grpcServerPermitKeepAliveWithoutCallsbooltrueWhether GRPC server allows clients to send keep alive when there are no calls.
homeUi.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
homeUi.extraVolumeMountslist[]Additional volumes to mount. It should be used along with extraVolumes extraVolumeMounts: - name: “custom-file” mountPath: “/usr/share/nginx/html/file.html” subPath: “file.html”
homeUi.extraVolumeslist[]Additional volumes Object is piped through tpl function, so you can use templating The volume or underlying Secret/ConfigMap must already exist extraVolumes: - name: “custom-file” configMap: name: ‘{{ include “gooddata-cn.fullname” . }}-custom-file’ defaultMode: 420
homeUi.image.namestring"home-ui"
homeUi.podDisruptionBudget.maxUnavailablestring""
homeUi.podDisruptionBudget.minAvailablestring""
homeUi.resources.limits.cpustring"100m"
homeUi.resources.limits.memorystring"35Mi"
homeUi.resources.requests.cpustring"10m"
homeUi.resources.requests.memorystring"15Mi"
homeUi.service.externalPortint9600
homeUi.service.internalPortint9600
homeUi.service.namestring"home-ui"
homeUi.service.typestring"ClusterIP"
image.defaultTagstring"latest"default image tag that will be used on all GoodData.CN apps unless specific per-application tag is specified.
image.dockerhubPrefixstring"docker.io"Registry prefix for DockerHub images. Set to docker.io if your cluster has access to DockerHub either directly or via configured registry proxy On air-gapped installations, set to local registry namespace with pre-pulled images
image.pullPolicystring"Always"
image.repositoryPrefixstring"gooddata"Registry where the GoodData.CN images are stored. Normally it points to GoodData namespace on Docker Hub. Set to repository prefix in local registry if you plan deploying to air-gapped installation
imagePullSecretslist[]List of secret name(s) to be used for pulling images from private registry.
ingress.annotations.“nginx.ingress.kubernetes.io/proxy-body-size”string"20m"
ingress.ingressClassNamestring"nginx"Class of the Ingress controller used for this deployment
ingress.lbProtocolstring"https"This setting informs applications if the load balancer exposes the applications on HTTPS or plain unencrypted HTTP. For production workload, we strongly suggest using HTTPS. For local development purposes (e.g. in k3d cluster), HTTP is sufficient.
jvmOptionsstring"-XX:+ExitOnOutOfMemoryError -XX:+UseG1GC -Xss384k -XX:+UseStringDeduplication -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=25 -XX:AdaptiveSizePolicyWeight=50 -XX:InitiatingHeapOccupancyPercent=25 -XX:GCTimeRatio=25 -XX:CompressedClassSpaceSize=25M"
ldmModeler.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
ldmModeler.image.namestring"ldm-modeler"
ldmModeler.podDisruptionBudget.maxUnavailablestring""
ldmModeler.podDisruptionBudget.minAvailablestring""
ldmModeler.resources.limits.cpustring"100m"
ldmModeler.resources.limits.memorystring"35Mi"
ldmModeler.resources.requests.cpustring"10m"
ldmModeler.resources.requests.memorystring"15Mi"
ldmModeler.service.externalPortint9400
ldmModeler.service.internalPortint8080
ldmModeler.service.namestring"ldm-modeler"
ldmModeler.service.typestring"ClusterIP"
license.existingSecretstring""
license.keystring"<put-your-license-key-here>"
loggerRingBufferSizeint262144Default Log4J ring buffer size (in bytes).
measureEditor.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
measureEditor.image.namestring"measure-editor"
measureEditor.podDisruptionBudget.maxUnavailablestring""
measureEditor.podDisruptionBudget.minAvailablestring""
measureEditor.resources.limits.cpustring"100m"
measureEditor.resources.limits.memorystring"35Mi"
measureEditor.resources.requests.cpustring"10m"
measureEditor.resources.requests.memorystring"15Mi"
measureEditor.service.externalPortint9700
measureEditor.service.internalPortint9700
measureEditor.service.namestring"measure-editor"
measureEditor.service.typestring"ClusterIP"
metadataApi.actuator.portint9008
metadataApi.bootstrap.existingSecretstring""If set, existing secret containing user and password can be used instead of the two values above.
metadataApi.cacheStrategystring""String in the format organization1:DURABLE;organization2:EPHEMERAL this allows setting particular organization’s cache strategy. Allowed values of the second part are DURABLE and EPHEMERAL
metadataApi.database.existingExporterSecretstring""you can specify custom secret with md database exporter password; the key needs to be “exporter-password”
metadataApi.database.existingSecretstring""you can specify custom secret with md database password; the key needs to be “postgresql-password”
metadataApi.database.exporterPasswordstring"VerySecretPassword"MD access for export views (user ‘md_exporter’)
metadataApi.database.namestring"md"
metadataApi.database.passwordstring""
metadataApi.database.userstring""if user is empty, default postgres user and password is used
metadataApi.encryptor.enabledbooltrueenable datasource credentials organization oidc secret encryption in database.
metadataApi.encryptor.existingSecretstring""optionally, pass “keySet” in Secret instead.
metadataApi.encryptor.keySetstring""keyset generated by tinkey tool, must be set if encryptor is enabled
metadataApi.extraCachestring""String in the format organization1:12345;organization2:54321 this allows setting particular organization’s extraCache budgets in bytes
metadataApi.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
metadataApi.globalCspDirectivesobject{}Additional directives for Content-Security policy. It is a map of keys (CSP directives) and their values. Refer to https://w3c.github.io/webappsec-csp/#csp-directives for list of available directives These directives are merged with a preloaded set of CSP directives essential for basic GoodData.CN operation
metadataApi.image.namestring"metadata-api"
metadataApi.jvmOptionsstring"-XX:ReservedCodeCacheSize=140M -Xms400m -Xmx400m -XX:MaxMetaspaceSize=210M"Custom JVM options
metadataApi.podDisruptionBudget.maxUnavailablestring""
metadataApi.podDisruptionBudget.minAvailablestring""
metadataApi.pulsar.cacheCommand.messageTTLint300
metadataApi.pulsar.cacheCommand.topicstring"metadata.cache-command"
metadataApi.pulsar.cacheSettingsBootstrap.topicstring"cache-settings.bootstrap"
metadataApi.pulsar.cacheSettingsChange.messageTTLint300
metadataApi.pulsar.cacheSettingsChange.topicstring"cache-settings.change"
metadataApi.pulsar.dataSourceChange.messageTTLint300
metadataApi.pulsar.dataSourceChange.topicstring"data-source.change"
metadataApi.pulsar.modelUpdate.messageTTLint300
metadataApi.pulsar.modelUpdate.topicstring"metadata.model"
metadataApi.resources.limits.cpustring"1250m"
metadataApi.resources.limits.memorystring"1300Mi"
metadataApi.resources.requests.cpustring"100m"
metadataApi.resources.requests.memorystring"800Mi"
metadataApi.service.externalPortint9007
metadataApi.service.grpcExternalPortint6572
metadataApi.service.grpcInternalPortint6572
metadataApi.service.internalPortint9007
metadataApi.service.namestring"metadata-api"
metadataApi.service.typestring"ClusterIP"
monitoring.tracing.enabledboolfalse
monitoring.tracing.otel.public.collectorUrlstring""Publicly accessible URL of OTel Collector
monitoring.tracing.zipkin.hoststring"jaeger-collector"
monitoring.tracing.zipkin.namespacestring"monitoring"
monitoring.tracing.zipkin.portint9411
nameOverridestring""If not set, a name is generated using the name template.
networkPolicy.enabledboolfalseKubernetes Network Policy enablement.
networkPolicy.nginxIngressNamespaceLabelSelectorobject{"kubernetes.io/metadata.name":"ingress-nginx"}Kubernetes Namespace label(s) of Nginx Ingress. Required to allow ingress traffic.
networkPolicy.nginxIngressPodLabelSelectorobject{"app.kubernetes.io/name":"ingress-nginx"}Kubernetes Pod label(s) of Nginx Ingress. Required to allow ingress traffic.
nodeSelectorobject{}Kubernetes nodeSelector labels; applies to all GoodData.CN Pods
organizationController.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
organizationController.image.namestring"organization-controller"
organizationController.kubeClientTimeoutint10
organizationController.podDisruptionBudget.maxUnavailablestring""
organizationController.podDisruptionBudget.minAvailablestring""
organizationController.resources.limits.cpustring"100m"
organizationController.resources.limits.memorystring"200Mi"
organizationController.resources.requests.cpustring"10m"
organizationController.resources.requests.memorystring"50Mi"
pdfStaplerService.actuator.portint8287
pdfStaplerService.extraEnvVarslist[]
pdfStaplerService.image.namestring"pdf-stapler-service"
pdfStaplerService.jvmOptionsstring"-XX:ReservedCodeCacheSize=50M -Xms210m -Xmx210m -XX:MaxMetaspaceSize=70M"Custom JVM options
pdfStaplerService.loggingAppenderstring"json"
pdfStaplerService.podDisruptionBudget.maxUnavailablestring""
pdfStaplerService.podDisruptionBudget.minAvailablestring""
pdfStaplerService.resources.limits.cpustring"500m"
pdfStaplerService.resources.limits.memorystring"550Mi"
pdfStaplerService.resources.requests.cpustring"100m"
pdfStaplerService.resources.requests.memorystring"410Mi"
pdfStaplerService.service.grpcExternalPortint6889
pdfStaplerService.service.grpcInternalPortint6889
pdfStaplerService.service.namestring"pdf-stapler-service"
pdfStaplerService.service.typestring"ClusterIP"
platform_limits.max_afm_result_page_bytesint5242880Max size (bytes) of Arrow representation (FlexQuery) of the single page requested from the AFM execution result API.
platform_limits.max_column_sizeint1000Max Column Size. Limit used for FlexQuery.
platform_limits.max_dimension_sizeint10000Max Single Dimension Size. When query returns bigger dimension, the computation fails.
platform_limits.max_result_bytesint100000000The max size of the raw result (bytes). Getting bigger results from DB end with computation failure.
platform_limits.max_result_cell_countint1000000Max Result Cell Count how many cells are allowed in a returned result.
podDisruptionBudget.maxUnavailablestring""general maxUnavailable podDisruptionBudget, unless overridden per component
podDisruptionBudget.minAvailablestring""general minAvailable podDisruptionBudget, unless overridden per component
podMonitor.additionalLabelsobject{}
podMonitor.enabledboolfalse
podMonitor.intervalstring"20s"
podMonitor.pathstring"/actuator/prometheus"
podMonitor.portstring"actuator"
podMonitor.scrapeTimeoutstring"10s"
podSecurityContextobject{"runAsNonRoot":true}Kubernetes Pod Security Context settings.
postgresql-ha.metrics.enabledbooltrue
postgresql-ha.nameOverridestring"db"
postgresql-ha.pgpool.adminPasswordstring"pgpooladmin"
postgresql-ha.pgpool.clientIdleLimitint1860
postgresql-ha.pgpool.customUsers.passwordsstring""Define comma separated passwords for above mentioned users - applicable when you define dedicated users for Dex, MetadataApi and SqlExecutor databases.
postgresql-ha.pgpool.customUsers.usernamesstring""Define comma separated users - applicable when you define dedicated users for Dex, MetadataApi and SqlExecutor databases.
postgresql-ha.pgpool.customUsersSecretstring""You can provide secret with ‘usernames’ and ‘passowords’ in the same format as mentioned above.
postgresql-ha.pgpool.maxPoolint1
postgresql-ha.pgpool.numInitChildrenint70
postgresql-ha.pgpool.replicaCountint2
postgresql-ha.postgresql.existingSecretstring""If set, existing secret containing password and repmgrPassword can be used. See more details in the postgresql chart mentioned above.
postgresql-ha.postgresql.passwordstring"secret"
postgresql-ha.postgresql.repmgrPasswordstring"repmgrpassword"
postgresql-ha.postgresql.usernamestring"postgres"
postgresql-ha.volumePermissions.enabledbooltrue
prometheusRule.enabledboolfalse
prometheusRule.labelsobject{}
prometheusRule.ruleslist[]
pulsarJob.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
pulsarJob.namespacePerReleasebooltrueIf false, uncomment and set the ’tenant’ and ’namespace’ below. If true, the name of Pulsar’s tenant and namespace will be generated from the k8s namespace and release name. Note that if you set fixed names, you must avoid conflicts among multiple instances of this chart sharing the same Pulsar cluster.
quiver.advertiseFlightPortstring"16001"Note that quiver is an internal name for the FlexQuery service. Port which quiver advertises to clients. Client will use this port when connecting.
quiver.asyncRestorebooltrue
quiver.cacheCountLimitint5000
quiver.concurrentPutRequestsstring""Override of maximum number of DoPut requests that can be processed concurrently (by default derived from CPU count)
quiver.datasourceFsobject{"maxConnections":20}Configuration of the FS datasource itself
quiver.datasourceFs.maxConnectionsint20Maximal number of open connections to the FS datasource
quiver.durableStorageTypestring""Type of storage where to store durable caches ("" or “S3” or “FS”). Any change of this value requires ETCD wipe to refresh configuration!
quiver.etcdRegistrationTtlstring""Seconds how long can a Quiver node go without refreshing its registration in etcd (empty = default 30)
quiver.extraEnvVarsCachelist[]
quiver.extraEnvVarsDatasourcelist[]
quiver.extraEnvVarsXtablist[]Additional environment variables for xtab and cache deployments for example: extraEnvVarsXtab: [{"name":"QUIVER_FOO","value":"1"}]
quiver.fsDurableStorageobject{"storageClassName":""}FS durable storage configuration
quiver.fsDurableStorage.storageClassNamestring""External storage class name providing ReadWriteMany accessMode (maximum cache storage size taken from resultCache.totalCacheLimit)
quiver.glibcTunablesstring"glibc.malloc.trim_threshold=128:glibc.malloc.arena_max=2"
quiver.image.namestring"quiver"
quiver.limitFlightCountint50000
quiver.newFlightViewbooltrue
quiver.optimizations.etcd_disk_flight_catalogboolfalse
quiver.optimizations.etcd_init_page_sizeint5000
quiver.optimizations.etcd_init_serializablebooltrue
quiver.optimizations.etcd_shuffle_nodesbooltrue
quiver.podAnnotations.“prometheus.io/path”string"/"
quiver.podAnnotations.“prometheus.io/scrape”string"true"
quiver.podDisruptionBudget.maxUnavailablestring""
quiver.podDisruptionBudget.minAvailablestring""
quiver.podManagementPolicystring"Parallel"
quiver.podMonitor.pathstring"/"
quiver.podMonitor.portstring"metrics"
quiver.putQueueSizestring""Size of DoPut queue, DoPut requests are parked here if max DoPut concurrency is reached (by default 256)
quiver.replicaCount.cacheint2
quiver.replicaCount.datasourceint2
quiver.replicaCount.xtabint2
quiver.resources.cache.limits.cpustring"300m"
quiver.resources.cache.limits.memorystring"768Mi"
quiver.resources.cache.requests.cpustring"100m"
quiver.resources.cache.requests.memorystring"256Mi"
quiver.resources.datasource.limits.cpustring"500m"
quiver.resources.datasource.limits.memorystring"512Mi"
quiver.resources.datasource.requests.cpustring"200m"
quiver.resources.datasource.requests.memorystring"256Mi"
quiver.resources.xtab.limits.cpustring"500m"
quiver.resources.xtab.limits.memorystring"512Mi"
quiver.resources.xtab.requests.cpustring"200m"
quiver.resources.xtab.requests.memorystring"256Mi"
quiver.s3DatasourceFsStorageobject{"authType":"","endpointOverride":"","s3AccessKey":"","s3Bucket":"","s3BucketPrefix":"","s3Region":"","s3SecretKey":"","scheme":""}FS Datasource storage configuration
quiver.s3DatasourceFsStorage.authTypestring""Authentication type (“aws_tokens”
quiver.s3DatasourceFsStorage.endpointOverridestring""If non-empty, override S3 host with a connection string such as “localhost:3000”
quiver.s3DatasourceFsStorage.s3AccessKeystring""AWS secret access key of IAM account with access to S3 bucket
quiver.s3DatasourceFsStorage.s3Bucketstring""AWS bucket name to store datasource files
quiver.s3DatasourceFsStorage.s3BucketPrefixstring""Custom bucket prefix
quiver.s3DatasourceFsStorage.s3Regionstring""AWS region, default “us-east-1”
quiver.s3DatasourceFsStorage.s3SecretKeystring""AWS access key id of IAM account with access to S3 bucket
quiver.s3DatasourceFsStorage.schemestring""S3 connection transport, default “https”
quiver.s3DurableStorageobject{"authType":"","durableS3WritesInProgress":"","endpointOverride":"","s3AccessKey":"","s3Bucket":"","s3BucketPrefix":"","s3Region":"","s3SecretKey":"","scheme":""}S3 durable storage configuration
quiver.s3DurableStorage.authTypestring""Authentication type (“aws_tokens”
quiver.s3DurableStorage.durableS3WritesInProgressstring""Maximum number of write streams to S3 (empty = default)
quiver.s3DurableStorage.endpointOverridestring""If non-empty, override S3 host with a connect string such as “localhost:3000”
quiver.s3DurableStorage.s3AccessKeystring""AWS secret access key of IAM account with access to S3 bucket
quiver.s3DurableStorage.s3Bucketstring""AWS bucket name to store caches
quiver.s3DurableStorage.s3BucketPrefixstring""Custom bucket prefix
quiver.s3DurableStorage.s3Regionstring""AWS region, default “us-east-1”
quiver.s3DurableStorage.s3SecretKeystring""AWS access key id of IAM account with access to S3 bucket
quiver.s3DurableStorage.schemestring""S3 connection transport, default “https”
quiver.serverCriticalRssGraceint15Grace period, in seconds, for which the server’s RSS usage may remain in critical state (90% memory used)
quiver.serverMallocTrimIntervalint5Interval in seconds influencing how often does server call malloc_trim() which returns unused memory to system
quiver.service.flightPortint16001
quiver.service.liveness.initialDelaySecondsint10
quiver.service.liveness.pathstring"/live"
quiver.service.liveness.periodSecondsint15
quiver.service.liveness.portint8877
quiver.service.liveness.timeoutSecondsint4
quiver.service.metricsPortint16101
quiver.service.namestring"quiver"
quiver.service.readiness.initialDelaySecondsint5
quiver.service.readiness.pathstring"/ready"
quiver.service.readiness.periodSecondsint15
quiver.service.readiness.portint8877
quiver.service.readiness.timeoutSecondsint2
quiver.service.typestring"ClusterIP"
quiver.sslCertFilestring""
quiver.storage.cache.diskCachePathstring"/quiver/cache/data"
quiver.storage.cache.diskCacheSizestring"900Mi"
quiver.storage.cache.diskSizestring"1Gi"
quiver.storage.serverWorkDirstring"/quiver/server/data"
quiver.storage.serverWorkDirSizestring"256Mi"
redis-ha.exporter.enabledbooltrue
redis-ha.exporter.imagestring"oliver006/redis_exporter"set to repository in local registry for air-gapped installations
redis-ha.image.repositorystring"redis"set to repository in local registry for air-gapped installations
redis-ha.redis.config.maxmemorystring"100m"This value should be tuned according to the real load
redis-ha.redis.config.maxmemory-policystring"allkeys-lru"
replicaCountint2Default replica count (if not overridden for specific component).
resources.limits.cpustring"500m"Maximum CPU timeshare per pod
resources.limits.memorystring"500Mi"Maximum memory per pod
resources.requests.cpustring"150m"Scheduled CPU timeshare per pod
resources.requests.memorystring"250Mi"Scheduled memory per pod
resultCache.actuator.portint9041
resultCache.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
resultCache.image.namestring"result-cache"
resultCache.jvmOptionsstring"-XX:ReservedCodeCacheSize=60M -Xms1100m -Xmx1100m -XX:MaxMetaspaceSize=155M"Custom JVM options
resultCache.podDisruptionBudget.maxUnavailablestring""
resultCache.podDisruptionBudget.minAvailablestring""
resultCache.pulsar.cacheSettingsBootstrap.messageTTLint300
resultCache.pulsar.cacheSettingsBootstrap.topicstring"cache-settings.bootstrap"
resultCache.pulsar.cacheSettingsChange.deadLetter.topicstring"cache-settings.change.DLQ"
resultCache.pulsar.cacheSettingsChange.topicstring"cache-settings.change"
resultCache.pulsar.dataSourceChange.deadLetter.topicstring"data-source.change.DLQ"
resultCache.pulsar.dataSourceChange.topicstring"data-source.change"
resultCache.pulsar.modelUpdate.deadLetter.topicstring"metadata.model.DLQ"
resultCache.pulsar.modelUpdate.topicstring"metadata.model"
resultCache.pulsar.resultXtab.deadLetter.topicstring"result.xtab.DLQ"
resultCache.pulsar.resultXtab.messageTTLint300
resultCache.pulsar.resultXtab.topicstring"result.xtab"
resultCache.resources.limits.cpustring"750m"
resultCache.resources.limits.memorystring"1530Mi"
resultCache.resources.requests.cpustring"100m"
resultCache.resources.requests.memorystring"1330Mi"
resultCache.service.externalPortint9040
resultCache.service.grpcExternalPortint6567
resultCache.service.grpcInternalPortint6567
resultCache.service.internalPortint9040
resultCache.service.namestring"result-cache"
resultCache.service.typestring"ClusterIP"
resultCache.totalCacheLimitint34359738368
resultCache.workspaceBaselineCacheint0
scanModel.actuator.portint9061
scanModel.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
scanModel.image.namestring"scan-model"
scanModel.jvmOptionsstring"-XX:ReservedCodeCacheSize=90M -Xms110m -Xmx110m -XX:MaxMetaspaceSize=130M"Custom JVM options
scanModel.podDisruptionBudget.maxUnavailablestring""
scanModel.podDisruptionBudget.minAvailablestring""
scanModel.resources.limits.cpustring"500m"
scanModel.resources.limits.memorystring"560Mi"
scanModel.resources.requests.cpustring"100m"
scanModel.resources.requests.memorystring"300Mi"
scanModel.service.externalPortint9060
scanModel.service.internalPortint9060
scanModel.service.namestring"scan-model"
scanModel.service.typestring"ClusterIP"
securityContextobject{}Kubernetes Security Context settings.
service.etcd.headlessHostslist["host1","host2"]If you have ETCD deployed externally, set headlessHosts to list of fully qualified names of ETCD headless hosts. Used only when useInternalQuiverEtcd: false otherwise let it empty.
service.etcd.portint2379If you have ETCD deployed externally, set port to a port of external ETCD. Used only when useInternalQuiverEtcd: false.
service.postgres.existingSecretstring""You can define your own existing secret here containing postgresql-password key with the actual password. Not applicable when deployPostgresHA: true.
service.postgres.hoststring""Here you should define basic parameters for connecting to external, Postgresql-compatible DB engine (like RDS) where metadata and application configuration will be stored. Mandatory when you set deployPostgresHA: false above. When using built-in Postgresql HA chart, the configuration is retrieved automatically and these settings are not used.
service.postgres.passwordstring"topsecret"
service.postgres.portint5432
service.postgres.usernamestring"postgres"
service.pulsar.brokerPortint6650
service.pulsar.hoststring"pulsar-broker.pulsar"If you have Apache Pulsar deployed externally, set host to fully qualified name of the broker. For default setup, when Pulsar is deployed to Kubernetes cluster using Helm chart, using pattern -broker. should be OK and this value doesn’t need to be changed.
service.pulsar.wsPortint8080
service.redis.clusterModeboolfalseWhen true, it will use Redis cluster protocol for communication. Useful for HA deployment.
service.redis.existingSecretstring""You can define your own existing secret here containing redis-password key with the actual password
service.redis.hostslist[]Used when using external Redis service (like Elasticache on AWS, Memorystore on GCP or so). Format is a list of hostnames where the Redis is running.
service.redis.passwordstring""Password for accessing Redis if the Redis authentication is turned on
service.redis.portint6379
service.redis.useSSLboolfalseUse SSL for communication with Redis cache
serviceAccount.annotationsobject{}Optional annotations for service account. Useful for IAM role assignment.
serviceAccount.createbooltrueSpecifies whether a service account should be created.
serviceAccount.nameboolnilThe name of the service account to use. If not set and create is true, a name is generated using the fullname template.
sqlExecutor.actuator.portint9101
sqlExecutor.database.existingSecretstring""you can specify custom secret with sqlExecutor database password; the key needs to be “postgresql-password”
sqlExecutor.database.namestring"execution"
sqlExecutor.database.passwordstring""
sqlExecutor.database.userstring""if user is empty, default postgres user and password is used
sqlExecutor.enableHikariMonitoringbooltrueWhether to enable HikariCP monitoring: true
sqlExecutor.extraDriversInitContainerstring""see documentation how to mount the image with extra drivers to GoodData.CN
sqlExecutor.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
sqlExecutor.image.namestring"sql-executor"
sqlExecutor.jvmOptionsstring"-XX:ReservedCodeCacheSize=110M -Xms460m -Xmx460m -XX:MaxMetaspaceSize=200M -XX:ActiveProcessorCount=6"Custom JVM options
sqlExecutor.podDisruptionBudget.maxUnavailablestring""
sqlExecutor.podDisruptionBudget.minAvailablestring""
sqlExecutor.pulsar.cacheGc.deadLetter.topicstring"caches.garbage-collect.DLQ"
sqlExecutor.pulsar.cacheGc.topicstring"caches.garbage-collect"
sqlExecutor.pulsar.dataSourceChange.topicstring"data-source.change"
sqlExecutor.pulsar.sqlSelect.deadLetter.topicstring"sql.select.DLQ"
sqlExecutor.pulsar.sqlSelect.topicstring"sql.select"
sqlExecutor.resources.limits.cpustring"500m"
sqlExecutor.resources.limits.ephemeral-storagestring"300Mi"
sqlExecutor.resources.limits.memorystring"1300Mi"
sqlExecutor.resources.requests.cpustring"100m"
sqlExecutor.resources.requests.ephemeral-storagestring"300Mi"
sqlExecutor.resources.requests.memorystring"550Mi"
sqlExecutor.service.externalPortint6570
sqlExecutor.service.internalPortint6570
sqlExecutor.service.namestring"sql-executor"
sqlExecutor.service.typestring"ClusterIP"
tabularExporter.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
tabularExporter.image.namestring"tabular-exporter"
tabularExporter.podDisruptionBudget.maxUnavailablestring""
tabularExporter.podDisruptionBudget.minAvailablestring""
tabularExporter.resources.limits.cpustring"200m"
tabularExporter.resources.limits.memorystring"250Mi"
tabularExporter.resources.requests.cpustring"50m"
tabularExporter.resources.requests.memorystring"150Mi"
tabularExporter.service.externalPortint6789
tabularExporter.service.internalPortint6789
tabularExporter.service.namestring"tabular-exporter"
tabularExporter.service.typestring"ClusterIP"
telemetryEnabledbooltrueIf set to true, deployed services will report telemetry data to https://matomo.anywhere.gooddata.com/matomo.php
tolerationslist[]Kubernetes tolerations; applies to all GoodData.CN Pods tolerations: - key: “example-key” operator: “Exists” effect: “NoSchedule”
tools.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
tools.image.namestring"tools"
tools.replicaCountint1
tools.resources.limits.cpustring"200m"
tools.resources.limits.memorystring"200Mi"
tools.resources.requests.cpustring"10m"
tools.resources.requests.memorystring"5Mi"
topologySpreadConstraints.enabledboolfalseenables topologySpreadConstraints for all GoodData.CN Pods
topologySpreadConstraints.maxSkewint1Degree of uneven pod distribution
topologySpreadConstraints.topologyKeystring"kubernetes.io/hostname"Topology key
topologySpreadConstraints.whenUnsatisfiablestring"ScheduleAnyway"What to do when constraint is not met. Either “DoNotSchedule” or “ScheduleAnyway”
ui.intercomKeystring""Intercom key. Used internally by GoodData, should not be set on GoodData CN deployments.
useInternalQuiverEtcdbooltrueIf set to true, this chart will install bitnami/etcd as a part of the deployment. If false, your existing external ETCD must be configured in section service.etcd below.
useQuiverOptimisticConcurrencybooltrueIf set to true, additional header send is when calling Quivers doPut operations this is an optimization that can save up to 50% writes to etcd (should be switched to true as default in future)
visualExporterChromium.image.namestring"visual-exporter-chromium"
visualExporterChromium.remoteDebuggingPortint9222
visualExporterChromium.resources.limits.cpustring"2000m"
visualExporterChromium.resources.limits.memorystring"2048Mi"
visualExporterChromium.resources.requests.cpustring"200m"
visualExporterChromium.resources.requests.memorystring"550Mi"
visualExporterProxy.image.namestring"visual-exporter-proxy"
visualExporterProxy.permittedDestinationsstring""Space-delimited list of RFC1918 IPs or CIDRs where visual exporter can connect For security reasons, exporter can’t connect to hosts belonging to the following ranges: 0.0.0.0/8, 10.0.0.0/8, 127.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 If your organizations have IP address from these ranges, you need to add this IP(s) to make visual exports (PDF) working. Example: permittedDestinations: “10.1.2.3/32 172.16.0.0/24”
visualExporterProxy.resources.limits.cpustring"100m"
visualExporterProxy.resources.limits.memorystring"215Mi"
visualExporterProxy.resources.requests.cpustring"50m"
visualExporterProxy.resources.requests.memorystring"215Mi"
visualExporterService.actuator.portint8287
visualExporterService.extraEnvVars[0].namestring"SERVER_TOMCAT_THREADS_MAX"
visualExporterService.extraEnvVars[0].valuestring"4"
visualExporterService.extraEnvVars[1].namestring"SERVER_TOMCAT_ACCEPTCOUNT"
visualExporterService.extraEnvVars[1].valuestring"200"
visualExporterService.image.namestring"visual-exporter-service"
visualExporterService.jvmOptionsstring"-XX:ReservedCodeCacheSize=50M -Xms100m -Xmx100m -XX:MaxMetaspaceSize=70M"Custom JVM options
visualExporterService.loggingAppenderstring"json"
visualExporterService.podDisruptionBudget.maxUnavailablestring""
visualExporterService.podDisruptionBudget.minAvailablestring""
visualExporterService.resources.limits.cpustring"500m"
visualExporterService.resources.limits.memorystring"350Mi"
visualExporterService.resources.requests.cpustring"100m"
visualExporterService.resources.requests.memorystring"300Mi"
visualExporterService.service.externalPortint8080
visualExporterService.service.internalPortint8080
visualExporterService.service.namestring"visual-exporter-service"
visualExporterService.service.typestring"ClusterIP"
webComponents.extraEnvVarslist[]Additional environment variables for example: extraEnvVars: [{"name":"SOME_VAR","value":"some value"}]
webComponents.image.namestring"web-components"
webComponents.podDisruptionBudget.maxUnavailablestring""
webComponents.podDisruptionBudget.minAvailablestring""
webComponents.resources.limits.cpustring"100m"
webComponents.resources.limits.memorystring"35Mi"
webComponents.resources.requests.cpustring"10m"
webComponents.resources.requests.memorystring"15Mi"
webComponents.service.externalPortint9800
webComponents.service.internalPortint8080
webComponents.service.namestring"web-components"
webComponents.service.typestring"ClusterIP"
Helm Chart Installation
Logging and Monitoring