--- ## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass ## ## @param global.imageRegistry Global Docker image registry ## @param global.imagePullSecrets Global Docker registry secret names as an array ## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s) ## global: imageRegistry: "" ## e.g: ## imagePullSecrets: ## - myRegistryKeySecretName ## imagePullSecrets: [] defaultStorageClass: "" ## Compatibility adaptations for Kubernetes platforms ## compatibility: ## Compatibility adaptations for Openshift ## openshift: ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) ## adaptSecurityContext: auto ## @param global.compatibility.omitEmptySeLinuxOptions If set to true, removes the seLinuxOptions from the securityContexts when it is set to an empty object ## omitEmptySeLinuxOptions: false ## @section Common parameters ## ## @param kubeVersion Override Kubernetes version ## kubeVersion: "" ## @param nameOverride String to partially override common.names.name ## nameOverride: "" ## @param fullnameOverride String to fully override common.names.fullname ## fullnameOverride: "" ## @param namespaceOverride String to fully override common.names.namespace ## namespaceOverride: "" ## @param commonLabels Labels to add to all deployed objects ## commonLabels: {} ## @param commonAnnotations Annotations to add to all deployed objects ## commonAnnotations: {} ## @param clusterDomain Kubernetes cluster domain name ## clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] ## Diagnostic mode ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) ## @param diagnosticMode.command Command to override all containers in the chart release ## @param diagnosticMode.args Args to override all containers in the chart release ## diagnosticMode: enabled: false command: - sleep args: - infinity ## @section Shared Shuffle Parameters ## shuffle: ## @param shuffle.baseUrl The external base URL under which Shuffle is reachable. ## baseUrl: "" ## ref: https://shuffler.io/docs/organizations ## This chart only supports single-tenant deployments at the moment ## @param shuffle.org Default shuffle organization ## org: Shuffle ## @param shuffle.appRegistry The registry from / to which shuffle apps are pulled / pushed ## appRegistry: "docker.io" ## @param shuffle.appBaseImageName The base image used for shuffle apps. The final image for an app is //: ## appBaseImageName: "frikky" ## @param shuffle.timezone The timezone used by Shuffle ## timezone: Europe/Berlin ## @section backend Parameters ## backend: ## backend image ## @param backend.image.registry backend image registry ## @param backend.image.repository backend image repository ## @param backend.image.tag backend image tag (immutable tags are recommended, defaults to appVersion) ## @param backend.image.digest backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) ## @param backend.image.pullPolicy backend image pull policy ## @param backend.image.pullSecrets backend image pull secrets ## image: registry: ghcr.io repository: shuffle/shuffle-backend tag: "" digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param backend.replicaCount Number of backend replicas to deploy ## replicaCount: 1 ## @param backend.containerPorts.http backend HTTP container port ## containerPorts: http: 5001 ## @param backend.extraContainerPorts Optionally specify extra list of additional ports for backend containers ## e.g: ## extraContainerPorts: ## - name: myservice ## containerPort: 9090 ## extraContainerPorts: [] ## Configure extra options for backend containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param backend.livenessProbe.enabled Enable livenessProbe on backend containers ## @param backend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param backend.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param backend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param backend.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param backend.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: false initialDelaySeconds: 0 periodSeconds: 15 timeoutSeconds: 1 failureThreshold: 4 successThreshold: 1 ## @param backend.readinessProbe.enabled Enable readinessProbe on backend containers ## @param backend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param backend.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param backend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param backend.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param backend.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: false initialDelaySeconds: 0 periodSeconds: 5 timeoutSeconds: 1 failureThreshold: 3 successThreshold: 1 ## @param backend.startupProbe.enabled Enable startupProbe on backend containers ## @param backend.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param backend.startupProbe.periodSeconds Period seconds for startupProbe ## @param backend.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param backend.startupProbe.failureThreshold Failure threshold for startupProbe ## @param backend.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 0 periodSeconds: 1 timeoutSeconds: 1 failureThreshold: 60 successThreshold: 1 ## @param backend.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param backend.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param backend.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## backend resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param backend.resourcesPreset Set backend container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if backend.resources is set (backend.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## Shuffle gets OOM killed with 256M memory during startup. Up to 360MiB of memory usage were observed during testing. ## The small preset grants 512M. ## resourcesPreset: "small" ## @param backend.resources Set backend container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param backend.podSecurityContext.enabled Enable backend pods' Security Context ## @param backend.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for backend pods ## @param backend.podSecurityContext.sysctls Set kernel settings using the sysctl interface for backend pods ## @param backend.podSecurityContext.supplementalGroups Set filesystem extra groups for backend pods ## @param backend.podSecurityContext.fsGroup Set fsGroup in backend pods' Security Context ## podSecurityContext: enabled: true fsGroupChangePolicy: Always sysctls: [] supplementalGroups: [] fsGroup: 1001 ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param backend.containerSecurityContext.enabled Enabled backend container' Security Context ## @param backend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in backend container ## @param backend.containerSecurityContext.runAsUser Set runAsUser in backend container' Security Context ## @param backend.containerSecurityContext.runAsGroup Set runAsGroup in backend container' Security Context ## @param backend.containerSecurityContext.runAsNonRoot Set runAsNonRoot in backend container' Security Context ## @param backend.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in backend container' Security Context ## @param backend.containerSecurityContext.privileged Set privileged in backend container' Security Context ## @param backend.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in backend container' Security Context ## @param backend.containerSecurityContext.capabilities.drop List of capabilities to be dropped in backend container ## @param backend.containerSecurityContext.seccompProfile.type Set seccomp profile in backend container ## containerSecurityContext: enabled: true seLinuxOptions: {} runAsUser: 1001 runAsGroup: 1001 runAsNonRoot: true readOnlyRootFilesystem: true privileged: false allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## @param backend.command Override default backend container command (useful when using custom images) ## command: [] ## @param backend.args Override default backend container args (useful when using custom images) ## args: [] ## @param backend.automountServiceAccountToken Mount Service Account token in backend pods ## NOTE: backend requires the service account credentials to be mounted ## automountServiceAccountToken: true ## @param backend.hostAliases backend pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param backend.deploymentAnnotations Annotations for backend deployment ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## deploymentAnnotations: {} ## @param backend.podLabels Extra labels for backend pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param backend.podAnnotations Annotations for backend pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param backend.podAffinityPreset Pod affinity preset. Ignored if `backend.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param backend.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `backend.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node backend.affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param backend.nodeAffinityPreset.type Node affinity preset type. Ignored if `backend.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param backend.nodeAffinityPreset.key Node label key to match. Ignored if `backend.affinity` is set ## key: "" ## @param backend.nodeAffinityPreset.values Node label values to match. Ignored if `backend.affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param backend.affinity Affinity for backend pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: `backend.podAffinityPreset`, `backend.podAntiAffinityPreset`, and `backend.nodeAffinityPreset` will be ignored when it's set ## affinity: {} ## @param backend.nodeSelector Node labels for backend pods assignment ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param backend.tolerations Tolerations for backend pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param backend.updateStrategy.type backend deployment strategy type ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## updateStrategy: ## Can be set to RollingUpdate or Recreate ## Backend uses ReadWriteOnce volumes by default, which is incompatible with RollingUpdate ## type: Recreate ## @param backend.priorityClassName backend pods' priorityClassName ## priorityClassName: "" ## @param backend.topologySpreadConstraints Topology Spread Constraints for backend pod assignment spread across your cluster among failure-domains ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param backend.schedulerName Name of the k8s scheduler (other than default) for backend pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param backend.terminationGracePeriodSeconds Seconds backend pods need to terminate gracefully ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: "" ## @param backend.lifecycleHooks for backend containers to automate configuration before or after startup ## lifecycleHooks: {} ## @param backend.extraEnvVars Array with extra environment variables to add to backend containers ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param backend.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for backend containers ## extraEnvVarsCM: "" ## @param backend.extraEnvVarsSecret Name of existing Secret containing extra env vars for backend containers ## extraEnvVarsSecret: "" ## @param backend.extraVolumes Optionally specify extra list of additional volumes for the backend pods ## extraVolumes: [] ## @param backend.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the backend containers ## extraVolumeMounts: [] ## @param backend.sidecars Add additional sidecar containers to the backend pods ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param backend.initContainers Add additional init containers to the backend pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] ## Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## @param backend.pdb.create Enable/disable a Pod Disruption Budget creation ## @param backend.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled ## @param backend.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `backend.pdb.minAvailable` and `backend.pdb.maxUnavailable` are empty. ## pdb: create: true minAvailable: "" maxUnavailable: "" ## Autoscaling configuration ## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/ ## autoscaling: ## @param backend.autoscaling.vpa.enabled Enable VPA for backend pods ## @param backend.autoscaling.vpa.annotations Annotations for VPA resource ## @param backend.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory ## @param backend.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod ## @param backend.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod ## vpa: enabled: false annotations: {} controlledResources: [] maxAllowed: {} minAllowed: {} ## @param backend.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy ## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod ## Possible values are "Off", "Initial", "Recreate", and "Auto". ## updatePolicy: updateMode: Auto ## @param backend.autoscaling.hpa.enabled Enable HPA for backend pods ## @param backend.autoscaling.hpa.minReplicas Minimum number of replicas ## @param backend.autoscaling.hpa.maxReplicas Maximum number of replicas ## @param backend.autoscaling.hpa.targetCPU Target CPU utilization percentage ## @param backend.autoscaling.hpa.targetMemory Target Memory utilization percentage ## hpa: enabled: false minReplicas: "" maxReplicas: "" targetCPU: "" targetMemory: "" ## Service configuration ## service: ## @param backend.service.labels Extra labels for backend service ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## labels: {} ## ServiceAccount configuration ## serviceAccount: ## @param backend.serviceAccount.create Specifies whether a ServiceAccount should be created ## create: true ## @param backend.serviceAccount.name The name of the ServiceAccount to use. ## If not set and create is true, a name is generated using the common.names.fullname template ## name: "" ## @param backend.serviceAccount.annotations Additional Service Account annotations (evaluated as a template) ## annotations: {} ## @param backend.serviceAccount.automountServiceAccountToken Automount service account token for the backend service account ## automountServiceAccountToken: true ## @param backend.serviceAccount.imagePullSecrets Add image pull secrets to the backend service account ## imagePullSecrets: [] ## RBAC configuration ## rbac: ## @param backend.rbac.create Specifies whether RBAC resources should be created create: true ## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## networkPolicy: ## @param backend.networkPolicy.enabled Specifies whether a NetworkPolicy should be created ## enabled: true ## @param backend.networkPolicy.allowExternal Don't require server label for connections ## The Policy model to apply. When set to false, only pods with the correct ## server label will have network access to the ports server is listening ## on. When true, server will accept connections from any source ## (with the correct destination port). ## allowExternal: true ## @param backend.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. ## allowExternalEgress: true ## @param backend.networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy ## NOTE: You likely want to allow access from your ingress, e.g.: ## extraIngress: ## - ports: ## - protocol: TCP ## port: 5001 ## from: ## - namespaceSelector: ## matchLabels: ## kubernetes.io/metadata.name: istio-ingress ## podSelector: ## matchLabels: ## istio: ingress ## extraIngress: [] ## @param backend.networkPolicy.extraEgress Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) ## NOTE: You likely want to allow access to OpenSearch and cluster-proxies, e.g: ## extraEgress: ## - to: ## - namespaceSelector: ## matchLabels: ## kubernetes.io/metadata.name: istio-system ## podSelector: ## matchLabels: ## istio: pilot ## - ports: ## - protocol: TCP ## port: 9200 ## - protocol: TCP ## port: 9300 ## to: ## - namespaceSelector: ## matchLabels: ## kubernetes.io/metadata.name: shuffle ## podSelector: ## matchLabels: ## app.kubernetes.io/name: opensearch ## extraEgress: [] ## @param backend.cleanupSchedule The interval in seconds at which the cleanup job runs ## cleanupSchedule: 300 ## OpenSearch configuration ## openSearch: ## @param backend.openSearch.url The URL at which OpenSearch is available ## url: "http://{{ .Release.Name }}-opensearch:9200" ## @param backend.openSearch.username The username that is used for authenticating with OpenSearch ## username: admin ## @param backend.openSearch.certificateFile The path to a custom OpenSearch certificate file ## certificateFile: "" ## @param backend.openSearch.skipSSLVerify Skip SSL verification ## skipSSLVerify: false ## @param backend.openSearch.indexPrefix A prefix for OpenSearch indices ## indexPrefix: "" ## App configuration ## apps: ## @param backend.apps.downloadLocation The location to a git repository from which default appps are downloaded on startup. ## downloadLocation: https://github.com/shuffle/python-apps ## @param backend.apps.downloadBranch The branch from which apps should be downloaded on startup. ## downloadBranch: master ## @param backend.apps.forceUpdate Force an update of apps on startup. ## forceUpdate: false ## @section frontend Parameters ## frontend: ## frontend image ## @param frontend.image.registry frontend image registry ## @param frontend.image.repository frontend image repository ## @param frontend.image.tag frontend image tag (immutable tags are recommended, defaults to appVersion) ## @param frontend.image.digest frontend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) ## @param frontend.image.pullPolicy frontend image pull policy ## @param frontend.image.pullSecrets frontend image pull secrets ## image: registry: ghcr.io repository: shuffle/shuffle-frontend tag: "" digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param frontend.replicaCount Number of frontend replicas to deploy ## replicaCount: 1 ## @param frontend.containerPorts.http frontend HTTP container port ## @param frontend.containerPorts.https frontend HTTPS container port ## containerPorts: http: 80 https: 443 ## @param frontend.extraContainerPorts Optionally specify extra list of additional ports for frontend containers ## e.g: ## extraContainerPorts: ## - name: myservice ## containerPort: 9090 ## extraContainerPorts: [] ## Configure extra options for frontend containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param frontend.livenessProbe.enabled Enable livenessProbe on frontend containers ## @param frontend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param frontend.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param frontend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param frontend.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param frontend.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: false initialDelaySeconds: 0 periodSeconds: 15 timeoutSeconds: 1 failureThreshold: 4 successThreshold: 1 ## @param frontend.readinessProbe.enabled Enable readinessProbe on frontend containers ## @param frontend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param frontend.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param frontend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param frontend.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param frontend.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: false initialDelaySeconds: 0 periodSeconds: 5 timeoutSeconds: 1 failureThreshold: 3 successThreshold: 1 ## @param frontend.startupProbe.enabled Enable startupProbe on frontend containers ## @param frontend.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param frontend.startupProbe.periodSeconds Period seconds for startupProbe ## @param frontend.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param frontend.startupProbe.failureThreshold Failure threshold for startupProbe ## @param frontend.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 0 periodSeconds: 1 timeoutSeconds: 1 failureThreshold: 60 successThreshold: 1 ## @param frontend.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param frontend.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param frontend.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## frontend resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param frontend.resourcesPreset Set frontend container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if frontend.resources is set (frontend.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "nano" ## @param frontend.resources Set frontend container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param frontend.podSecurityContext.enabled Enable frontend pods' Security Context ## @param frontend.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for frontend pods ## @param frontend.podSecurityContext.sysctls Set kernel settings using the sysctl interface for frontend pods ## @param frontend.podSecurityContext.supplementalGroups Set filesystem extra groups for frontend pods ## @param frontend.podSecurityContext.fsGroup Set fsGroup in frontend pods' Security Context ## podSecurityContext: enabled: false # The default shuffle frontend image does not support running as non-root, because /etc/nginx/nginx.conf is written on startup fsGroupChangePolicy: Always sysctls: [] supplementalGroups: [] fsGroup: 1001 ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param frontend.containerSecurityContext.enabled Enabled frontend container' Security Context ## @param frontend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in frontend container ## @param frontend.containerSecurityContext.runAsUser Set runAsUser in frontend container' Security Context ## @param frontend.containerSecurityContext.runAsGroup Set runAsGroup in frontend container' Security Context ## @param frontend.containerSecurityContext.runAsNonRoot Set runAsNonRoot in frontend container' Security Context ## @param frontend.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in frontend container' Security Context ## @param frontend.containerSecurityContext.privileged Set privileged in frontend container' Security Context ## @param frontend.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in frontend container' Security Context ## @param frontend.containerSecurityContext.capabilities.drop List of capabilities to be dropped in frontend container ## @param frontend.containerSecurityContext.seccompProfile.type Set seccomp profile in frontend container ## containerSecurityContext: enabled: false # The default shuffle frontend image does not support running as non-root, because /etc/nginx/nginx.conf is written on startup seLinuxOptions: {} runAsUser: 1001 runAsGroup: 1001 runAsNonRoot: true readOnlyRootFilesystem: true privileged: false allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## @param frontend.command Override default frontend container command (useful when using custom images) ## command: [] ## @param frontend.args Override default frontend container args (useful when using custom images) ## args: [] ## @param frontend.automountServiceAccountToken Mount Service Account token in frontend pods ## automountServiceAccountToken: false ## @param frontend.hostAliases frontend pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param frontend.deploymentAnnotations Annotations for frontend deployment ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## deploymentAnnotations: {} ## @param frontend.podLabels Extra labels for frontend pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param frontend.podAnnotations Annotations for frontend pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param frontend.podAffinityPreset Pod affinity preset. Ignored if `frontend.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param frontend.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `frontend.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node frontend.affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param frontend.nodeAffinityPreset.type Node affinity preset type. Ignored if `frontend.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param frontend.nodeAffinityPreset.key Node label key to match. Ignored if `frontend.affinity` is set ## key: "" ## @param frontend.nodeAffinityPreset.values Node label values to match. Ignored if `frontend.affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param frontend.affinity Affinity for frontend pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: `frontend.podAffinityPreset`, `frontend.podAntiAffinityPreset`, and `frontend.nodeAffinityPreset` will be ignored when it's set ## affinity: {} ## @param frontend.nodeSelector Node labels for frontend pods assignment ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param frontend.tolerations Tolerations for frontend pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param frontend.updateStrategy.type frontend deployment strategy type ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## updateStrategy: ## Can be set to RollingUpdate or Recreate ## type: RollingUpdate ## @param frontend.priorityClassName frontend pods' priorityClassName ## priorityClassName: "" ## @param frontend.topologySpreadConstraints Topology Spread Constraints for frontend pod assignment spread across your cluster among failure-domains ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param frontend.schedulerName Name of the k8s scheduler (other than default) for frontend pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param frontend.terminationGracePeriodSeconds Seconds frontend pods need to terminate gracefully ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: "" ## @param frontend.lifecycleHooks for frontend containers to automate configuration before or after startup ## lifecycleHooks: {} ## @param frontend.extraEnvVars Array with extra environment variables to add to frontend containers ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param frontend.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for frontend containers ## extraEnvVarsCM: "" ## @param frontend.extraEnvVarsSecret Name of existing Secret containing extra env vars for frontend containers ## extraEnvVarsSecret: "" ## @param frontend.extraVolumes Optionally specify extra list of additional volumes for the frontend pods ## extraVolumes: [] ## @param frontend.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the frontend containers ## extraVolumeMounts: [] ## @param frontend.sidecars Add additional sidecar containers to the frontend pods ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param frontend.initContainers Add additional init containers to the frontend pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] ## Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## @param frontend.pdb.create Enable/disable a Pod Disruption Budget creation ## @param frontend.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled ## @param frontend.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `frontend.pdb.minAvailable` and `frontend.pdb.maxUnavailable` are empty. ## pdb: create: true minAvailable: "" maxUnavailable: "" ## Autoscaling configuration ## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/ ## autoscaling: ## @param frontend.autoscaling.vpa.enabled Enable VPA for frontend pods ## @param frontend.autoscaling.vpa.annotations Annotations for VPA resource ## @param frontend.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory ## @param frontend.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod ## @param frontend.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod ## vpa: enabled: false annotations: {} controlledResources: [] maxAllowed: {} minAllowed: {} ## @param frontend.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy ## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod ## Possible values are "Off", "Initial", "Recreate", and "Auto". ## updatePolicy: updateMode: Auto ## @param frontend.autoscaling.hpa.enabled Enable HPA for frontend pods ## @param frontend.autoscaling.hpa.minReplicas Minimum number of replicas ## @param frontend.autoscaling.hpa.maxReplicas Maximum number of replicas ## @param frontend.autoscaling.hpa.targetCPU Target CPU utilization percentage ## @param frontend.autoscaling.hpa.targetMemory Target Memory utilization percentage ## hpa: enabled: false minReplicas: "" maxReplicas: "" targetCPU: "" targetMemory: "" ## Service configuration ## service: ## @param frontend.service.labels Extra labels for frontend service ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## labels: {} ## ServiceAccount configuration ## serviceAccount: ## @param frontend.serviceAccount.create Specifies whether a ServiceAccount should be created ## create: true ## @param frontend.serviceAccount.name The name of the ServiceAccount to use. ## If not set and create is true, a name is generated using the common.names.fullname template ## name: "" ## @param frontend.serviceAccount.annotations Additional Service Account annotations (evaluated as a template) ## annotations: {} ## @param frontend.serviceAccount.automountServiceAccountToken Automount service account token for the frontend service account ## automountServiceAccountToken: true ## @param frontend.serviceAccount.imagePullSecrets Add image pull secrets to the frontend service account ## imagePullSecrets: [] ## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## networkPolicy: ## @param frontend.networkPolicy.enabled Specifies whether a NetworkPolicy should be created ## enabled: true ## @param frontend.networkPolicy.allowExternal Don't require server label for connections ## The Policy model to apply. When set to false, only pods with the correct ## server label will have network access to the ports server is listening ## on. When true, server will accept connections from any source ## (with the correct destination port). ## allowExternal: true ## @param frontend.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. ## allowExternalEgress: true ## @param frontend.networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy ## NOTE: You likely want to allow access from your ingress, e.g.: ## extraIngress: ## - ports: ## - protocol: TCP ## port: 5001 ## from: ## - namespaceSelector: ## matchLabels: ## kubernetes.io/metadata.name: istio-ingress ## podSelector: ## matchLabels: ## istio: ingress ## extraIngress: [] ## @param frontend.networkPolicy.extraEgress Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) ## extraEgress: [] ## @section orborus Parameters ## orborus: ## orborus image ## @param orborus.image.registry orborus image registry ## @param orborus.image.repository orborus image repository ## @param orborus.image.tag orborus image tag (immutable tags are recommended, defaults to appVersion) ## @param orborus.image.digest orborus image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) ## @param orborus.image.pullPolicy orborus image pull policy ## @param orborus.image.pullSecrets orborus image pull secrets ## image: registry: ghcr.io repository: shuffle/shuffle-orborus tag: "" digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param orborus.replicaCount Number of orborus replicas to deploy ## replicaCount: 1 ## @param orborus.extraContainerPorts Optionally specify extra list of additional ports for orborus containers ## e.g: ## extraContainerPorts: ## - name: myservice ## containerPort: 9090 ## extraContainerPorts: [] ## Configure extra options for orborus containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param orborus.livenessProbe.enabled Enable livenessProbe on orborus containers ## @param orborus.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param orborus.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param orborus.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param orborus.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param orborus.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: false initialDelaySeconds: 0 periodSeconds: 15 timeoutSeconds: 1 failureThreshold: 4 successThreshold: 1 ## @param orborus.readinessProbe.enabled Enable readinessProbe on orborus containers ## @param orborus.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param orborus.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param orborus.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param orborus.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param orborus.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: false initialDelaySeconds: 0 periodSeconds: 5 timeoutSeconds: 1 failureThreshold: 3 successThreshold: 1 ## @param orborus.startupProbe.enabled Enable startupProbe on orborus containers ## @param orborus.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param orborus.startupProbe.periodSeconds Period seconds for startupProbe ## @param orborus.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param orborus.startupProbe.failureThreshold Failure threshold for startupProbe ## @param orborus.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 0 periodSeconds: 1 timeoutSeconds: 1 failureThreshold: 60 successThreshold: 1 ## @param orborus.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param orborus.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param orborus.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## orborus resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param orborus.resourcesPreset Set orborus container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if orborus.resources is set (orborus.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "nano" ## @param orborus.resources Set orborus container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param orborus.podSecurityContext.enabled Enable orborus pods' Security Context ## @param orborus.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for orborus pods ## @param orborus.podSecurityContext.sysctls Set kernel settings using the sysctl interface for orborus pods ## @param orborus.podSecurityContext.supplementalGroups Set filesystem extra groups for orborus pods ## @param orborus.podSecurityContext.fsGroup Set fsGroup in orborus pods' Security Context ## podSecurityContext: enabled: true fsGroupChangePolicy: Always sysctls: [] supplementalGroups: [] fsGroup: 1001 ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param orborus.containerSecurityContext.enabled Enabled orborus container' Security Context ## @param orborus.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in orborus container ## @param orborus.containerSecurityContext.runAsUser Set runAsUser in orborus container' Security Context ## @param orborus.containerSecurityContext.runAsGroup Set runAsGroup in orborus container' Security Context ## @param orborus.containerSecurityContext.runAsNonRoot Set runAsNonRoot in orborus container' Security Context ## @param orborus.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in orborus container' Security Context ## @param orborus.containerSecurityContext.privileged Set privileged in orborus container' Security Context ## @param orborus.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in orborus container' Security Context ## @param orborus.containerSecurityContext.capabilities.drop List of capabilities to be dropped in orborus container ## @param orborus.containerSecurityContext.seccompProfile.type Set seccomp profile in orborus container ## containerSecurityContext: enabled: true seLinuxOptions: {} runAsUser: 1001 runAsGroup: 1001 runAsNonRoot: true readOnlyRootFilesystem: true privileged: false allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## @param orborus.command Override default orborus container command (useful when using custom images) ## command: [] ## @param orborus.args Override default orborus container args (useful when using custom images) ## args: [] ## @param orborus.automountServiceAccountToken Mount Service Account token in orborus pods ## NOTE: orborus requires the service account credentials to be mounted if manageWorkerDeployments is enabled. ## automountServiceAccountToken: true ## @param orborus.hostAliases orborus pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param orborus.deploymentAnnotations Annotations for orborus deployment ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## deploymentAnnotations: {} ## @param orborus.podLabels Extra labels for orborus pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param orborus.podAnnotations Annotations for orborus pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param orborus.podAffinityPreset Pod affinity preset. Ignored if `orborus.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param orborus.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `orborus.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node orborus.affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param orborus.nodeAffinityPreset.type Node affinity preset type. Ignored if `orborus.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param orborus.nodeAffinityPreset.key Node label key to match. Ignored if `orborus.affinity` is set ## key: "" ## @param orborus.nodeAffinityPreset.values Node label values to match. Ignored if `orborus.affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param orborus.affinity Affinity for orborus pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: `orborus.podAffinityPreset`, `orborus.podAntiAffinityPreset`, and `orborus.nodeAffinityPreset` will be ignored when it's set ## affinity: {} ## @param orborus.nodeSelector Node labels for orborus pods assignment ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param orborus.tolerations Tolerations for orborus pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param orborus.updateStrategy.type orborus deployment strategy type ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## updateStrategy: ## Can be set to RollingUpdate or Recreate ## type: RollingUpdate ## @param orborus.priorityClassName orborus pods' priorityClassName ## priorityClassName: "" ## @param orborus.topologySpreadConstraints Topology Spread Constraints for orborus pod assignment spread across your cluster among failure-domains ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param orborus.schedulerName Name of the k8s scheduler (other than default) for orborus pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param orborus.terminationGracePeriodSeconds Seconds orborus pods need to terminate gracefully ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: "" ## @param orborus.lifecycleHooks for orborus containers to automate configuration before or after startup ## lifecycleHooks: {} ## @param orborus.extraEnvVars Array with extra environment variables to add to orborus containers ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param orborus.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for orborus containers ## extraEnvVarsCM: "" ## @param orborus.extraEnvVarsSecret Name of existing Secret containing extra env vars for orborus containers ## extraEnvVarsSecret: "" ## @param orborus.extraVolumes Optionally specify extra list of additional volumes for the orborus pods ## extraVolumes: [] ## @param orborus.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the orborus containers ## extraVolumeMounts: [] ## @param orborus.sidecars Add additional sidecar containers to the orborus pods ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param orborus.initContainers Add additional init containers to the orborus pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] ## Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## @param orborus.pdb.create Enable/disable a Pod Disruption Budget creation ## @param orborus.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled ## @param orborus.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `orborus.pdb.minAvailable` and `orborus.pdb.maxUnavailable` are empty. ## pdb: create: true minAvailable: "" maxUnavailable: "" ## Autoscaling configuration ## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/ ## autoscaling: ## @param orborus.autoscaling.vpa.enabled Enable VPA for orborus pods ## @param orborus.autoscaling.vpa.annotations Annotations for VPA resource ## @param orborus.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory ## @param orborus.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod ## @param orborus.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod ## vpa: enabled: false annotations: {} controlledResources: [] maxAllowed: {} minAllowed: {} ## @param orborus.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy ## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod ## Possible values are "Off", "Initial", "Recreate", and "Auto". ## updatePolicy: updateMode: Auto ## @param orborus.autoscaling.hpa.enabled Enable HPA for orborus pods ## @param orborus.autoscaling.hpa.minReplicas Minimum number of replicas ## @param orborus.autoscaling.hpa.maxReplicas Maximum number of replicas ## @param orborus.autoscaling.hpa.targetCPU Target CPU utilization percentage ## @param orborus.autoscaling.hpa.targetMemory Target Memory utilization percentage ## hpa: enabled: false minReplicas: "" maxReplicas: "" targetCPU: "" targetMemory: "" ## ServiceAccount configuration ## serviceAccount: ## @param orborus.serviceAccount.create Specifies whether a ServiceAccount should be created ## create: true ## @param orborus.serviceAccount.name The name of the ServiceAccount to use. ## If not set and create is true, a name is generated using the common.names.fullname template ## name: "" ## @param orborus.serviceAccount.annotations Additional Service Account annotations (evaluated as a template) ## annotations: {} ## @param orborus.serviceAccount.automountServiceAccountToken Automount service account token for the orborus service account ## automountServiceAccountToken: true ## @param orborus.serviceAccount.imagePullSecrets Add image pull secrets to the orborus service account ## imagePullSecrets: [] ## RBAC configuration ## rbac: ## @param orborus.rbac.create Specifies whether RBAC resources should be created create: true ## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## networkPolicy: ## @param orborus.networkPolicy.enabled Specifies whether a NetworkPolicy should be created ## enabled: true ## @param orborus.networkPolicy.allowExternal Don't require server label for connections ## The Policy model to apply. When set to false, only pods with the correct ## server label will have network access to the ports server is listening ## on. When true, server will accept connections from any source ## (with the correct destination port). ## allowExternal: true ## @param orborus.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. ## allowExternalEgress: true ## @param orborus.networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy ## extraIngress: [] ## @param orborus.networkPolicy.extraEgress Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) ## NOTE: You likely want to allow access to cluster-proxies, e.g: ## extraEgress: ## - to: ## - namespaceSelector: ## matchLabels: ## kubernetes.io/metadata.name: istio-system ## podSelector: ## matchLabels: ## istio: pilot ## extraEgress: [] ## @param orborus.executionConcurrency The maximum amount of concurrent workflow executions per worker ## executionConcurrency: 25 ## @param orborus.manageWorkerDeployments Whether workers are deployed and managed by orborus. When disabled, every worker is expected to be already deployed (see worker.enableHelmDeployment). ## This effectively removes required RBAC permissions from the shuffle-orborus service account to create deployments and services. ## Orborus might still attempt to create kubernetes objects, resulting in an error. There is currently no way to tell orborus, that it should not manage k8s resources. ## You likely want to disable worker.enableHelmDeployment when enabling this. manageWorkerDeployments: true ## @section worker Parameters ## worker: ## @param worker.enableHelmDeployment Deploy worker via helm. By default, workers are deployed by Orborus. ## You might want to disable orborus.manageWorkerDeployments when enabling this. enableHelmDeployment: false ## worker image ## @param worker.image.registry worker image registry ## @param worker.image.repository worker image repository ## @param worker.image.tag worker image tag (immutable tags are recommended, defaults to appVersion) ## @param worker.image.digest worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) ## @param worker.image.pullPolicy worker image pull policy. Only effective with worker.enableHelmDeployment. ## @param worker.image.pullSecrets worker image pull secrets. Only effective with worker.enableHelmDeployment. ## image: registry: ghcr.io repository: shuffle/shuffle-worker tag: "" digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param worker.replicaCount Number of worker replicas to deploy. Only effective with worker.enableHelmDeployment. ## replicaCount: 1 ## @param worker.containerPorts.http backend HTTP container port ## containerPorts: http: 33333 ## @param worker.extraContainerPorts Optionally specify extra list of additional ports for worker containers. Only effective with worker.enableHelmDeployment. ## e.g: ## extraContainerPorts: ## - name: myservice ## containerPort: 9090 ## extraContainerPorts: [] ## Configure extra options for worker containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param worker.livenessProbe.enabled Enable livenessProbe on worker containers. Only effective with worker.enableHelmDeployment. ## @param worker.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param worker.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param worker.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param worker.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param worker.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: false initialDelaySeconds: 0 periodSeconds: 15 timeoutSeconds: 1 failureThreshold: 4 successThreshold: 1 ## @param worker.readinessProbe.enabled Enable readinessProbe on worker containers. Only effective with worker.enableHelmDeployment. ## @param worker.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param worker.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param worker.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param worker.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param worker.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: false initialDelaySeconds: 0 periodSeconds: 5 timeoutSeconds: 1 failureThreshold: 3 successThreshold: 1 ## @param worker.startupProbe.enabled Enable startupProbe on worker containers. Only effective with worker.enableHelmDeployment. ## @param worker.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param worker.startupProbe.periodSeconds Period seconds for startupProbe ## @param worker.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param worker.startupProbe.failureThreshold Failure threshold for startupProbe ## @param worker.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 0 periodSeconds: 1 timeoutSeconds: 1 failureThreshold: 60 successThreshold: 1 ## @param worker.customLivenessProbe Custom livenessProbe that overrides the default one. Only effective with worker.enableHelmDeployment. ## customLivenessProbe: {} ## @param worker.customReadinessProbe Custom readinessProbe that overrides the default one. Only effective with worker.enableHelmDeployment. ## customReadinessProbe: {} ## @param worker.customStartupProbe Custom startupProbe that overrides the default one. Only effective with worker.enableHelmDeployment. ## customStartupProbe: {} ## worker resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param worker.resourcesPreset Set worker container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if worker.resources is set (worker.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "nano" ## @param worker.resources Set worker container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param worker.podSecurityContext.enabled Enable worker pods' Security Context ## @param worker.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for worker pods ## @param worker.podSecurityContext.sysctls Set kernel settings using the sysctl interface for worker pods ## @param worker.podSecurityContext.supplementalGroups Set filesystem extra groups for worker pods ## @param worker.podSecurityContext.fsGroup Set fsGroup in worker pods' Security Context ## podSecurityContext: enabled: true fsGroupChangePolicy: Always sysctls: [] supplementalGroups: [] fsGroup: 1001 ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param worker.containerSecurityContext.enabled Enabled worker container' Security Context ## @param worker.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in worker container ## @param worker.containerSecurityContext.runAsUser Set runAsUser in worker container' Security Context ## @param worker.containerSecurityContext.runAsGroup Set runAsGroup in worker container' Security Context ## @param worker.containerSecurityContext.runAsNonRoot Set runAsNonRoot in worker container' Security Context ## @param worker.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in worker container' Security Context ## @param worker.containerSecurityContext.privileged Set privileged in worker container' Security Context ## @param worker.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in worker container' Security Context ## @param worker.containerSecurityContext.capabilities.drop List of capabilities to be dropped in worker container ## @param worker.containerSecurityContext.seccompProfile.type Set seccomp profile in worker container ## containerSecurityContext: enabled: true seLinuxOptions: {} runAsUser: 1001 runAsGroup: 1001 runAsNonRoot: true readOnlyRootFilesystem: true privileged: false allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## @param worker.command Override default worker container command (useful when using custom images). Only effective with worker.enableHelmDeployment. ## command: [] ## @param worker.args Override default worker container args (useful when using custom images). Only effective with worker.enableHelmDeployment. ## args: [] ## @param worker.automountServiceAccountToken Mount Service Account token in worker pods. Only effective with worker.enableHelmDeployment. ## NOTE: worker requires the service account credentials to be mounted if manageAppDeployments is enabled. ## automountServiceAccountToken: true ## @param worker.hostAliases worker pods host aliases. Only effective with worker.enableHelmDeployment. ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param worker.deploymentAnnotations Annotations for worker deployment. Only effective with worker.enableHelmDeployment. ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## deploymentAnnotations: {} ## @param worker.podLabels Extra labels for worker pods. Only effective with worker.enableHelmDeployment. ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param worker.podAnnotations Annotations for worker pods. Only effective with worker.enableHelmDeployment. ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param worker.podAffinityPreset Pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. Only effective with worker.enableHelmDeployment. ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param worker.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. Only effective with worker.enableHelmDeployment. ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node worker.affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param worker.nodeAffinityPreset.type Node affinity preset type. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. Only effective with worker.enableHelmDeployment. ## type: "" ## @param worker.nodeAffinityPreset.key Node label key to match. Ignored if `worker.affinity` is set ## key: "" ## @param worker.nodeAffinityPreset.values Node label values to match. Ignored if `worker.affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param worker.affinity Affinity for worker pods assignment. Only effective with worker.enableHelmDeployment. ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: `worker.podAffinityPreset`, `worker.podAntiAffinityPreset`, and `worker.nodeAffinityPreset` will be ignored when it's set ## affinity: {} ## @param worker.nodeSelector Node labels for worker pods assignment. Only effective with worker.enableHelmDeployment. ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param worker.tolerations Tolerations for worker pods assignment. Only effective with worker.enableHelmDeployment. ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param worker.updateStrategy.type worker deployment strategy type. Only effective with worker.enableHelmDeployment. ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## updateStrategy: ## Can be set to RollingUpdate or Recreate ## type: RollingUpdate ## @param worker.priorityClassName worker pods' priorityClassName. Only effective with worker.enableHelmDeployment. ## priorityClassName: "" ## @param worker.topologySpreadConstraints Topology Spread Constraints for worker pod assignment spread across your cluster among failure-domains. Only effective with worker.enableHelmDeployment. ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param worker.schedulerName Name of the k8s scheduler (other than default) for worker pods. Only effective with worker.enableHelmDeployment. ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param worker.terminationGracePeriodSeconds Seconds worker pods need to terminate gracefully. Only effective with worker.enableHelmDeployment. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: "" ## @param worker.lifecycleHooks for worker containers to automate configuration before or after startup. Only effective with worker.enableHelmDeployment. ## lifecycleHooks: {} ## @param worker.extraEnvVars Array with extra environment variables to add to worker containers. Only effective with worker.enableHelmDeployment. ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param worker.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for worker containers. Only effective with worker.enableHelmDeployment. ## extraEnvVarsCM: "" ## @param worker.extraEnvVarsSecret Name of existing Secret containing extra env vars for worker containers. Only effective with worker.enableHelmDeployment. ## extraEnvVarsSecret: "" ## @param worker.extraVolumes Optionally specify extra list of additional volumes for the worker pods. Only effective with worker.enableHelmDeployment. ## extraVolumes: [] ## @param worker.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the worker containers. Only effective with worker.enableHelmDeployment. ## extraVolumeMounts: [] ## @param worker.sidecars Add additional sidecar containers to the worker pods. Only effective with worker.enableHelmDeployment. ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param worker.initContainers Add additional init containers to the worker pods. Only effective with worker.enableHelmDeployment. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] ## Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## @param worker.pdb.create Enable/disable a Pod Disruption Budget creation. Only effective with worker.enableHelmDeployment. ## @param worker.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled ## @param worker.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `worker.pdb.minAvailable` and `worker.pdb.maxUnavailable` are empty. ## pdb: create: true minAvailable: "" maxUnavailable: "" ## Autoscaling configuration ## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/ ## autoscaling: ## @param worker.autoscaling.vpa.enabled Enable VPA for worker pods. Only effective with worker.enableHelmDeployment. ## @param worker.autoscaling.vpa.annotations Annotations for VPA resource ## @param worker.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory ## @param worker.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod ## @param worker.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod ## vpa: enabled: false annotations: {} controlledResources: [] maxAllowed: {} minAllowed: {} ## @param worker.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy ## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod ## Possible values are "Off", "Initial", "Recreate", and "Auto". ## updatePolicy: updateMode: Auto ## @param worker.autoscaling.hpa.enabled Enable HPA for worker pods. Only effective with worker.enableHelmDeployment. ## @param worker.autoscaling.hpa.minReplicas Minimum number of replicas ## @param worker.autoscaling.hpa.maxReplicas Maximum number of replicas ## @param worker.autoscaling.hpa.targetCPU Target CPU utilization percentage ## @param worker.autoscaling.hpa.targetMemory Target Memory utilization percentage ## hpa: enabled: false minReplicas: "" maxReplicas: "" targetCPU: "" targetMemory: "" ## Service configuration ## service: ## @param worker.service.labels Extra labels for worker service. Only effective with worker.enableHelmDeployment. ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## labels: {} ## ServiceAccount configuration ## serviceAccount: ## @param worker.serviceAccount.create Specifies whether a ServiceAccount should be created ## create: true ## @param worker.serviceAccount.name The name of the ServiceAccount to use. ## If not set and create is true, a name is generated using the common.names.fullname template ## name: "" ## @param worker.serviceAccount.annotations Additional Service Account annotations (evaluated as a template) ## annotations: {} ## @param worker.serviceAccount.automountServiceAccountToken Automount service account token for the worker service account ## automountServiceAccountToken: true ## @param worker.serviceAccount.imagePullSecrets Add image pull secrets to the worker service account ## imagePullSecrets: [] ## RBAC configuration ## rbac: ## @param worker.rbac.create Specifies whether RBAC resources should be created create: true ## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## networkPolicy: ## @param worker.networkPolicy.enabled Specifies whether a NetworkPolicy should be created ## enabled: true ## @param worker.networkPolicy.allowExternal Don't require server label for connections ## The Policy model to apply. When set to false, only pods with the correct ## server label will have network access to the ports server is listening ## on. When true, server will accept connections from any source ## (with the correct destination port). ## allowExternal: true ## @param worker.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. ## allowExternalEgress: true ## @param worker.networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy ## extraIngress: [] ## @param worker.networkPolicy.extraEgress Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) ## NOTE: You likely want to allow access to cluster-proxies, e.g: ## extraEgress: ## - to: ## - namespaceSelector: ## matchLabels: ## kubernetes.io/metadata.name: istio-system ## podSelector: ## matchLabels: ## istio: pilot ## extraEgress: [] ## @param worker.manageAppDeployments Whether apps are deployed and managed by worker. When disabled, every used app is expected to to be already deployed (see apps.enabled). ## This effectively removes required RBAC permissions from the shuffle-worker service account to create deployments and services. ## The worker might still attempt to create kubernetes objects, resulting in an error. There is currently no way to tell the worker, that it should not manage k8s resources. manageAppDeployments: true ## @section app Parameters ## app: ## @param app.image.registry app image registry (defaults to shuffle.appRegistry) ## @param app.image.repository app image repository (defaults to shuffle.appBaseImageName) ## @param app.image.tag app image tag (defaults to the apps version) ## @param app.image.pullPolicy default image pull policy for app deployments. Only effective for helm-deployed apps (see apps.enabled). ## @param app.image.pullSecrets default image pull secrets for app deployments. Only effective for helm-deployed apps (see apps.enabled). ## image: registry: "" repository: "" tag: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param app.replicaCount Default number of replicas to deploy for each app. Only effective for helm-deployed apps (see apps.enabled). ## replicaCount: 1 ## @param app.extraContainerPorts Optionally specify extra list of additional ports for app containers. Only effective for helm-deployed apps (see apps.enabled). ## e.g: ## extraContainerPorts: ## - name: myservice ## containerPort: 9090 ## extraContainerPorts: [] ## Configure extra options for app containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param app.livenessProbe.enabled Enable livenessProbe on app containers. Only effective for helm-deployed apps (see apps.enabled). ## @param app.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param app.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param app.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param app.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param app.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: false initialDelaySeconds: 0 periodSeconds: 15 timeoutSeconds: 1 failureThreshold: 4 successThreshold: 1 ## @param app.readinessProbe.enabled Enable readinessProbe on app containers. Only effective for helm-deployed apps (see apps.enabled). ## @param app.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param app.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param app.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param app.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param app.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: false initialDelaySeconds: 0 periodSeconds: 5 timeoutSeconds: 1 failureThreshold: 3 successThreshold: 1 ## @param app.startupProbe.enabled Enable startupProbe on app containers. Only effective for helm-deployed apps (see apps.enabled). ## @param app.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param app.startupProbe.periodSeconds Period seconds for startupProbe ## @param app.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param app.startupProbe.failureThreshold Failure threshold for startupProbe ## @param app.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 0 periodSeconds: 1 timeoutSeconds: 1 failureThreshold: 60 successThreshold: 1 ## @param app.customLivenessProbe Custom livenessProbe that overrides the default one. Only effective for helm-deployed apps (see apps.enabled). ## customLivenessProbe: {} ## @param app.customReadinessProbe Custom readinessProbe that overrides the default one. Only effective for helm-deployed apps (see apps.enabled). ## customReadinessProbe: {} ## @param app.customStartupProbe Custom startupProbe that overrides the default one. Only effective for helm-deployed apps (see apps.enabled). ## customStartupProbe: {} ## app resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param app.resourcesPreset Set app container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if app.resources is set (app.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "nano" ## @param app.resources Set app container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param app.podSecurityContext.enabled Enable app pods' Security Context ## @param app.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for app pods ## @param app.podSecurityContext.sysctls Set kernel settings using the sysctl interface for app pods ## @param app.podSecurityContext.supplementalGroups Set filesystem extra groups for app pods ## @param app.podSecurityContext.fsGroup Set fsGroup in app pods' Security Context ## podSecurityContext: enabled: true fsGroupChangePolicy: Always sysctls: [] supplementalGroups: [] fsGroup: 1001 ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param app.containerSecurityContext.enabled Enabled app container' Security Context ## @param app.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in app container ## @param app.containerSecurityContext.runAsUser Set runAsUser in app container' Security Context ## @param app.containerSecurityContext.runAsGroup Set runAsGroup in app container' Security Context ## @param app.containerSecurityContext.runAsNonRoot Set runAsNonRoot in app container' Security Context ## @param app.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in app container' Security Context ## @param app.containerSecurityContext.privileged Set privileged in app container' Security Context ## @param app.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in app container' Security Context ## @param app.containerSecurityContext.capabilities.drop List of capabilities to be dropped in app container ## @param app.containerSecurityContext.seccompProfile.type Set seccomp profile in app container ## containerSecurityContext: enabled: true seLinuxOptions: {} runAsUser: 1001 runAsGroup: 1001 runAsNonRoot: true readOnlyRootFilesystem: true privileged: false allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## @param app.command Override default app container command (useful when using custom images) ## command: [] ## @param app.args Override default app container args (useful when using custom images) ## args: [] ## @param app.automountServiceAccountToken Mount Service Account token in app pods. Only effective for helm-deployed apps (see apps.enabled). ## automountServiceAccountToken: false ## @param app.hostAliases app pods host aliases. Only effective for helm-deployed apps (see apps.enabled). ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param app.deploymentAnnotations Annotations for app deployment. Only effective for helm-deployed apps (see apps.enabled). ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## deploymentAnnotations: {} ## @param app.podLabels Extra labels for app pods. Only effective for helm-deployed apps (see apps.enabled). ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param app.podAnnotations Annotations for app pods. Only effective for helm-deployed apps (see apps.enabled). ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param app.podAffinityPreset Pod affinity preset. Ignored if `app.affinity` is set. Allowed values: `soft` or `hard`. Only effective for helm-deployed apps (see apps.enabled). ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param app.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `app.affinity` is set. Allowed values: `soft` or `hard`. Only effective for helm-deployed apps (see apps.enabled). ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node app.affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param app.nodeAffinityPreset.type Node affinity preset type. Ignored if `app.affinity` is set. Allowed values: `soft` or `hard`. Only effective for helm-deployed apps (see apps.enabled). ## type: "" ## @param app.nodeAffinityPreset.key Node label key to match. Ignored if `app.affinity` is set ## key: "" ## @param app.nodeAffinityPreset.values Node label values to match. Ignored if `app.affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param app.affinity Affinity for app pods assignment. Only effective for helm-deployed apps (see apps.enabled). ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: `app.podAffinityPreset`, `app.podAntiAffinityPreset`, and `app.nodeAffinityPreset` will be ignored when it's set ## affinity: {} ## @param app.nodeSelector Node labels for app pods assignment. Only effective for helm-deployed apps (see apps.enabled). ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param app.tolerations Tolerations for app pods assignment. Only effective for helm-deployed apps (see apps.enabled). ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param app.updateStrategy.type app deployment strategy type. Only effective for helm-deployed apps (see apps.enabled). ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## updateStrategy: ## Can be set to RollingUpdate or Recreate ## type: RollingUpdate ## @param app.priorityClassName app pods' priorityClassName. Only effective for helm-deployed apps (see apps.enabled). ## priorityClassName: "" ## @param app.topologySpreadConstraints Topology Spread Constraints for app pod assignment spread across your cluster among failure-domains. Only effective for helm-deployed apps (see apps.enabled). ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param app.schedulerName Name of the k8s scheduler (other than default) for app pods. Only effective for helm-deployed apps (see apps.enabled). ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param app.terminationGracePeriodSeconds Seconds app pods need to terminate gracefully. Only effective for helm-deployed apps (see apps.enabled). ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: "" ## @param app.lifecycleHooks for app containers to automate configuration before or after startup. Only effective for helm-deployed apps (see apps.enabled). ## lifecycleHooks: {} ## @param app.extraEnvVars Array with extra environment variables to add to app containers. Only effective for helm-deployed apps (see apps.enabled). ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param app.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for app containers. Only effective for helm-deployed apps (see apps.enabled). ## extraEnvVarsCM: "" ## @param app.extraEnvVarsSecret Name of existing Secret containing extra env vars for app containers. Only effective for helm-deployed apps (see apps.enabled). ## extraEnvVarsSecret: "" ## @param app.extraVolumes Optionally specify extra list of additional volumes for the app pods. Only effective for helm-deployed apps (see apps.enabled). ## extraVolumes: [] ## @param app.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the app containers. Only effective for helm-deployed apps (see apps.enabled). ## extraVolumeMounts: [] ## @param app.sidecars Add additional sidecar containers to the app pods. Only effective for helm-deployed apps (see apps.enabled). ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param app.initContainers Add additional init containers to the app pods. Only effective for helm-deployed apps (see apps.enabled). ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] ## Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## @param app.pdb.create Enable/disable a Pod Disruption Budget creation. Only effective for helm-deployed apps (see apps.enabled). ## @param app.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled ## @param app.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `app.pdb.minAvailable` and `app.pdb.maxUnavailable` are empty. ## pdb: create: true minAvailable: "" maxUnavailable: "" ## Autoscaling configuration ## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/ ## autoscaling: ## @param app.autoscaling.vpa.enabled Enable VPA for app pods. Only effective for helm-deployed apps (see apps.enabled). ## @param app.autoscaling.vpa.annotations Annotations for VPA resource ## @param app.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory ## @param app.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod ## @param app.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod ## vpa: enabled: false annotations: {} controlledResources: [] maxAllowed: {} minAllowed: {} ## @param app.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy ## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod ## Possible values are "Off", "Initial", "Recreate", and "Auto". ## updatePolicy: updateMode: Auto ## @param app.autoscaling.hpa.enabled Enable HPA for app pods. Only effective for helm-deployed apps (see apps.enabled). ## @param app.autoscaling.hpa.minReplicas Minimum number of replicas ## @param app.autoscaling.hpa.maxReplicas Maximum number of replicas ## @param app.autoscaling.hpa.targetCPU Target CPU utilization percentage ## @param app.autoscaling.hpa.targetMemory Target Memory utilization percentage ## hpa: enabled: false minReplicas: "" maxReplicas: "" targetCPU: "" targetMemory: "" ## Service configuration ## service: ## @param app.service.labels Extra labels for app service. Only effective for helm-deployed apps (see apps.enabled). ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## labels: {} ## ServiceAccount configuration ## serviceAccount: ## @param app.serviceAccount.create Specifies whether a ServiceAccount should be created ## create: true ## @param app.serviceAccount.name The name of the ServiceAccount to use. ## If not set and create is true, a name is generated using the common.names.fullname template ## name: "" ## @param app.serviceAccount.annotations Additional Service Account annotations (evaluated as a template) ## annotations: {} ## @param app.serviceAccount.automountServiceAccountToken Automount service account token for the app service account ## automountServiceAccountToken: true ## @param app.serviceAccount.imagePullSecrets Add image pull secrets to the app service account ## imagePullSecrets: [] ## RBAC configuration ## rbac: ## @param app.rbac.create Specifies whether RBAC resources should be created create: true ## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## networkPolicy: ## @param app.networkPolicy.enabled Specifies whether a NetworkPolicy should be created ## enabled: true ## @param app.networkPolicy.allowExternal Don't require server label for connections ## The Policy model to apply. When set to false, only pods with the correct ## server label will have network access to the ports server is listening ## on. When true, server will accept connections from any source ## (with the correct destination port). ## allowExternal: true ## @param app.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. ## allowExternalEgress: true ## @param app.networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy ## extraIngress: [] ## @param app.networkPolicy.extraEgress Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) ## extraEgress: [] ## @param app.mountTmpVolume Whether a writable /tmp emptyDir volume should be mounted to the app. ## mountTmpVolume: true ## @param app.exposedContainerPort The port that shuffle app containers will listen on for new requests. ## exposedContainerPort: 80 ## @param app.sdkTimeout The timeout in seconds for app actions. ## sdkTimeout: 300 ## @param app.disableLogs Do not capture app logs. By default, app logs are captured, so that they are visible in the frontend. ## disableLogs: false ## @section Parameters to deploy apps using helm ## apps: ## @param apps.enabled Whether apps should be deployed using helm. ## By default, workers create deployments and services for apps when they are first needed (or during startup for some selected apps). ## Deploying apps via workers has some drawbacks, such as: ## - A workflow fails when the app is not deployed when the workflow gets executed (see https://github.com/Shuffle/Shuffle/issues/1739) ## - There is no way to set different service accounts, security contexts, resources, env variables, volume mounts, or replicas for different apps ## - Worker needs elevated permissions in Kubernetes ## Note that you can deploy some apps via helm, while keeping the flexibility of letting workers deploy apps if they are not already deployed. ## If you deploy all needed apps via helm and dont want workers to create additional deployments, set worker.manageAppDeployments to false. ## enabled: false shuffleTools: ## @param apps.shuffleTools.enabled Whether the shuffle-tools app is enabled ## enabled: true ## @skip apps.shuffleTools.name ## name: shuffle-tools ## @param apps.shuffleTools.version The version of the shuffle-tools app to deploy. ## version: 1.2.0 # You can override .app.* values here, e.g. replicaCount, resources or image. shuffleSubflow: ## @param apps.shuffleSubflow.enabled Whether the shuffle-subflow app is enabled ## enabled: true ## @skip apps.shuffleSubflow.name ## name: shuffle-subflow ## @param apps.shuffleSubflow.version The version of the shuffle-subflow app to deploy. ## version: 1.1.0 # You can override .app.* values here, e.g. replicaCount, resources or image. http: ## @param apps.http.enabled Whether the http app is enabled ## enabled: true ## @skip apps.http.name ## name: http ## @param apps.http.version The version of the http app to deploy. ## version: 1.4.0 # You can override .app.* values here, e.g. replicaCount, resources or image. ## @extra apps.MY_APP.app [string] The name of the app (required, e.g. shuffle-tools) ## @extra apps.MY_APP.version [string] The version of the app (required, e.g. 1.2.0) ## Add your own apps here. The key of the app does not matter, as long as it is unique. ## myApp: ## enabled: true ## name: my-app ## version: 1.0.0 ## ... Overwrite .app.* values here, e.g.: ## replicaCount: 3 ## resources: {} ## @section Traffic Exposure Parameters ## ## ingress parameters ## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/ ## ingress: ## @param ingress.enabled Enable ingress record generation for frontend and backend ## enabled: false ## @param ingress.pathType Ingress path type for the frontend path ## pathType: Prefix ## @param ingress.backendPathType Ingress path type for the backend path ## backendPathType: Prefix ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) ## apiVersion: "" ## @param ingress.hostname Default host for the ingress record ## hostname: shuffle.local ## @param ingress.ingressClassName [default: nginx] IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ ## ingressClassName: "" ## @param ingress.path [default: "/"] Ingress path for Shuffle frontend ## NOTE: The shuffle frontend currently does not support using base paths ## path: / ## @param ingress.backendPath [default: "/api/"] Ingress path for Shuffle backend ## NOTE: The shuffle backend is currently required to be reachable at shuffle-frontend.example.com/api/ ## backendPath: /api/ ## @param ingress.annotations Additional annotations for the Ingress resource. ## annotations: {} ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` ## You can: ## - Use the `ingress.secrets` parameter to create this TLS secret ## - Rely on cert-manager to create it by setting the corresponding annotations ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` ## tls: false ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm ## selfSigned: false ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record ## e.g: ## extraHosts: ## - name: example.local ## path: / ## extraHosts: [] ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host ## e.g: ## extraPaths: ## - path: /* ## backend: ## serviceName: ssl-redirect ## servicePort: use-annotation ## extraPaths: [] ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## e.g: ## extraTls: ## - hosts: ## - example.local ## secretName: example.local-tls ## extraTls: [] ## @param ingress.secrets Custom TLS certificates as secrets ## NOTE: 'key' and 'certificate' are expected in PEM format ## NOTE: 'name' should line up with a 'secretName' set further up ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information ## e.g: ## secrets: ## - name: example.local-tls ## key: |- ## -----BEGIN RSA PRIVATE KEY----- ## ... ## -----END RSA PRIVATE KEY----- ## certificate: |- ## -----BEGIN CERTIFICATE----- ## ... ## -----END CERTIFICATE----- ## secrets: [] ## @param ingress.extraRules Additional rules to be covered with this ingress record ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules ## e.g: ## extraRules: ## - host: example.local ## http: ## path: / ## backend: ## service: ## name: example-svc ## port: ## name: http ## extraRules: [] ## @section Istio Parameters ## istio: ## @param istio.enabled Enable creation of an Istio Gateway and VirtualService for frontend and backend ## enabled: false ## @param istio.apiVersion The istio apiVersion to use for Gateway and VirtualService resources ## apiVersion: networking.istio.io/v1 ## @param istio.hosts One or more hosts exposed by Istio ## hosts: [] gateway: ## @param istio.gateway.annotations Additional annotations for the Gateway resource ## annotations: {} ## @param istio.gateway.selector [object, default: { istio: ingress }] The selector matches the ingress gateway pod labels ## selector: istio: ingress ## @param istio.gateway.http.enabled Enable HTTP server port 80 ## @param istio.gateway.http.httpsRedirect If set to true, a 301 redirect is send for all HTTP connections ## http: enabled: true httpsRedirect: false ## @param istio.gateway.https.enabled Enable HTTPS server on port 443 ## @param istio.gateway.https.tlsCredentialName The name of the secret that holds the TLS certs including the CA certificates. ## @param istio.gateway.https.tlsCipherSuites If specified, only support the specified cipher list. ## NOTE: The secret must exist in the namespace of the istio gateway pod ## https: enabled: false tlsCredentialName: "" tlsCipherSuites: [] ## @param istio.gateway.extraServers Additional servers for the Gateway resource ## ref: https://istio.io/latest/docs/reference/config/networking/gateway/#Server ## extraServers: [] virtualService: ## @param istio.virtualService.annotations Additional annotations for the VirtualService resource. ## annotations: {} ## @param istio.virtualService.backendHeaders Header manipulation rules for backend traffic ## ref: https://istio.io/latest/docs/reference/config/networking/virtual-service/#Headers ## backendHeaders: {} ## @param istio.virtualService.frontendHeaders Header manipulation rules for frontend traffic ## ref: https://istio.io/latest/docs/reference/config/networking/virtual-service/#Headers ## frontendHeaders: {} ## @section Persistence Parameters ## ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ ## persistence: ## @param persistence.enabled Enable persistence using Persistent Volume Claims ## enabled: true ## @param persistence.apps.existingClaim Name of an existing PVC to use ## @param persistence.apps.storageClass PVC Storage Class for shuffle-apps volume ## Note: The default StorageClass will be used if not defined. Set it to `-` to disable dynamic provisioning ## @param persistence.apps.subPath The sub path used in the volume ## @param persistence.apps.accessModes The access mode of the volume ## @param persistence.apps.size The size of the volume ## @param persistence.apps.annotations Annotations for the PVC ## @param persistence.apps.selector Selector to match an existing Persistent Volume apps: existingClaim: "" storageClass: "" subPath: "" accessModes: - ReadWriteOnce size: 5Gi annotations: {} selector: {} ## @param persistence.appBuilder.storageClass PVC Storage Class for backend-apps-claim volume ## Note: The default StorageClass will be used if not defined. Set it to `-` to disable dynamic provisioning ## @param persistence.appBuilder.accessModes The access mode of the volume ## @param persistence.appBuilder.size The size of the volume ## @param persistence.appBuilder.annotations Annotations for the PVC ## @param persistence.appBuilder.selector Selector to match an existing Persistent Volume appBuilder: storageClass: "" accessModes: - ReadWriteOnce size: 5Gi annotations: {} selector: {} ## @param persistence.files.existingClaim Name of an existing PVC to use ## @param persistence.files.storageClass PVC Storage Class for shuffle-files volume ## Note: The default StorageClass will be used if not defined. Set it to `-` to disable dynamic provisioning ## @param persistence.files.subPath The sub path used in the volume ## @param persistence.files.accessModes The access mode of the volume ## @param persistence.files.size The size of the volume ## @param persistence.files.annotations Annotations for the PVC ## @param persistence.files.selector Selector to match an existing Persistent Volume files: existingClaim: "" storageClass: "" subPath: "" accessModes: - ReadWriteOnce size: 5Gi annotations: {} selector: {} ## @section Init Container Parameters ## ## 'volumePermissions' init container parameters ## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values ## based on the *podSecurityContext/*containerSecurityContext parameters ## volumePermissions: ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` ## enabled: false ## OS Shell + Utility image ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ ## @param volumePermissions.image.registry OS Shell + Utility image registry ## @param volumePermissions.image.repository OS Shell + Utility image repository ## @param volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended) ## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy ## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets ## image: registry: docker.io repository: bitnamilegacy/os-shell tag: 12-debian-12-r30 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Init container's resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param volumePermissions.resourcesPreset Set init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "nano" ## @param volumePermissions.resources Set init container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Init container Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param volumePermissions.containerSecurityContext.enabled Enabled init container' Security Context ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in init container ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) ## containerSecurityContext: enabled: true seLinuxOptions: {} runAsUser: 0 ## @section OpenSearch Parameters ## ## OpenSearch chart configuration ## ref: https://github.com/bitnami/charts/blob/main/bitnami/opensearch/values.yaml ## @param opensearch.enabled Switch to enable or disable the opensearch helm chart ## @skip opensearch.sysctlImage ## @skip opensearch.image ## @skip opensearch.master ## @skip opensearch.data ## @skip opensearch.coordinating ## @skip opensearch.ingest ## @skip opensearch.dashboards ## opensearch: enabled: true sysctlImage: enabled: false image: registry: docker.io repository: bitnamilegacy/opensearch tag: "3.2.0" master: replicaCount: 1 data: replicaCount: 1 coordinating: replicaCount: 0 ingest: replicaCount: 0 dashboards: enabled: false ## @section Vault Parameters ## vault: ## @param vault.role Specify the Vault role, which should be used to get the secret from Vault. ## NOTE: This value is used as a default for all secrets and can be overwritten for individual secrets ## with the vaultRole property. ## role: "" ## @param vault.secrets A list of VaultSecrets to create ## NOTE: 'type', 'name' and 'path' must be set ## type is the type of the Kubernetes secret ## name is the suffix of the name of the resulting (Vault)Secret ## path is the path of the corresponding secret in Vault ## Additional VaultSecret parameters can optionally be set. ## Ref: https://github.com/ricoberger/vault-secrets-operator/blob/0409d56beb36ab95c4582a0cc35c0a2b517961e7/api/v1alpha1/vaultsecret_types.go#L9-L59 ## e.g: ## secrets: ## - type: Opaque ## name: "example" ## path: "example/secret" ## secrets: [] ## @section Other Parameters ##