-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvalues.yaml
More file actions
328 lines (262 loc) · 9.58 KB
/
values.yaml
File metadata and controls
328 lines (262 loc) · 9.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
image:
# Repository to pull the image from
repository: "ghcr.io/sneaksanddata/nexus"
# Tag to pull (defaults to the chart appVersion)
tag: ""
# Image pull policy
pullPolicy: "IfNotPresent"
# Image pull secrets for private repositories
imagePullSecrets: [ ]
# Override the application name
nameOverride: ""
# Fullname override
fullnameOverride: ""
# Service account configuration
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: { }
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
### Role Based Access Control configuration
rbac:
# Specifies whether RBAC resources should be created
clusterRole:
# Allows Nexus to manage its custom resources in the installation namespace
templateEditor:
additionalLabels: { }
additionalAnnotations: { }
create: true
nameOverride: ""
workgroupEditor:
additionalLabels: { }
additionalAnnotations: { }
create: true
nameOverride: ""
scheduler:
additionalLabels: { }
additionalAnnotations: { }
create: true
nameOverride: ""
templateViewer:
additionalLabels: { }
additionalAnnotations: { }
create: true
nameOverride: ""
workgroupViewer:
additionalLabels: { }
additionalAnnotations: { }
create: true
nameOverride: ""
# This parameter determines whether role binding resources need to be created.
# If you have any roles in your configuration set to 'true', then this parameter for creating role binding resources
# should also be set to 'true'.
clusterRoleBindings:
additionalLabels: { }
additionalAnnotations: { }
create: true
# Additional labels for the deployment and pods
additionalLabels: { }
# Example:
#
# app.my-company.com/component: ncc
# Additional labels for the deployment and pods
additionalAnnotations: { }
# Example:
# app.my-company.com/application: nexus
# Extra environment variables to set in the deployment
extraEnv: { }
# Example:
#
# - name: NEXUS__RESOURCE_NAMESPACE
# value: nexus
# Extra environment variables referencing a ConfigMap or Secret
extraEnvFrom: { }
# Example:
#
# envFrom:
# - configMapRef:
# name: custom-api-access-token
# Extra volumes to add to the deployment
extraVolumes: { }
# Example:
#
# - name: data-volume
# emptyDir:
# sizeLimit: 500Mi
# Extra volumes to add to the deployment
extraVolumeMounts: { }
# Example:
#
# - mountPath: /data
# name: data-volume
# Resources constraints. By default, the operator does not specify any constraints to allow for easier deployment
resources: { }
# Example:
#
# requests:
# cpu: 1
# memory: 1Gi
# limits:
# cpu: 1
# memory: 1Gi
# Node labels for pod assignment
tolerations: { }
# Node labels for pod assignment
affinity: { }
# Security context settings for the container
# Note that default image is distroless and runs as non-root user by default.
securityContext: { }
# Run mode for Gin. Set to `release` for production deployments
# Available values: debug, test, release
ginMode: debug
# topology spread uses kubernetes.io/hostname
topologySpread:
maxSkew: 1
# Nexus Scheduler configurations
scheduler:
# Number of scheduler replicas. Increase to support higher request rates
replicas: 3
# Max number of scheduler replicas when using HPA
maxReplicas: 9
# Disruption budget for the deployment
maxUnavailable: 2
# autoscaling configuration
autoscaling:
enabled: false
minReplicas: 3
maxReplicas: 9
targetMemoryAvg: 80
targetCPUAvg: 60
scaleStabilizationWindowSeconds: 180
scalePeriodSeconds: 30
scaleByPercent: 10
# path to the Secret containing shard kubeconfig files
# File name format should be <shard cluster name>.kubeconfig
shardsConfigSecretName: "nexus-shards"
# Scheduler configuration
# Individual settings can be overridden using environment variables
# Whole config can also be overridden by setting config.enabled=false and mounting a new appconfig.yaml to /app path in the container
config:
enabled: true
# Namespace to schedule algorithms runs in
# Override with: NEXUS__RUNTIME_NAMESPACE
runtimeNamespace: ""
# maximum size of a payload submitted to the scheduler
# Override with: NEXUS__MAX_PAYLOAD_SIZE
maxPayloadSize: 500Mi
# Input buffering configuration
s3Buffer:
processing:
# Prefix to store payloads under
# Override with: NEXUS__S3_BUFFER__BUFFER_CONFIG__PAYLOAD_STORAGE_PATH
payloadStoragePath: s3a://bucket/prefix
# Default payload's presigned URL lifetime duration
# Override with: NEXUS__S3_BUFFER__BUFFER_CONFIG__PAYLOAD_VALID_FOR
payloadValidFor: 24h
# Failure backoff base delay. Example values: 5ms, 5s
# Override with: NEXUS__S3_BUFFER__BUFFER_CONFIG__FAILURE_RATE_BASE_DELAY
failureRateBaseDelay: 100ms
# Failure backoff max delay. Example values: 5s, 1m
# Override with: NEXUS__S3_BUFFER__BUFFER_CONFIG__FAILURE_RATE_MAX_DELAY
failureRateMaxDelay: 1s
# Rate limit elements per second
# Override with: NEXUS__S3_BUFFER__BUFFER_CONFIG__RATE_LIMIT_ELEMENTS_PER_SECOND
rateLimitElementsPerSecond: 10
# Rate limit burst elements
# Override with: NEXUS__S3_BUFFER__BUFFER_CONFIG__RATE_LIMIT_ELEMENTS_BURST
rateLimitElementsBurst: 100
# Number of workers to use when buffering inputs
# Override with: NEXUS__S3_BUFFER__BUFFER_CONFIG__WORKERS
workers: 2
s3Credentials:
# Enable mounting S3 credentials from a secret
secretRefEnabled: true
# Name of a secret containing credentials for the S3 storage
# Example content:
# apiVersion: v1
# kind: Secret
# metadata:
# name: s3-credentials
# namespace: nexus
# data:
# NEXUS__S3_BUFFER__ACCESS_KEY_ID: test
# NEXUS__S3_BUFFER__SECRET_ACCESS_KEY: test
# NEXUS__S3_BUFFER__ENDPOINT: https://s3.dualstack.us-east-1.amazonaws.com
# NEXUS__S3_BUFFER__REGION: us-east-1
# type: Opaque
secretName: ""
cqlStore:
# type of CqlStore to use. Support options: `astra`, `scylla`
type: astra
# Enable mounting Cassandra credentials from a secret
secretRefEnabled: true
# Example for AstraDB:
# apiVersion: v1
# kind: Secret
# metadata:
# name: cassandra-credentials
# namespace: nexus
# data:
# AstraDB specific setting, contains base64-encoded bundle zip. Leave empty for other Cassandra installations
# NEXUS__CQL_STORE__SECURE_CONNECTION_BUNDLE_BASE64: base64value
# NEXUS__CQL_STORE__GATEWAY_USER: user
# NEXUS__CQL_STORE__GATEWAY_PASSWORD: password
# type: Opaque
# Example for Scylla:
# apiVersion: v1
# kind: Secret
# metadata:
# name: cassandra-credentials
# namespace: nexus
# data:
# AstraDB specific setting, contains base64-encoded bundle zip. Leave empty for other Cassandra installations
# NEXUS__SCYLLA_CQL_STORE__HOSTS: 1.2.3.4,1.2.3.5
# NEXUS__SCYLLA_CQL_STORE__USER: user
# NEXUS__SCYLLA_CQL_STORE__PASSWORD: password
# type: Opaque
secretName: ""
# optional path to kubeconfig for the controller cluster
# defaults to in-cluster config
# in the majority of cases you should leave this blank
# Override with: NEXUS__KUBE_CONFIG_PATH
kubeConfigPath: ""
# path to the directory containing kubeconfigs for all shards available for scheduling (mounted from `shardsConfigSecretName` secret)
# Note that the user specified in the config must have Batch API and Nexus CRD permissions to both controller and shard clusters
# in case of EKS you must assign appropriate permissions to the IAM role or user, since token will be fetched by aws-cli on-demand
# You will need to specify a volumeMount for Shards yourself if you provide your own appconfig.yaml
# Override with: NEXUS__SHARD_KUBE_CONFIG_PATH
shardKubeConfigPath: "/app/config/shards"
# Logging level
# Override with: NEXUS__LOG_LEVEL
logLevel: INFO
# Observability settings for Datadog
datadog:
# if enabled, will set Datadog-specific environment variables on the container
enabled: false
# Datadog endpoint to sink logs to
endpoint: "datadoghq.eu"
# Name for a Secret resource that contains Datadog API Key to use for log submissions
apiKeySecret: "secretName"
# Key in the secret that contains datadog api key
apiKeySecretKey: "secretKey"
# Datadog Service Name parameter
serviceName: "nexus"
# value to use as a DogStatsd server url
# Examples: udp://127.0.0.1:8125 or unix:///path/to/dsd.socket
# https://github.com/DataDog/datadog-go?tab=readme-ov-file#unix-domain-sockets-client
statsdUrl: unix:///var/run/datadog/dsd.socket
# enables metric origin detection by setting DD_ENTITY_ID
enableOriginDetection: true
# Datadog tracing via Orchestrion
tracer:
# enable tracer
enabled: false
# UDS/HTTP url for the tracer
agent_url: unix:///var/run/datadog/apm.socket
# disable Datadog product info collection
disable_vendor_telemetry: true
# service environment tag
service_env: development