-
Notifications
You must be signed in to change notification settings - Fork 23
/
Copy pathvalues.yaml
495 lines (421 loc) · 16.9 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
### https://docs.lenses.io/5.5/installation/getting-started/helm/ ###
nameOverride: ""
fullnameOverride: ""
image:
repository: lensesio/lenses
# Default to .Chart.AppVersion
# tag:
pullPolicy: IfNotPresent
# imagePullSecrets: # any image pull secrets for private registries go here
# - name: regcred
annotations: {}
podTemplateAnnotations: {} # Annotations here go into the PodTemplateSpec at deployment.spec.template.annotations.
labels: {}
strategy: {}
nodeSelector: {}
tolerations: {}
affinity: {}
securityContext: {}
# dnsPolicy: "None" # Optional dnsPolicy and dnsConfig to put into the Deployment's PodTemplateSpec.
# dnsConfig:
# nameservers:
# - 1.1.1.1
# containerSecurityContext: # Optional, plugged in into the both the deployment's main app container and the sidecar.
# allowPrivilegeEscalation: false
# Add Prometheus annotations to the pod for Lenses metric scraping
# * The metrics path is '/metrics' and is not adjustable
# * Consumer lag metrics are exposed under 'lenses.url/metrics'. There isn't a standard way to add multiple scrape
# targets in the annotations, so you will have to add the lag metrics target manually to your Prometheus instance.
monitoring:
enabled: true
port: 9102
# Resource management
# Lenses itself is bound by the JVM heap settings ('lenses.jvm.heapOpts' in the chart). The default
# heap space Lenses can use is 3GiB. If you increase the memory resource here, you will need to also
# adjust 'lenses.jvm.heapOpts'. You should allow for 1-2GiB extra space beyond the heap. So if the
# memory limit is 10Gi, set 'lenses.jvm.heapOpts' to '-Xmx8g -Xms4g'.
resources:
requests:
# cpu: 1
memory: 4Gi
limits:
# cpu: 2
memory: 5Gi
# rbacEnable indicates if a the cluster has rbac enabled and a cluster role
# and rolebinding should be created for the service account
rbacEnable: true
# Lenses container port
restPort: 3030
# Lenses service port, service targets restPort
servicePort: 80
servicePortName: lenses
# serviceAccount is the Service account to be used by Lenses to deploy apps
serviceAccount: default
# If you use Data Policies module enable a Persistent Volume to keep your data policies rule.
# Also used when lenses.storage.enabled: false, and an H2 local filesystem database is used, instead of Postgresql.
# https://docs.lenses.io/current/installation/kubernetes/persistence/
persistence:
enabled: true
accessModes:
- ReadWriteOnce
size: 5Gi
log:
enabled: true
# Target an pre-existing volume claim to use it as Lenses Persistent volume
# existingClaim:
## Policies data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
# Additional volume mounts to use in Lenses delpoyments, for example to load additional plugins (UDFs) in Lenses
# Use it in conjuction with lenses.additionalVolumes
additionalVolumeMounts:
# - name: lenses-plugins
# mountPath: "/data/plugins"
# Additional volumes to use in Lenses delpoyments either by Lenses for other sidecars like Lenses provisioner.
# Example usages:
# Lenses: load additional plugins (UDFs) in Lenses
# Lenses provisioner: load additional files from pre-existing volumes, secrets or vault secrets to use in provisioning
additionalVolumes:
# - name: secrets
# secret:
# secretName: lenses-super-secrets
# Note: PersistentVolumeClaim should already exist before deploying Helm chart
# - name: lenses-plugins
# persistentVolumeClaim:
# claimName: lenses-plugins
# Lenses service
service:
enabled: true
type: ClusterIP
annotations: {}
# If you want to make it available as a node port, then add nodePort: <somePort>
# Warning: this should not be used with servicePort:
# Warning nodePort is deprecated and will be removed on next Lenses major version upgrade
# nodePort:
externalTrafficPolicy:
## Load balancer IP address
## Is not required, but allows for static address with
## serviceType LoadBalancer.
## If not supported by cloud provider, this field is ignored.
## Default: nil
##
# loadBalancerIP: 130.211.x.x
## This will restrict traffic through the cloud-provider load-balancer
## to the specified client IPs.
## If not supported by cloud provider, this field is ignored.
## Default: nil
##
# loadBalancerSourceRanges:
# - 0.0.0.0/0
ingress:
## If true, Ingress will be created
##
enabled: false
host:
# ingressClassName:
# Ingress annotations
annotations: {}
# Optionally add here the annotations related to the ingress provider, see examples below:
# kubernetes.io/ingress.class: traefik
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: 'true'
# nginx.ingress.kubernetes.io/rewrite-target: /
# TLS if enabled load the tls.crt and tls.keys as a secrets and enable TLS on the ingress
tls:
enabled: false
crt: |-
key: |-
# Optionally add this property in case you would like to enforce Read Only Root Filesystem
# In that case only /data and /tmp directories will extra mounted and be writable
# the rest will be mount the container's root filesystem as read-only.
# containerSecurityContext:
# readOnlyRootFilesystem: true
lenses:
# Set the details to provision Lenses
# There are 2 supported versions:
# 1: Lenses version <=5,2 (https://docs.lenses.io/5.2/installation/getting-started/helm/#helm-lenses-provision)
# This is oneshot, it only works on a new installation, upon the first deployment
# 2: Lenses version >=5,3 (https://docs.lenses.io/5.5/installation/getting-started/helm/#helm-lenses-provision)
# This is applied on every deployment/upgrade of the chart. Any connection or license change in the UI will be
# reverted during an upgrade. *Connections that do not exist here will be deleted*.
provision:
enabled: false
version: "2"
path: /mnt/provision-secrets
# Find more details in https://docs.lenses.io/5.5/installation/getting-started/helm/#helm-provision
# Paste your license contents as is
license: |
# {"key": "...", "source": "...", "details": "...", "clientId": "..."}
# You can find examples at https://github.com/lensesio/lenses-helm-charts/tree/release/5.5/examples
connections:
# kafka:
# - name: kafka
# version: 1
# tags: [ 'prod']
# configuration:
# kafkaBootstrapServers:
# value:
# - PLAINTEXT://broker-1.svc.cluster.local:9093
# metricsType:
# value: JMX
# metricsPort:
# value: 9581
# confluentSchemaRegistry:
# - name: schema-registry
# version: 1
# tags: [ 'prod' ]
# configuration:
# schemaRegistryUrls:
# value:
# - http://schema-registry-1.svc.cluster.local:8081
# connect:
# - name: datalake-connect
# version: 1
# tags: [ 'prod', 'datalake' ]
# configuration:
# workers:
# value:
# - http://connect-worker-1.svc.cluster.local:8083
# metricsType:
# value: JMX
# metricsPort:
# value: 9584
secrets: {}
# Base64 encoded. Read how to convert from .pem to .jks in the article: https://docs.lenses.io/current/configuration/dynamic/pem-to-jks-conversion/
# data:
# kafka.keystore.jks: |-
# kafka.truststore.jks: |-
# stringData:
# Find more details in https://docs.lenses.io/current/installation/kubernetes/helm/#helm-provision-sidecar
sidecar:
# name:
image:
repository: lensesio/lenses-cli
# Default to .Chart.AppVersion with major.minor semantic (e.g 5.0)
# tag:
# pullPolicy: Always
# registrySecretKey:
# Additional volume mounts to load additional files from pre-existing volumes, secrets or vault secrets to use in provisioning
# Use it in conjuction with lenses.additionalVolumes
additionalVolumeMounts:
# - name: lenses-super-secrets
# mountPath: "/data/lenses-super-secrets"
# For additional generic JVM settings
# Read more: https://docs.lenses.io/current/configuration/static/jvm/
lensesOpts: |-
# Each version of the helm chart for Lenses is accompanied by a values.yaml.
# This values file contains sane defaults for all the supported Lenses configuration options for that version of the chart.
# Although great care has been taken to cover most use cases in the chart, we may encounter situations where a specific configuration option is required but is not available.
# To support such cases, Lenses Helm Chart provides the lenses.append.conf mechanism.
append:
# Custom configuration values, will take precedence over the env variables and auto-generated values
# Read more: https://help.lenses.io/knowledge-base/helm/helm-lenses-append-conf/
conf: |-
jvm:
# heapOpts are any overrides for Lenses Heap JVM options
# Please adjust this in sync with 'resources.limits.memory'
heapOpts: -Xmx3g -Xms1g
# logBackOpts are any logging options. Lenses is using the logback library.
logBackOpts:
#performanceOpts are any jvm tuning options to add to the jvm
performanceOpts:
# Override the default logback xml
# Used primarily to load a Lenses provided xml with debug level set for Lenses libs
# Can be used to load your custom logback if needed. Uncomment the following line
# to switch the log level for Lenses facilities to DEBUG.
# logbackXml: /opt/lenses/logback-debug.xml
opts:
# Global truststore/keystore for the JVM
# base64 encoded truststore data
# openssl base64 < kafka.truststore.jks | tr -d '\n'
trustStoreFileData: |-
trustStorePassword: |-
tls:
# TLS setup for serving Lenses over TLS
enabled: false
# base64 encoded truststore data
# openssl base64 < kafka.truststore.jks | tr -d '\n'
keyStoreFileData: |-
keyStorePassword: |-
keyPassword: |-
# Authenticate to Lenses with client authentication
clientAuth: false
# base64 encoded truststore data
# openssl base64 < kafka.truststore.jks | tr -d '\n'
trustStoreFileData: |-
trustStorePassword: |-
# Find more details in https://docs.lenses.io/current/installation/kubernetes/helm/#helm-storage
storage:
postgres:
enabled: false
host:
port: # optional, defaults to 5432
# Set the username for postgres connection
# Use the value "external" to bypass the Helm validation and handle the username externally.
# The common use case for using "external" is to take the actual value from a Kubernetes Secret resource already deployed.
# To do so, add the following definition under 'lenses.additionalEnv' key:
# - name: LENSES_STORAGE_POSTGRES_USERNAME
# valueFrom:
# secretKeyRef:
# name: [SECRET_RESOURCE_NAME]
# key: [SECRET_RESOURCE_KEY]
username: # use "external" to manage it using secrets
# Set the password for postgres connection
# Use the value "external" to bypass the Helm validation and handle the password externally.
# The common use case for using "external" is to take the actual value from a Kubernetes Secret resource already deployed.
# To do so, add the following definition under 'lenses.additionalEnv' key:
# - name: LENSES_STORAGE_POSTGRES_PASSWORD
# valueFrom:
# secretKeyRef:
# name: [SECRET_RESOURCE_NAME]
# key: [SECRET_RESOURCE_KEY]
password: # use "external" to manage it using secrets
database:
schema: # optional, defaults to public schema
# Data Application Deployment Framework
deployments:
eventsBufferSize: 10000
errorsBufferSize: 1000
connect:
statusInterval: 30 second
actionsBufferSize: 1000
sql:
# processorImage: lensesioextra/sql-processor
# processorImageTag: 5.5
mode: IN_PROC
heap: 1024M
minHeap: 128M
memLimit: 1152M
memRequest: 128M
livenessInitialDelay: 60 seconds
# The url to the grafana host
grafanaUrl:
# topics
topics:
# suffix to add to lenses system topics, for example if you are running more than one Lenses on the same kafka cluster
suffix:
security:
defaultUser: {}
# Change Default Lenses user credentials.
# The defaults are: username: admin, password:admin. For the password, a sha256 checksum is also supported
# https://docs.lenses.io/5.5/guides/admin/authentication/admin-user/
# One can change the default credentials by setting the following values:
#
# username: my-username
# password: my-password
#
# Doing this will result in the creation of a Secret with the given
# credentials. If you rather want to reference a pre-existing Secret, do
# the following:
#
# username: external # "external" is a special value that tells Lenses to look for a Secret
# password: external # Same here.
# usernameSecretKeyRef:
# name: my-existing-secret
# key: the-username-key
# passwordSecretKeyRef:
# name: my-existing-secret
# key: the-password-key
# SPNEGO for incoming connections to Lenses
kerberos:
enabled: false
principal:
keytabData: |-
debug: false
# ldap setting
ldap:
enabled: false
url: ""
base: ""
# Set LDAP password
# Use the value "external" to bypass the Helm validation and handle the password externally.
# The common use case for using "external" is to take the actual value from a Kubernetes Secret resource already deployed.
# To do so, add the following definition under 'lenses.additionalEnv' key:
# - name: LENSES_SECURITY_LDAP_PASSWORD
# valueFrom:
# secretKeyRef:
# name: [SECRET_RESOURCE_NAME]
# key: [SECRET_RESOURCE_KEY]
password: ""
user: ""
filter: ""
# ldap plugins
plugin:
class: "io.lenses.security.ldap.LdapMemberOfUserGroupPlugin"
memberofKey: ""
groupExtractRegex: ""
personNameKey: ""
saml:
enabled: false
# The HTTPS URL of the Lenses deployment.
# This needs to match the Service Provider (SP) URL
# given to the Identity Provider (IdP)
# as it will be used as part of the SAML handshake protocol.
baseUrl:
# Provider type.
# Supported values:
# "azure" - Microsoft Azure
# "generic" - Generic provider, you must also set groupsAttribute even if the IdP doesn't send one
# "google" - Google
# "keycloak" - Keycloak
# "okta" - Okta
# "onelogin" - OneLogin
provider:
# XML File provided by the external Identity Provider.
# This is needed in order for Lenses SAML to understand how to communicate
# with the Idenity Provider.
# content of the XML file - base64 encoded
# openssl base64 < idp.xml | tr -d '\n'
metadataFileData: |-
# base64 encoded keystore data to be used for SAML crypto.
# openssl base64 < saml.jks | tr -d '\n'
keyStoreFileData: |-
# Password for accessing the keystore.
keyStorePassword:
# Alias to use for the private key within the keystore (only required when the keystore has multiple keys)
keyAlias:
# Password for accessing the private key within the keystore.
keyPassword:
# idp settings
idp:
# 'groupsAttribute' and 'usernameAttribute' can be set only when the provider is 'generic'
# 'groupsAttribute' is mandatory, even if the generic IdP does not send a group
# 'usernameAttribute' is optional for the 'generic' provider, Lenses will default to the profile name
groupsAttribute:
usernameAttribute:
session:
lifetime:
# example: 100days
max:
# groups settings for when a custom plugin is used to parse groups from the IdP
groups:
enabled: false
plugin:
class:
append:
conf: |-
# Additional env variables appended to deployment
# Follows the format of [EnvVar spec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#envvar-v1-core)
additionalEnv:
# - name: FOO
# value: bar
# Disable livenessProbe, used while debugging
livenessProbe:
enabled: true
# Pause execution of Lenses start up script to allow the user to login into the container and
# check the running environment, used while debugging
pauseExec:
enabled: false
sidecarContainers:
# - name: sidecar-example
# image: alpine
# command: ["sh", "-c", "watch date"]
# initContainers:
# - name: init-example
# image: alpine
# command: ["sh", "-c", "date"]