cassandra
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
##
15
16
## @param global.imageRegistry Global Docker image registry
17
## @param global.imagePullSecrets Global Docker registry secret names as an array
18
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
19
##
20
global:
21
imageRegistry: ""
22
## E.g.
23
## imagePullSecrets:
24
## - myRegistryKeySecretName
25
##
26
imagePullSecrets: []
27
defaultStorageClass: ""
28
## Security parameters
29
##
30
security:
31
## @param global.security.allowInsecureImages Allows skipping image verification
32
allowInsecureImages: false
33
## Compatibility adaptations for Kubernetes platforms
34
##
35
compatibility:
36
## Compatibility adaptations for Openshift
37
##
38
openshift:
39
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
40
##
41
adaptSecurityContext: auto
42
org: ""
43
## @section Common parameters
44
##
45
46
## @param nameOverride String to partially override common.names.fullname
47
##
48
nameOverride: ""
49
## @param fullnameOverride String to fully override common.names.fullname
50
##
51
fullnameOverride: ""
52
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
53
##
54
kubeVersion: ""
55
## @param commonLabels Labels to add to all deployed objects (sub-charts are not considered)
56
##
57
commonLabels: {}
58
## @param commonAnnotations Annotations to add to all deployed objects
59
##
60
commonAnnotations: {}
61
## @param clusterDomain Kubernetes cluster domain name
62
##
63
clusterDomain: cluster.local
64
## @param extraDeploy Array of extra objects to deploy with the release
65
##
66
extraDeploy: []
67
## @param usePasswordFiles Mount credentials as files instead of using environment variables
68
##
69
usePasswordFiles: true
70
## Enable diagnostic mode in the deployment
71
##
72
diagnosticMode:
73
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
74
##
75
enabled: false
76
## @param diagnosticMode.command Command to override all containers in the deployment
77
##
78
command:
79
- sleep
80
## @param diagnosticMode.args Args to override all containers in the deployment
81
##
82
args:
83
- infinity
84
## @section Cassandra parameters
85
##
86
87
## Iamguarded Cassandra image
88
## @param image.registry [default: REGISTRY_NAME] Cassandra image registry
89
## @param image.repository [default: REPOSITORY_NAME/cassandra] Cassandra image repository
90
## @skip image.tag Cassandra image tag (immutable tags are recommended)
91
## @param image.digest Cassandra image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
92
## @param image.pullPolicy image pull policy
93
## @param image.pullSecrets Cassandra image pull secrets
94
## @param image.debug Enable image debug mode
95
##
96
image:
97
registry: cgr.dev
98
repository: chainguard-private/cassandra-iamguarded
99
tag: 5.0.6
100
digest: ""
101
## Specify a imagePullPolicy
102
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
103
##
104
pullPolicy: IfNotPresent
105
## Optionally specify an array of imagePullSecrets.
106
## Secrets must be manually created in the namespace.
107
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
108
## e.g:
109
## pullSecrets:
110
## - myRegistryKeySecretName
111
##
112
pullSecrets: []
113
## Enable debug mode
114
##
115
debug: false
116
## Secret with keystore, keystore password, truststore, truststore password
117
## DEPRECATED. Use tls.existingSecret instead
118
# tlsEncryptionSecretName:
119
120
## Database credentials
121
## @param dbUser.user Cassandra admin user
122
## @param dbUser.forcePassword Force the user to provide a non
123
## @param dbUser.password Password for `dbUser.user`. Randomly generated if empty
124
## @param dbUser.existingSecret Use an existing secret object for `dbUser.user` password (will ignore `dbUser.password`)
125
##
126
dbUser:
127
user: cassandra
128
forcePassword: false
129
password: ""
130
## Use an existing secrets which already stores your password data.
131
## for backwards compatibility, existingSecret can be a simple string,
132
## referencing the secret by name.
133
## existingSecret:
134
## ## Name of the existing secret
135
## ##
136
## name: mySecret
137
## ## Key mapping where <key> is the value which the deployment is expecting and
138
## ## <value> is the name of the key in the existing secret.
139
## ##
140
## keyMapping:
141
## cassandra-password: myCassandraPasswordKey
142
##
143
existingSecret: ""
144
## @param initDB Object with cql scripts. Useful for creating a keyspace and pre-populating data
145
##
146
initDB: {}
147
## @param initDBConfigMap ConfigMap with cql scripts. Useful for creating a keyspace and pre-populating data
148
##
149
initDBConfigMap: ""
150
## @param initDBSecret Secret with cql script (with sensitive data). Useful for creating a keyspace and pre-populating data
151
##
152
initDBSecret: ""
153
## @param existingConfiguration ConfigMap with custom cassandra configuration files. This overrides any other Cassandra configuration set in the chart
154
##
155
existingConfiguration: ""
156
## Cluster parameters
157
## @param cluster.name Cassandra cluster name
158
## @param cluster.seedCount Number of seed nodes
159
## @param cluster.numTokens Number of tokens for each node
160
## @param cluster.datacenter Datacenter name
161
## @param cluster.rack Rack name
162
## @param cluster.endpointSnitch Endpoint Snitch
163
## @param cluster.clientEncryption Client Encryption
164
## @param cluster.extraSeeds For an external/second cassandra ring.
165
## @param cluster.enableUDF Enable User defined functions
166
##
167
168
dynamicSeedDiscovery:
169
## @param dynamicSeedDiscovery.enabled Enable dynamic-seed-discovery init container
170
##
171
enabled: false
172
## @param dynamicSeedDiscovery.image.registry [default: REGISTRY_NAME] Init container dynamic-seed-discovery image registry
173
## @param dynamicSeedDiscovery.image.repository [default: REPOSITORY_NAME/alpine] Init container dynamic-seed-discovery image repository
174
## @skip dynamicSeedDiscovery.image.tag Init container dynamic-seed-discovery image tag (immutable tags are recommended)
175
## @param dynamicSeedDiscovery.image.digest Init container dynamic-seed-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
176
## @param dynamicSeedDiscovery.image.pullPolicy Init container dynamic-seed-discovery pull policy
177
## @param dynamicSeedDiscovery.image.pullSecrets Specify docker-registry secret names as an array
178
##
179
image:
180
registry: cgr.dev
181
repository: chainguard-private/os-shell-cassandra-iamguarded
182
tag: 1.0.0
183
digest: ""
184
pullPolicy: IfNotPresent
185
## Optionally specify an array of imagePullSecrets.
186
## Secrets must be manually created in the namespace.
187
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
188
## e.g:
189
## pullSecrets:
190
## - myRegistryKeySecretName
191
##
192
pullSecrets: []
193
cluster:
194
name: cassandra
195
seedCount: 1
196
numTokens: 256
197
datacenter: dc1
198
rack: rack1
199
endpointSnitch: SimpleSnitch
200
clientEncryption: false
201
## eg:
202
## extraSeeds:
203
## - hostname/IP
204
## - hostname/IP
205
##
206
extraSeeds: []
207
enableUDF: false
208
## JVM Settings
209
## @param jvm.extraOpts Set the value for Java Virtual Machine extra options
210
## @param jvm.maxHeapSize Set Java Virtual Machine maximum heap size (MAX_HEAP_SIZE). Calculated automatically if `nil`
211
## @param jvm.newHeapSize Set Java Virtual Machine new heap size (HEAP_NEWSIZE). Calculated automatically if `nil`
212
##
213
jvm:
214
extraOpts: ""
215
## Memory settings: These are calculated automatically unless specified otherwise
216
## To run on environments with little resources (<= 8GB), tune your heap settings:
217
## - calculate 1/2 ram and cap to 1024MB
218
## - calculate 1/4 ram and cap to 8192MB
219
## - pick the max
220
##
221
maxHeapSize: ""
222
## newHeapSize:
223
## A good guideline is 100 MB per CPU core.
224
## - min(100 * num_cores, 1/4 * heap size)
225
## ref: https://docs.datastax.com/en/archived/cassandra/2.0/cassandra/operations/ops_tune_jvm_c.html
226
##
227
newHeapSize: ""
228
## @param command Command for running the container (set to default if not set). Use array form
229
##
230
command: []
231
## @param args Args for running the container (set to default if not set). Use array form
232
##
233
args: []
234
## @param extraEnvVars Extra environment variables to be set on cassandra container
235
## For example:
236
## - name: FOO
237
## value: BAR
238
##
239
extraEnvVars: []
240
## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars
241
##
242
extraEnvVarsCM: ""
243
## @param extraEnvVarsSecret Name of existing Secret containing extra env vars
244
##
245
extraEnvVarsSecret: ""
246
## @section Statefulset parameters
247
##
248
249
## @param replicaCount Number of Cassandra replicas
250
##
251
replicaCount: 1
252
## @param updateStrategy.type updateStrategy for Cassandra statefulset
253
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
254
##
255
updateStrategy:
256
type: RollingUpdate
257
## @param automountServiceAccountToken Mount Service Account token in pod
258
##
259
automountServiceAccountToken: false
260
## @param hostAliases Add deployment host aliases
261
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
262
##
263
hostAliases: []
264
## @param podManagementPolicy StatefulSet pod management policy
265
##
266
podManagementPolicy: OrderedReady
267
## @param priorityClassName Cassandra pods' priority.
268
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
269
##
270
priorityClassName: ""
271
## @param podAnnotations Additional pod annotations
272
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
273
##
274
podAnnotations: {}
275
## @param podLabels Additional pod labels
276
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
277
##
278
podLabels: {}
279
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
280
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
281
##
282
podAffinityPreset: ""
283
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
284
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
285
##
286
podAntiAffinityPreset: soft
287
## Node affinity preset
288
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
289
##
290
nodeAffinityPreset:
291
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
292
##
293
type: ""
294
## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
295
##
296
key: ""
297
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
298
## E.g.
299
## values:
300
## - e2e-az1
301
## - e2e-az2
302
##
303
values: []
304
## @param affinity Affinity for pod assignment
305
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
306
## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
307
##
308
affinity: {}
309
## @param nodeSelector Node labels for pod assignment
310
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
311
##
312
nodeSelector: {}
313
## @param tolerations Tolerations for pod assignment
314
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
315
##
316
tolerations: []
317
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment
318
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
319
## The value is evaluated as a template
320
##
321
topologySpreadConstraints: []
322
## Pod security context
323
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
324
## @param podSecurityContext.enabled Enabled Cassandra pods' Security Context
325
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
326
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
327
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
328
## @param podSecurityContext.fsGroup Set Cassandra pod's Security Context fsGroup
329
##
330
podSecurityContext:
331
enabled: true
332
fsGroupChangePolicy: Always
333
sysctls: []
334
supplementalGroups: []
335
fsGroup: 1001
336
## Configure Container Security Context (only main container)
337
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
338
## @param containerSecurityContext.enabled Enabled Cassandra containers' Security Context
339
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
340
## @param containerSecurityContext.runAsUser Set Cassandra containers' Security Context runAsUser
341
## @param containerSecurityContext.runAsGroup Set Cassandra containers' Security Context runAsGroup
342
## @param containerSecurityContext.allowPrivilegeEscalation Set Cassandra containers' Security Context allowPrivilegeEscalation
343
## @param containerSecurityContext.capabilities.drop Set Cassandra containers' Security Context capabilities to be dropped
344
## @param containerSecurityContext.readOnlyRootFilesystem Set Cassandra containers' Security Context readOnlyRootFilesystem
345
## @param containerSecurityContext.runAsNonRoot Set Cassandra containers' Security Context runAsNonRoot
346
## @param containerSecurityContext.privileged Set container's Security Context privileged
347
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
348
##
349
containerSecurityContext:
350
enabled: true
351
seLinuxOptions: {}
352
runAsUser: 1001
353
runAsGroup: 1001
354
runAsNonRoot: true
355
privileged: false
356
allowPrivilegeEscalation: false
357
capabilities:
358
drop: ["ALL"]
359
seccompProfile:
360
type: "RuntimeDefault"
361
readOnlyRootFilesystem: true
362
## Cassandra pods' resource requests and limits
363
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
364
## Minimum memory for development is 4GB and 2 CPU cores
365
## Minimum memory for production is 8GB and 4 CPU cores
366
## ref: http://docs.datastax.com/en/archived/cassandra/2.0/cassandra/architecture/architecturePlanningHardware_c.html
367
##
368
## We usually recommend not to specify default resources and to leave this as a conscious
369
## choice for the user. This also increases chances charts run on environments with little
370
## resources, such as Minikube. If you do want to specify resources, uncomment the following
371
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
372
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
373
##
374
resourcesPreset: "large"
375
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
376
## Example:
377
## resources:
378
## requests:
379
## cpu: 2
380
## memory: 512Mi
381
## limits:
382
## cpu: 3
383
## memory: 1024Mi
384
##
385
resources: {}
386
## Configure extra options for Cassandra containers' liveness and readiness probes
387
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
388
## @param livenessProbe.enabled Enable livenessProbe
389
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
390
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
391
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
392
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
393
## @param livenessProbe.successThreshold Success threshold for livenessProbe
394
##
395
livenessProbe:
396
enabled: true
397
initialDelaySeconds: 60
398
periodSeconds: 30
399
timeoutSeconds: 30
400
successThreshold: 1
401
failureThreshold: 5
402
## @param readinessProbe.enabled Enable readinessProbe
403
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
404
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
405
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
406
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
407
## @param readinessProbe.successThreshold Success threshold for readinessProbe
408
##
409
readinessProbe:
410
enabled: true
411
initialDelaySeconds: 60
412
periodSeconds: 10
413
timeoutSeconds: 30
414
successThreshold: 1
415
failureThreshold: 5
416
## Configure extra options for startup probe
417
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
418
## @param startupProbe.enabled Enable startupProbe
419
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
420
## @param startupProbe.periodSeconds Period seconds for startupProbe
421
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
422
## @param startupProbe.failureThreshold Failure threshold for startupProbe
423
## @param startupProbe.successThreshold Success threshold for startupProbe
424
##
425
startupProbe:
426
enabled: false
427
initialDelaySeconds: 0
428
periodSeconds: 10
429
timeoutSeconds: 5
430
successThreshold: 1
431
failureThreshold: 60
432
## @param customLivenessProbe Custom livenessProbe that overrides the default one
433
##
434
customLivenessProbe: {}
435
## @param customReadinessProbe Custom readinessProbe that overrides the default one
436
##
437
customReadinessProbe: {}
438
## @param customStartupProbe [object] Override default startup probe
439
##
440
customStartupProbe: {}
441
## @param lifecycleHooks [object] Override default etcd container hooks
442
##
443
lifecycleHooks: {}
444
## @param schedulerName Alternative scheduler
445
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
446
##
447
schedulerName: ""
448
## @param terminationGracePeriodSeconds In seconds, time the given to the Cassandra pod needs to terminate gracefully
449
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
450
##
451
terminationGracePeriodSeconds: ""
452
## @param extraVolumes Optionally specify extra list of additional volumes for cassandra container
453
##
454
extraVolumes: []
455
## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for cassandra container
456
##
457
extraVolumeMounts: []
458
## @param initContainers Add additional init containers to the cassandra pods
459
##
460
initContainers: []
461
## @param sidecars Add additional sidecar containers to the cassandra pods
462
##
463
sidecars: []
464
## Cassandra Pod Disruption Budget configuration
465
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
466
##
467
pdb:
468
## @param pdb.create Enable/disable a Pod Disruption Budget creation
469
##
470
create: true
471
## @param pdb.minAvailable Mininimum number of pods that must still be available after the eviction
472
##
473
minAvailable: ""
474
## @param pdb.maxUnavailable Max number of pods that can be unavailable after the eviction
475
##
476
maxUnavailable: ""
477
## @param hostNetwork Enable HOST Network
478
## If hostNetwork true -> dnsPolicy is set to ClusterFirstWithHostNet
479
##
480
hostNetwork: false
481
## Cassandra container ports to open
482
## If hostNetwork true: the hostPort is set identical to the containerPort
483
## @param containerPorts.intra Intra Port on the Host and Container
484
## @param containerPorts.tls TLS Port on the Host and Container
485
## @param containerPorts.jmx JMX Port on the Host and Container
486
## @param containerPorts.cql CQL Port on the Host and Container
487
##
488
containerPorts:
489
intra: 7000
490
tls: 7001
491
jmx: 7199
492
cql: 9042
493
## Cassandra ports to be exposed as hostPort
494
## If hostNetwork is false, only the ports specified here will be exposed (or not if set to an empty string)
495
## @param hostPorts.intra Intra Port on the Host
496
## @param hostPorts.tls TLS Port on the Host
497
## @param hostPorts.jmx JMX Port on the Host
498
## @param hostPorts.cql CQL Port on the Host
499
##
500
hostPorts:
501
intra: ""
502
tls: ""
503
jmx: ""
504
cql: ""
505
## @section RBAC parameters
506
##
507
508
## Cassandra pods ServiceAccount
509
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
510
##
511
serviceAccount:
512
## @param serviceAccount.create Enable the creation of a ServiceAccount for Cassandra pods
513
##
514
create: true
515
## @param serviceAccount.name The name of the ServiceAccount to use.
516
## If not set and create is true, a name is generated using the cassandra.fullname template
517
##
518
name: ""
519
## @param serviceAccount.annotations Annotations for Cassandra Service Account
520
##
521
annotations: {}
522
## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account.
523
##
524
automountServiceAccountToken: false
525
## @section Traffic Exposure Parameters
526
##
527
528
## Cassandra service parameters
529
##
530
service:
531
## @param service.type Cassandra service type
532
##
533
type: ClusterIP
534
## @param service.ports.cql Cassandra service CQL Port
535
## @param service.ports.metrics Cassandra service metrics port
536
##
537
ports:
538
cql: 9042
539
metrics: 8080
540
## Node ports to expose
541
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
542
## @param service.nodePorts.cql Node port for CQL
543
## @param service.nodePorts.metrics Node port for metrics
544
##
545
nodePorts:
546
cql: ""
547
metrics: ""
548
## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value)
549
##
550
extraPorts: []
551
## @param service.loadBalancerIP LoadBalancerIP if service type is `LoadBalancer`
552
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
553
##
554
loadBalancerIP: ""
555
## @param service.loadBalancerSourceRanges Service Load Balancer sources
556
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
557
## e.g:
558
## loadBalancerSourceRanges:
559
## - 10.10.10.0/24
560
##
561
loadBalancerSourceRanges: []
562
## @param service.clusterIP Service Cluster IP
563
## e.g.:
564
## clusterIP: None
565
##
566
clusterIP: ""
567
## @param service.externalTrafficPolicy Service external traffic policy
568
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
569
##
570
externalTrafficPolicy: Cluster
571
## @param service.annotations Provide any additional annotations which may be required.
572
## This can be used to set the LoadBalancer service type to internal only.
573
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
574
##
575
annotations: {}
576
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
577
## If "ClientIP", consecutive client requests will be directed to the same Pod
578
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
579
##
580
sessionAffinity: None
581
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
582
## sessionAffinityConfig:
583
## clientIP:
584
## timeoutSeconds: 300
585
##
586
sessionAffinityConfig: {}
587
## Headless service properties
588
##
589
headless:
590
## @param service.headless.annotations Annotations for the headless service.
591
##
592
annotations: {}
593
## Network Policies
594
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
595
##
596
networkPolicy:
597
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
598
##
599
enabled: true
600
## @param networkPolicy.allowExternal Don't require server label for connections
601
## The Policy model to apply. When set to false, only pods with the correct
602
## server label will have network access to the ports server is listening
603
## on. When true, server will accept connections from any source
604
## (with the correct destination port).
605
##
606
allowExternal: true
607
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
608
##
609
allowExternalEgress: true
610
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
611
## e.g:
612
## extraIngress:
613
## - ports:
614
## - port: 1234
615
## from:
616
## - podSelector:
617
## - matchLabels:
618
## - role: frontend
619
## - podSelector:
620
## - matchExpressions:
621
## - key: role
622
## operator: In
623
## values:
624
## - frontend
625
extraIngress: []
626
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
627
## e.g:
628
## extraEgress:
629
## - ports:
630
## - port: 1234
631
## to:
632
## - podSelector:
633
## - matchLabels:
634
## - role: frontend
635
## - podSelector:
636
## - matchExpressions:
637
## - key: role
638
## operator: In
639
## values:
640
## - frontend
641
##
642
extraEgress: []
643
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
644
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
645
##
646
ingressNSMatchLabels: {}
647
ingressNSPodMatchLabels: {}
648
## @section Persistence parameters
649
##
650
651
## Enable persistence using Persistent Volume Claims
652
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
653
##
654
persistence:
655
## @param persistence.enabled Enable Cassandra data persistence using PVC, use a Persistent Volume Claim, If false, use emptyDir
656
##
657
enabled: true
658
## @param persistence.existingClaim Name of an existing PVC to use
659
##
660
existingClaim: ""
661
## @param persistence.storageClass PVC Storage Class for Cassandra data volume
662
## If defined, storageClassName: <storageClass>
663
## If set to "-", storageClassName: "", which disables dynamic provisioning
664
## If undefined (the default) or set to null, no storageClassName spec is
665
## set, choosing the default provisioner. (gp2 on AWS, standard on
666
## GKE, AWS & OpenStack)
667
##
668
storageClass: ""
669
## @param persistence.commitStorageClass PVC Storage Class for Cassandra Commit Log volume
670
## Storage class to use with CASSANDRA_COMMITLOG_DIR to reduce the concurrence for writing data and commit logs
671
## If set to "-", commitStorageClass: "", which disables dynamic provisioning
672
## If undefined (the default) or set to null, no storageClassName spec is
673
## set, choosing the default provisioner. (gp2 on AWS, standard on
674
## GKE, AWS & OpenStack)
675
##
676
commitStorageClass: ""
677
## @param persistence.annotations Persistent Volume Claim annotations
678
##
679
annotations: {}
680
## @param persistence.accessModes Persistent Volume Access Mode
681
##
682
accessModes:
683
- ReadWriteOnce
684
## @param persistence.size PVC Storage Request for Cassandra data volume
685
##
686
size: 8Gi
687
## @param persistence.commitLogsize PVC Storage Request for Cassandra commit log volume. Unset by default
688
##
689
commitLogsize: 2Gi
690
## @param persistence.mountPath The path the data volume will be mounted at
691
##
692
mountPath: /iamguarded/cassandra
693
## @param persistence.commitLogMountPath The path the commit log volume will be mounted at. Unset by default. Set it to '/iamguarded/cassandra/commitlog' to enable a separate commit log volume
694
##
695
# commitLogMountPath: /iamguarded/cassandra/commitlog
696
commitLogMountPath: ""
697
## @section Volume Permissions parameters
698
##
699
700
## Init containers parameters:
701
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
702
##
703
volumePermissions:
704
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume
705
##
706
enabled: false
707
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume image registry
708
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume image repository
709
## @skip volumePermissions.image.tag Init container volume image tag (immutable tags are recommended)
710
## @param volumePermissions.image.digest Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
711
## @param volumePermissions.image.pullPolicy Init container volume pull policy
712
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
713
##
714
image:
715
registry: cgr.dev
716
repository: chainguard-private/os-shell-iamguarded
717
tag: 1.0.0
718
digest: ""
719
pullPolicy: IfNotPresent
720
## Optionally specify an array of imagePullSecrets.
721
## Secrets must be manually created in the namespace.
722
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
723
## e.g:
724
## pullSecrets:
725
## - myRegistryKeySecretName
726
##
727
pullSecrets: []
728
## Init container' resource requests and limits
729
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
730
## We usually recommend not to specify default resources and to leave this as a conscious
731
## choice for the user. This also increases chances charts run on environments with little
732
## resources, such as Minikube. If you do want to specify resources, uncomment the following
733
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
734
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
735
##
736
resourcesPreset: "nano"
737
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
738
## Example:
739
## resources:
740
## requests:
741
## cpu: 2
742
## memory: 512Mi
743
## limits:
744
## cpu: 3
745
## memory: 1024Mi
746
##
747
resources: {}
748
## Init container Security Context
749
## Note: the chown of the data folder is done to securityContext.runAsUser
750
## and not the below volumePermissions.securityContext.runAsUser
751
## @param volumePermissions.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
752
## @param volumePermissions.securityContext.runAsUser User ID for the init container
753
##
754
## When runAsUser is set to special value "auto", init container will try to chwon the
755
## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
756
## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed).
757
## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with
758
## pod securityContext.enabled=false and shmVolume.chmod.enabled=false
759
##
760
securityContext:
761
seLinuxOptions: {}
762
runAsUser: 0
763
## @section Metrics parameters
764
##
765
766
## Cassandra Prometheus exporter configuration
767
##
768
metrics:
769
## @param metrics.enabled Start a side-car prometheus exporter
770
##
771
enabled: false
772
## Iamguarded Cassandra Exporter image
773
## @param metrics.image.registry [default: REGISTRY_NAME] Cassandra exporter image registry
774
## @param metrics.image.repository [default: REPOSITORY_NAME/cassandra-exporter] Cassandra exporter image name
775
## @skip metrics.image.tag Cassandra exporter image tag
776
## @param metrics.image.digest Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
777
## @param metrics.image.pullPolicy image pull policy
778
## @param metrics.image.pullSecrets Specify docker-registry secret names as an array
779
##
780
image:
781
registry: cgr.dev
782
repository: chainguard-private/jmx-exporter-iamguarded
783
tag: 1.5.0
784
digest: ""
785
pullPolicy: IfNotPresent
786
## Optionally specify an array of imagePullSecrets.
787
## Secrets must be manually created in the namespace.
788
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
789
## e.g:
790
## pullSecrets:
791
## - myRegistryKeySecretName
792
##
793
pullSecrets: []
794
## Cassandra Prometheus exporter resource requests and limits
795
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
796
## We usually recommend not to specify default resources and to leave this as a conscious
797
## choice for the user. This also increases chances charts run on environments with little
798
## resources, such as Minikube. If you do want to specify resources, uncomment the following
799
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
800
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
801
##
802
resourcesPreset: "nano"
803
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
804
## Example:
805
## resources:
806
## requests:
807
## cpu: 2
808
## memory: 512Mi
809
## limits:
810
## cpu: 3
811
## memory: 1024Mi
812
##
813
resources: {}
814
## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
815
## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe
816
## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
817
## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe
818
## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe
819
##
820
readinessProbe:
821
initialDelaySeconds: 20
822
periodSeconds: 10
823
timeoutSeconds: 45
824
failureThreshold: 3
825
successThreshold: 1
826
## @param metrics.extraVolumeMounts Optionally specify extra list of additional volumeMounts for cassandra-exporter container
827
##
828
extraVolumeMounts: []
829
## @param metrics.podAnnotations [object] Metrics exporter pod Annotation and Labels
830
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
831
##
832
podAnnotations:
833
prometheus.io/scrape: "true"
834
prometheus.io/port: "8080"
835
## Prometheus Operator ServiceMonitor configuration
836
##
837
serviceMonitor:
838
## @param metrics.serviceMonitor.enabled If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
839
##
840
enabled: false
841
## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
842
##
843
namespace: monitoring
844
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped.
845
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
846
## e.g:
847
## interval: 10s
848
##
849
interval: ""
850
## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
851
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
852
## e.g:
853
## scrapeTimeout: 10s
854
##
855
scrapeTimeout: ""
856
## @param metrics.serviceMonitor.selector Prometheus instance selector labels
857
## e.g:
858
## selector:
859
## prometheus: my-prometheus
860
##
861
selector: {}
862
## @param metrics.serviceMonitor.metricRelabelings Specify Metric Relabelings to add to the scrape endpoint
863
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
864
##
865
metricRelabelings: []
866
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
867
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
868
##
869
relabelings: []
870
## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
871
##
872
honorLabels: false
873
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
874
##
875
jobLabel: ""
876
## @param metrics.serviceMonitor.labels Used to pass Labels that are required by the installed Prometheus Operator
877
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
878
##
879
labels: {}
880
## Metrics container ports to open
881
## If hostNetwork true: the hostPort is set identical to the containerPort
882
## @param metrics.containerPorts.http HTTP Port on the Host and Container
883
## @param metrics.containerPorts.jmx JMX Port on the Host and Container
884
##
885
containerPorts:
886
http: 8080
887
jmx: 5555
888
## Metrics ports to be exposed as hostPort
889
## If hostNetwork is false, only the ports specified here will be exposed (or not if set to an empty string)
890
## @param metrics.hostPorts.http HTTP Port on the Host
891
## @param metrics.hostPorts.jmx JMX Port on the Host
892
##
893
hostPorts:
894
http: ""
895
jmx: ""
896
## @param metrics.configuration [string] Configure Cassandra-exporter with a custom config.yml file
897
## ref: https://github.com/criteo/cassandra_exporter/blob/master/config.yml
898
##
899
configuration: |
900
host: localhost:{{ .Values.containerPorts.jmx }}
901
ssl: False
902
user:
903
password:
904
listenPort: {{ .Values.metrics.containerPorts.http }}
905
blacklist:
906
# To profile the duration of jmx call you can start the program with the following options
907
# > java -Dorg.slf4j.simpleLogger.defaultLogLevel=trace -jar cassandra_exporter.jar config.yml --oneshot
908
#
909
# To get intuition of what is done by cassandra when something is called you can look in cassandra
910
# https://github.com/apache/cassandra/tree/trunk/src/java/org/apache/cassandra/metrics
911
# Please avoid to scrape frequently those calls that are iterating over all sstables
912
913
# Unaccessible metrics (not enough privilege)
914
- java:lang:memorypool:.*usagethreshold.*
915
916
# Leaf attributes not interesting for us but that are presents in many path
917
- .*:999thpercentile
918
- .*:95thpercentile
919
- .*:fifteenminuterate
920
- .*:fiveminuterate
921
- .*:durationunit
922
- .*:rateunit
923
- .*:stddev
924
- .*:meanrate
925
- .*:mean
926
- .*:min
927
928
# Path present in many metrics but uninterresting
929
- .*:viewlockacquiretime:.*
930
- .*:viewreadtime:.*
931
- .*:cas[a-z]+latency:.*
932
- .*:colupdatetimedeltahistogram:.*
933
934
# Mostly for RPC, do not scrap them
935
- org:apache:cassandra:db:.*
936
937
# columnfamily is an alias for Table metrics
938
# https://github.com/apache/cassandra/blob/8b3a60b9a7dbefeecc06bace617279612ec7092d/src/java/org/apache/cassandra/metrics/TableMetrics.java#L162
939
- org:apache:cassandra:metrics:columnfamily:.*
940
941
# Should we export metrics for system keyspaces/tables ?
942
- org:apache:cassandra:metrics:[^:]+:system[^:]*:.*
943
944
# Don't scrap us
945
- com:criteo:nosql:cassandra:exporter:.*
946
947
maxScrapFrequencyInSec:
948
50:
949
- .*
950
951
# Refresh those metrics only every hour as it is costly for cassandra to retrieve them
952
3600:
953
- .*:snapshotssize:.*
954
- .*:estimated.*
955
- .*:totaldiskspaceused:.*
956
## @section TLS/SSL parameters
957
##
958
959
## TLS/SSL parameters
960
## @param tls.internodeEncryption Set internode encryption
961
## @param tls.clientEncryption Set client-server encryption
962
## @param tls.autoGenerated Generate automatically self-signed TLS certificates. Currently only supports PEM certificates
963
## @param tls.existingSecret Existing secret that contains Cassandra Keystore and truststore
964
## @param tls.passwordsSecret Secret containing the Keystore and Truststore passwords if needed
965
## @param tls.keystorePassword Password for the keystore, if needed.
966
## @param tls.truststorePassword Password for the truststore, if needed.
967
## @param tls.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if tls.resources is set (tls.resources is recommended for production).
968
## @param tls.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
969
## @param tls.certificatesSecret Secret with the TLS certificates.
970
## @param tls.tlsEncryptionSecretName Secret with the encryption of the TLS certificates
971
##
972
tls:
973
internodeEncryption: none
974
clientEncryption: false
975
autoGenerated: false
976
existingSecret: ""
977
passwordsSecret: ""
978
keystorePassword: ""
979
truststorePassword: ""
980
certificatesSecret: ""
981
tlsEncryptionSecretName: ""
982
resourcesPreset: "nano"
983
## We usually recommend not to specify default resources and to leave this as a conscious
984
## choice for the user. This also increases chances charts run on environments with little
985
## resources, such as Minikube. If you do want to specify resources, uncomment the following
986
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
987
## Example:
988
## resources:
989
## requests:
990
## cpu: 2
991
## memory: 512Mi
992
## limits:
993
## cpu: 3
994
## memory: 1024Mi
995
resources: {}
996