influxdb
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
15
## @param global.imageRegistry Global Docker image registry
16
## @param global.imagePullSecrets Global Docker registry secret names as an array
17
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
18
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
19
##
20
global:
21
imageRegistry: ""
22
## E.g.
23
## imagePullSecrets:
24
## - myRegistryKeySecretName
25
##
26
imagePullSecrets: []
27
defaultStorageClass: ""
28
storageClass: ""
29
## Security parameters
30
##
31
security:
32
## @param global.security.allowInsecureImages Allows skipping image verification
33
allowInsecureImages: false
34
## Compatibility adaptations for Kubernetes platforms
35
##
36
compatibility:
37
## Compatibility adaptations for Openshift
38
##
39
openshift:
40
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
41
##
42
adaptSecurityContext: auto
43
org: ""
44
## @section Common parameters
45
46
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
47
##
48
kubeVersion: ""
49
## @param nameOverride String to partially override influxdb.fullname template with a string (will prepend the release name)
50
##
51
nameOverride: ""
52
## @param fullnameOverride String to fully override influxdb.fullname template with a string
53
##
54
fullnameOverride: ""
55
## @param namespaceOverride String to fully override common.names.namespace
56
##
57
namespaceOverride: ""
58
## @param clusterDomain Default Kubernetes cluster domain
59
##
60
clusterDomain: cluster.local
61
## @param commonAnnotations Annotations to add to all deployed objects
62
##
63
commonAnnotations: {}
64
## @param commonLabels Labels to add to all deployed objects
65
##
66
commonLabels: {}
67
## @param extraDeploy Array of extra objects to deploy with the release
68
##
69
extraDeploy: []
70
## Enable diagnostic mode in the deployment
71
##
72
diagnosticMode:
73
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
74
##
75
enabled: false
76
## @param diagnosticMode.command Command to override all containers in the deployment
77
##
78
command:
79
- sleep
80
## @param diagnosticMode.args Args to override all containers in the deployment
81
##
82
args:
83
- infinity
84
## @section InfluxDB(TM) parameters
85
86
## Iamguarded InfluxDB(TM) image
87
## @param image.registry [default: REGISTRY_NAME] InfluxDB(TM) image registry
88
## @param image.repository [default: REPOSITORY_NAME/influxdb] InfluxDB(TM) image repository
89
## @skip image.tag InfluxDB(TM) image tag (immutable tags are recommended)
90
## @param image.digest InfluxDB(TM) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
91
## @param image.pullPolicy InfluxDB(TM) image pull policy
92
## @param image.pullSecrets Specify docker-registry secret names as an array
93
## @param image.debug Specify if debug logs should be enabled
94
##
95
image:
96
registry: cgr.dev
97
repository: chainguard-private/influxdb-iamguarded
98
tag: 2.7.12
99
digest: ""
100
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
101
##
102
pullPolicy: IfNotPresent
103
## Optionally specify an array of imagePullSecrets.
104
## Secrets must be manually created in the namespace.
105
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
106
## e.g:
107
## pullSecrets:
108
## - myRegistryKeySecretName
109
##
110
pullSecrets: []
111
## Set to true if you would like to see extra information on logs
112
##
113
debug: false
114
## Authentication parameters
115
##
116
auth:
117
## @param auth.enabled Enable/disable authentication (Variable to keep compatibility with InfluxDB(TM) v1, in v2 it will be ignored)
118
##
119
enabled: true
120
## @param auth.usePasswordFiles Whether to use files to provide secrets instead of env vars.
121
##
122
usePasswordFiles: true
123
## InfluxDB(TM) admin credentials
124
##
125
admin:
126
## @param auth.admin.username InfluxDB(TM) admin user name
127
##
128
username: admin
129
## @param auth.admin.password InfluxDB(TM) admin user's password
130
##
131
password: ""
132
## @param auth.admin.token InfluxDB(TM) admin user's token. Only valid with InfluxDB(TM) v2
133
##
134
token: ""
135
## @param auth.admin.org InfluxDB(TM) admin user's org. Only valid with InfluxDB(TM) v2
136
##
137
org: primary
138
## @param auth.admin.bucket InfluxDB(TM) admin user's bucket. Only valid with InfluxDB(TM) v2
139
##
140
bucket: primary
141
## @param auth.admin.retention InfluxDB(TM) admin user's bucket retention. Only valid with InfluxDB(TM) v2
142
##
143
retention: ""
144
## @param auth.createUserToken Whether to create tokens for the different users. Take into account these tokens are going to be created by CLI randomly and they will not be accessible from a secret. See more influxdb 2.0 [auth ref](https://docs.influxdata.com/influxdb/v2.0/security/tokens/)
145
## You should take into account these tokens are going to be created by CLI
146
## so it is not possible to get them by k8s secrets nor to provide them though
147
## values
148
## See more influxdb 2.0 auth ref: https://docs.influxdata.com/influxdb/v2.0/security/tokens/
149
##
150
createUserToken: false
151
## InfluxDB(TM) credentials for user with 'admin' privileges on the db specified at 'database' parameter
152
##
153
user:
154
## @param auth.user.username Name for InfluxDB(TM) user with 'admin' privileges on the bucket specified at `auth.user.bucket` and `auth.user.org` or `auth.admin.org`
155
##
156
username: ""
157
## @param auth.user.password InfluxDB(TM) password for `user.name` user
158
##
159
password: ""
160
## @param auth.user.org Org to be created on first run
161
##
162
org: ""
163
## @param auth.user.bucket Bucket to be created on first run
164
## already create. If it is not null a new bucket will be created.
165
##
166
bucket: ""
167
## InfluxDB(TM) credentials for user with 'read' privileges on the db specified at 'database' parameter
168
## @param auth.readUser.username Name for InfluxDB(TM) user with 'read' privileges on the bucket specified at `auth.user.bucket`
169
## @param auth.readUser.password InfluxDB(TM) password for `auth.readUser.username` user
170
##
171
readUser:
172
username: ""
173
password: ""
174
## InfluxDB(TM) credentials for user with 'write' privileges on the db specified at 'database' parameter
175
## @param auth.writeUser.username Name for InfluxDB(TM) user with 'read' privileges on the bucket specified at `auth.user.bucket`
176
## @param auth.writeUser.password InfluxDB(TM) password for `auth.writeUser.username` user
177
##
178
writeUser:
179
username: ""
180
password: ""
181
## @param auth.existingSecret Name of existing Secret object with InfluxDB(TM) credentials (`auth.admin.password`, `auth.user.password`, `auth.readUser.password`, and `auth.writeUser.password` will be ignored and picked up from this secret)
182
##
183
existingSecret: ""
184
## InfluxDB(TM) backend parameters
185
##
186
influxdb:
187
## @param influxdb.configuration Specify content for influxdb.conf
188
## Alternatively, you can put your config.yaml under the files/conf/ directory
189
##
190
## configuration: |-
191
## reporting-disabled: true
192
## http-bind-address: "127.0.0.1:8086"
193
## ...
194
##
195
configuration: ""
196
## @param influxdb.existingConfiguration Name of existing ConfigMap object with the InfluxDB(TM) configuration (`influxdb.configuration` will be ignored).
197
##
198
existingConfiguration: ""
199
## @param influxdb.initdbScripts Dictionary of initdb scripts
200
## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory
201
##
202
## initdbScripts:
203
## my_init_script.sh: |
204
## #!/bin/sh
205
## echo "Do something."
206
initdbScripts: {}
207
## @param influxdb.initdbScriptsCM Name of existing ConfigMap object with the initdb scripts (`influxdb.initdbScripts` will be ignored).
208
##
209
initdbScriptsCM: ""
210
## @param influxdb.initdbScriptsSecret Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`)
211
##
212
initdbScriptsSecret: ""
213
## @param influxdb.podAffinityPreset InfluxDB(TM) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
214
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
215
##
216
podAffinityPreset: ""
217
## @param influxdb.podAntiAffinityPreset InfluxDB(TM) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
218
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
219
##
220
podAntiAffinityPreset: soft
221
## Node affinity preset
222
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
223
##
224
nodeAffinityPreset:
225
## @param influxdb.nodeAffinityPreset.type InfluxDB(TM) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
226
type: ""
227
## @param influxdb.nodeAffinityPreset.key InfluxDB(TM) Node label key to match Ignored if `affinity` is set.
228
## E.g.
229
## key: "kubernetes.io/e2e-az-name"
230
##
231
key: ""
232
## @param influxdb.nodeAffinityPreset.values InfluxDB(TM) Node label values to match. Ignored if `affinity` is set.
233
## E.g.
234
## values:
235
## - e2e-az1
236
## - e2e-az2
237
##
238
values: []
239
## @param influxdb.affinity InfluxDB(TM) Affinity for pod assignment
240
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
241
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
242
##
243
affinity: {}
244
## @param influxdb.nodeSelector InfluxDB(TM) Node labels for pod assignment
245
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
246
##
247
nodeSelector: {}
248
## @param influxdb.tolerations InfluxDB(TM) Tolerations for pod assignment
249
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
250
##
251
tolerations: []
252
## @param influxdb.podAnnotations Annotations for InfluxDB(TM) pods
253
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
254
##
255
podAnnotations: {}
256
## @param influxdb.podLabels Extra labels for InfluxDB(TM) pods
257
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
258
##
259
podLabels: {}
260
## @param influxdb.automountServiceAccountToken Mount Service Account token in pod
261
##
262
automountServiceAccountToken: false
263
## @param influxdb.hostAliases InfluxDB(TM) pods host aliases
264
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
265
##
266
hostAliases: []
267
## @param influxdb.revisionHistoryLimit InfluxDB(TM) statefulset/deployment revision history limit
268
##
269
revisionHistoryLimit: 10
270
## @param influxdb.updateStrategy.type InfluxDB(TM) statefulset/deployment strategy type
271
## Statefulset ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
272
## Deployment ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
273
##
274
updateStrategy:
275
## StrategyType
276
## Can be set to RollingUpdate or OnDelete
277
##
278
type: RollingUpdate
279
## @param influxdb.priorityClassName InfluxDB(TM) pods' priorityClassName
280
##
281
priorityClassName: ""
282
## @param influxdb.schedulerName Name of the k8s scheduler (other than default)
283
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
284
##
285
schedulerName: ""
286
## @param influxdb.topologySpreadConstraints Topology Spread Constraints for pod assignment
287
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
288
## The value is evaluated as a template
289
##
290
topologySpreadConstraints: []
291
## @param influxdb.podManagementPolicy podManagementPolicy to manage scaling operation of InfluxDB(TM) pods
292
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
293
##
294
podManagementPolicy: OrderedReady
295
## Configure Pods Security Context
296
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
297
## @param influxdb.podSecurityContext.enabled Enabled InfluxDB(TM) pods' Security Context
298
## @param influxdb.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
299
## @param influxdb.podSecurityContext.sysctls Set kernel settings using the sysctl interface
300
## @param influxdb.podSecurityContext.supplementalGroups Set filesystem extra groups
301
## @param influxdb.podSecurityContext.fsGroup Set InfluxDB(TM) pod's Security Context fsGroup
302
##
303
podSecurityContext:
304
enabled: true
305
fsGroupChangePolicy: Always
306
sysctls: []
307
supplementalGroups: []
308
fsGroup: 1001
309
## Configure Container Security Context
310
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
311
## @param influxdb.containerSecurityContext.enabled Enabled containers' Security Context
312
## @param influxdb.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
313
## @param influxdb.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
314
## @param influxdb.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
315
## @param influxdb.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
316
## @param influxdb.containerSecurityContext.privileged Set container's Security Context privileged
317
## @param influxdb.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
318
## @param influxdb.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
319
## @param influxdb.containerSecurityContext.capabilities.drop List of capabilities to be dropped
320
## @param influxdb.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
321
##
322
containerSecurityContext:
323
enabled: true
324
seLinuxOptions: {}
325
runAsUser: 1001
326
runAsGroup: 1001
327
runAsNonRoot: true
328
privileged: false
329
readOnlyRootFilesystem: true
330
allowPrivilegeEscalation: false
331
capabilities:
332
drop: ["ALL"]
333
seccompProfile:
334
type: "RuntimeDefault"
335
## InfluxDB(TM) pods' resource requests and limits
336
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
337
## We usually recommend not to specify default resources and to leave this as a conscious
338
## choice for the user. This also increases chances charts run on environments with little
339
## resources, such as Minikube. If you do want to specify resources, uncomment the following
340
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
341
## @param influxdb.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production).
342
##
343
resourcesPreset: "nano"
344
## @param influxdb.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
345
## Example:
346
## resources:
347
## requests:
348
## cpu: 2
349
## memory: 512Mi
350
## limits:
351
## cpu: 3
352
## memory: 1024Mi
353
##
354
resources: {}
355
## @param influxdb.command Override default container command (useful when using custom images)
356
##
357
command: []
358
## @param influxdb.args Override default container args (useful when using custom images)
359
##
360
args: []
361
## @param influxdb.lifecycleHooks for the InfluxDB(TM) container(s) to automate configuration before or after startup
362
##
363
lifecycleHooks: {}
364
## @param influxdb.extraEnvVars Array containing extra env vars to configure InfluxDB(TM)
365
## For example:
366
## extraEnvVars:
367
## - name: INFLUXDB_DATA_QUERY_LOG_ENABLED
368
## value: "true"
369
##
370
extraEnvVars: []
371
## @param influxdb.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for InfluxDB(TM) nodes
372
##
373
extraEnvVarsCM: ""
374
## @param influxdb.extraEnvVarsSecret Name of existing Secret containing extra env vars for InfluxDB(TM) nodes
375
##
376
extraEnvVarsSecret: ""
377
## @param influxdb.extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting extraVolumeMounts
378
##
379
extraVolumes: []
380
## @param influxdb.extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with extraVolumes.
381
##
382
extraVolumeMounts: []
383
## @param influxdb.containerPorts.http InfluxDB(TM) container HTTP port
384
## @param influxdb.containerPorts.rpc InfluxDB(TM) container RPC port
385
##
386
containerPorts:
387
http: 8086
388
rpc: 8088
389
## Configure extra options for InfluxDB(TM) containers' liveness, readiness and startup probes
390
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
391
## @param influxdb.startupProbe.enabled Enable startupProbe
392
## @param influxdb.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
393
## @param influxdb.startupProbe.periodSeconds Period seconds for startupProbe
394
## @param influxdb.startupProbe.timeoutSeconds Timeout seconds for startupProbe
395
## @param influxdb.startupProbe.failureThreshold Failure threshold for startupProbe
396
## @param influxdb.startupProbe.successThreshold Success threshold for startupProbe
397
##
398
startupProbe:
399
enabled: false
400
initialDelaySeconds: 180
401
periodSeconds: 45
402
timeoutSeconds: 30
403
successThreshold: 1
404
failureThreshold: 6
405
## @param influxdb.livenessProbe.enabled Enable livenessProbe
406
## @param influxdb.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
407
## @param influxdb.livenessProbe.periodSeconds Period seconds for livenessProbe
408
## @param influxdb.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
409
## @param influxdb.livenessProbe.failureThreshold Failure threshold for livenessProbe
410
## @param influxdb.livenessProbe.successThreshold Success threshold for livenessProbe
411
##
412
livenessProbe:
413
enabled: true
414
initialDelaySeconds: 180
415
periodSeconds: 45
416
timeoutSeconds: 30
417
successThreshold: 1
418
failureThreshold: 6
419
## @param influxdb.readinessProbe.enabled Enable readinessProbe
420
## @param influxdb.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
421
## @param influxdb.readinessProbe.periodSeconds Period seconds for readinessProbe
422
## @param influxdb.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
423
## @param influxdb.readinessProbe.failureThreshold Failure threshold for readinessProbe
424
## @param influxdb.readinessProbe.successThreshold Success threshold for readinessProbe
425
##
426
readinessProbe:
427
enabled: true
428
initialDelaySeconds: 60
429
periodSeconds: 45
430
timeoutSeconds: 30
431
successThreshold: 1
432
failureThreshold: 6
433
## @param influxdb.customStartupProbe Override default startup probe
434
##
435
customStartupProbe: {}
436
## @param influxdb.customLivenessProbe Override default liveness probe
437
##
438
customLivenessProbe: {}
439
## @param influxdb.customReadinessProbe Override default readiness probe
440
##
441
customReadinessProbe: {}
442
## @param influxdb.sidecars Add additional sidecar containers to the InfluxDB(TM) pod(s)
443
## e.g:
444
## sidecars:
445
## - name: your-image-name
446
## image: your-image
447
## imagePullPolicy: Always
448
## ports:
449
## - name: portname
450
## containerPort: 1234
451
##
452
sidecars: []
453
## @param influxdb.initContainers Add additional init containers to the InfluxDB(TM) pod(s)
454
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
455
## e.g:
456
## initContainers:
457
## - name: your-image-name
458
## image: your-image
459
## imagePullPolicy: Always
460
## command: ['sh', '-c', 'echo "hello world"']
461
##
462
initContainers: []
463
## Pod Disruption Budget configuration
464
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
465
## @param influxdb.pdb.create Enable/disable a Pod Disruption Budget creation
466
## @param influxdb.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
467
## @param influxdb.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `influxdb.pdb.minAvailable` and `influxdb.pdb.maxUnavailable` are empty.
468
##
469
pdb:
470
create: true
471
minAvailable: ""
472
maxUnavailable: ""
473
## Service parameters
474
##
475
service:
476
## @param influxdb.service.type Kubernetes service type (`ClusterIP`, `NodePort` or `LoadBalancer`)
477
##
478
type: ClusterIP
479
## @param influxdb.service.ports.http InfluxDB(TM) HTTP port
480
## @param influxdb.service.ports.rpc InfluxDB(TM) RPC port
481
##
482
ports:
483
http: 8086
484
rpc: 8088
485
## @param influxdb.service.nodePorts [object] Specify the nodePort(s) value for the LoadBalancer and NodePort service types.
486
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
487
##
488
nodePorts:
489
http: ""
490
rpc: ""
491
## @param influxdb.service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer`
492
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
493
##
494
loadBalancerIP: ""
495
## @param influxdb.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer
496
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
497
##
498
## loadBalancerSourceRanges:
499
## - 10.10.10.0/24
500
loadBalancerSourceRanges: []
501
## @param influxdb.service.clusterIP Static clusterIP or None for headless services
502
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
503
## e.g:
504
## clusterIP: None
505
##
506
clusterIP: ""
507
## @param influxdb.service.externalTrafficPolicy InfluxDB(TM) service external traffic policy
508
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
509
##
510
externalTrafficPolicy: Cluster
511
## @param influxdb.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
512
##
513
extraPorts: []
514
## @param influxdb.service.annotations Annotations for InfluxDB(TM) service
515
##
516
annotations: {}
517
## @param influxdb.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
518
## If "ClientIP", consecutive client requests will be directed to the same Pod
519
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
520
##
521
sessionAffinity: None
522
## @param influxdb.service.sessionAffinityConfig Additional settings for the sessionAffinity
523
## sessionAffinityConfig:
524
## clientIP:
525
## timeoutSeconds: 300
526
sessionAffinityConfig: {}
527
## @section InfluxDB Collectd™ parameters
528
collectd:
529
## @param collectd.enabled InfluxDB Collectd™ service enable
530
##
531
enabled: false
532
service:
533
## @param collectd.service.type Kubernetes service type (`ClusterIP`, `NodePort` or `LoadBalancer`)
534
##
535
type: ClusterIP
536
## @param collectd.service.port InfluxDB Collectd™ UDP port (should match with corresponding port in influxdb.conf)
537
## This requires corresponding configuration in influxdb.conf to enable
538
## collectd block
539
##
540
port: 25826
541
## @param collectd.service.nodePort Kubernetes HTTP node port
542
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
543
##
544
nodePort: ""
545
## @param collectd.service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer`
546
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
547
##
548
loadBalancerIP: ""
549
## @param collectd.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer
550
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
551
##
552
## loadBalancerSourceRanges:
553
## - 10.10.10.0/24
554
loadBalancerSourceRanges: []
555
## @param collectd.service.clusterIP Static clusterIP or None for headless services
556
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
557
## e.g:
558
## clusterIP: None
559
##
560
clusterIP: ""
561
## @param collectd.service.externalTrafficPolicy InfluxDB Collectd™ service external traffic policy
562
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
563
##
564
externalTrafficPolicy: Cluster
565
## @param collectd.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
566
##
567
extraPorts: []
568
## @param collectd.service.annotations Annotations for InfluxDB Collectd™ service
569
## metallb.universe.tf/allow-shared-ip: "true"
570
##
571
annotations: {}
572
## @param collectd.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
573
## If "ClientIP", consecutive client requests will be directed to the same mongos Pod
574
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
575
##
576
sessionAffinity: None
577
## @param collectd.service.sessionAffinityConfig Additional settings for the sessionAffinity
578
## sessionAffinityConfig:
579
## clientIP:
580
## timeoutSeconds: 300
581
##
582
sessionAffinityConfig: {}
583
## @section Exposing parameters
584
585
## Configure the ingress resource that allows you to access the
586
## influxdb installation. Set up the URL
587
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
588
##
589
ingress:
590
## @param ingress.enabled Enable ingress controller resource
591
##
592
enabled: false
593
## @param ingress.tls Create TLS Secret
594
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" (tpl .Values.ingress.hostname .) }}
595
## You can use the ingress.secrets parameter to create this TLS secret on cert-manager to create it
596
##
597
tls: false
598
## DEPRECATED: Use ingress.annotations instead of ingress.certManager
599
## certManager: false
600
##
601
602
## @param ingress.pathType Ingress path type
603
##
604
pathType: ImplementationSpecific
605
## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
606
##
607
apiVersion: ""
608
## @param ingress.hostname Default host for the ingress resource (evaluated as template)
609
##
610
hostname: influxdb.local
611
## @param ingress.path Ingress path*' in order to use this
612
## with ALB ingress controllers.
613
##
614
path: /
615
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
616
## For a full list of possible ingress annotations, please see
617
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
618
## Use this parameter to set the required annotations for cert-manager, see
619
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
620
##
621
## e.g:
622
## annotations:
623
## kubernetes.io/ingress.class: nginx
624
## cert-manager.io/cluster-issuer: cluster-issuer-name
625
##
626
annotations: {}
627
## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
628
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
629
## extraHosts:
630
## - name: influxdb.local
631
## path: /
632
##
633
extraHosts: []
634
## @param ingress.extraPaths Additional arbitrary path/backend objects
635
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
636
## extraPaths:
637
## - path: /*
638
## backend:
639
## serviceName: ssl-redirect
640
## servicePort: use-annotation
641
##
642
extraPaths: []
643
## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
644
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
645
## extraTls:
646
## - hosts:
647
## - influxdb.local
648
## secretName: influxdb.local-tls
649
##
650
extraTls: []
651
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
652
## key and certificate should start with -----BEGIN CERTIFICATE----- or
653
## -----BEGIN RSA PRIVATE KEY-----
654
##
655
## name should line up with a tlsSecret set further up
656
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
657
##
658
## It is also possible to create and manage the certificates outside of this helm chart
659
## Please see README.md for more information
660
## - name: influxdb.local-tls
661
## key:
662
## certificate:
663
##
664
secrets: []
665
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
666
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
667
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
668
##
669
ingressClassName: ""
670
## @param ingress.extraRules Additional rules to be covered with this ingress record
671
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
672
## e.g:
673
## extraRules:
674
## - host: example.local
675
## http:
676
## path: /
677
## backend:
678
## service:
679
## name: example-svc
680
## port:
681
## name: http
682
##
683
extraRules: []
684
## @section Metrics parameters
685
686
## Prometheus metrics
687
## ref: https://docs.influxdata.com/influxdb/v1.7/administration/server_monitoring/#influxdb-metrics-http-endpoint
688
##
689
metrics:
690
## @param metrics.enabled Enable the export of Prometheus metrics
691
##
692
enabled: false
693
service:
694
## @param metrics.service.type Kubernetes service type (`ClusterIP`, `NodePort` or `LoadBalancer`)
695
##
696
type: ClusterIP
697
## @param metrics.service.port InfluxDB(TM) Prometheus port
698
##
699
port: 9122
700
## @param metrics.service.nodePort Kubernetes HTTP node port
701
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
702
##
703
nodePort: ""
704
## @param metrics.service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer`
705
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
706
##
707
loadBalancerIP: ""
708
## @param metrics.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer
709
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
710
##
711
## loadBalancerSourceRanges:
712
## - 10.10.10.0/24
713
loadBalancerSourceRanges: []
714
## @param metrics.service.clusterIP Static clusterIP or None for headless services
715
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
716
## e.g:
717
## clusterIP: None
718
##
719
clusterIP: ""
720
## @param metrics.service.annotations [object] Annotations for the Prometheus metrics service
721
##
722
annotations:
723
prometheus.io/scrape: "true"
724
prometheus.io/port: "{{ .Values.metrics.service.port }}"
725
prometheus.io/path: "/metrics"
726
## @param metrics.service.externalTrafficPolicy Service external traffic policy
727
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
728
##
729
externalTrafficPolicy: Cluster
730
## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
731
##
732
extraPorts: []
733
## @param metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
734
## If "ClientIP", consecutive client requests will be directed to the same mongos Pod
735
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
736
##
737
sessionAffinity: None
738
## @param metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity
739
## sessionAffinityConfig:
740
## clientIP:
741
## timeoutSeconds: 300
742
##
743
sessionAffinityConfig: {}
744
## Prometheus Operator ServiceMonitor configuration
745
##
746
serviceMonitor:
747
## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
748
##
749
enabled: false
750
## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
751
## e.g:
752
## namespace: monitoring
753
##
754
namespace: ""
755
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped.
756
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
757
## e.g:
758
## interval: 10s
759
##
760
interval: ""
761
## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
762
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
763
## e.g:
764
## scrapeTimeout: 10s
765
##
766
scrapeTimeout: ""
767
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
768
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
769
##
770
relabelings: []
771
## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
772
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
773
##
774
metricRelabelings: []
775
## @param metrics.serviceMonitor.selector Prometheus instance selector labels
776
## e.g:
777
## selector:
778
## prometheus: my-prometheus
779
##
780
selector: {}
781
## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
782
##
783
honorLabels: false
784
## Network Policies
785
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
786
##
787
networkPolicy:
788
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
789
##
790
enabled: true
791
## @param networkPolicy.allowExternal Don't require server label for connections
792
## The Policy model to apply. When set to false, only pods with the correct
793
## server label will have network access to the ports server is listening
794
## on. When true, server will accept connections from any source
795
## (with the correct destination port).
796
##
797
allowExternal: true
798
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
799
##
800
allowExternalEgress: true
801
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
802
## e.g:
803
## extraIngress:
804
## - ports:
805
## - port: 1234
806
## from:
807
## - podSelector:
808
## - matchLabels:
809
## - role: frontend
810
## - podSelector:
811
## - matchExpressions:
812
## - key: role
813
## operator: In
814
## values:
815
## - frontend
816
extraIngress: []
817
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
818
## e.g:
819
## extraEgress:
820
## - ports:
821
## - port: 1234
822
## to:
823
## - podSelector:
824
## - matchLabels:
825
## - role: frontend
826
## - podSelector:
827
## - matchExpressions:
828
## - key: role
829
## operator: In
830
## values:
831
## - frontend
832
##
833
extraEgress: []
834
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
835
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
836
##
837
ingressNSMatchLabels: {}
838
ingressNSPodMatchLabels: {}
839
## Persistence parameters
840
##
841
persistence:
842
## @param persistence.enabled Enable data persistence
843
##
844
enabled: true
845
## @param persistence.existingClaim Use a existing PVC which must be created manually before bound
846
## If defined, PVC must be created manually before volume will be bound
847
## The value is evaluated as a template
848
##
849
existingClaim: ""
850
## @param persistence.storageClass Specify the `storageClass` used to provision the volume
851
## If defined, storageClassName: <storageClass>
852
## If set to "-", storageClassName: "", which disables dynamic provisioning
853
## If undefined (the default) or set to null, no storageClassName spec is
854
## set, choosing the default provisioner.
855
##
856
storageClass: ""
857
## @param persistence.accessModes Access mode of data volume
858
##
859
accessModes:
860
- ReadWriteOnce
861
## @param persistence.size Size of data volume
862
##
863
size: 8Gi
864
## @param persistence.annotations Persistent Volume Claim annotations
865
##
866
annotations: {}
867
## Pod Service Account
868
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
869
## @param serviceAccount.create Specifies whether a ServiceAccount should be created
870
## @param serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
871
## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account
872
## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
873
##
874
serviceAccount:
875
## DEPRECATED: serviceAccount.enabled - Use serviceAccount.create instead
876
##
877
#enabled: false
878
create: true
879
name: ""
880
automountServiceAccountToken: false
881
annotations: {}
882
## Pod Security Policy
883
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
884
## @param psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
885
##
886
psp:
887
create: false
888
## Role Based Access
889
## Ref: https://kubernetes.io/docs/admin/authorization/rbac/
890
## @param rbac.create Create Role and RoleBinding (required for PSP to work)
891
##
892
rbac:
893
create: false
894
## @section Volume permissions parameters
895
896
## Init Container parameters
897
## Change the owner and group of the persistent volume mountpoint to 'runAsUser:fsGroup'
898
## values from the securityContext section.
899
##
900
volumePermissions:
901
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume mountpoint to `runAsUser:fsGroup`
902
##
903
enabled: false
904
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
905
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image name
906
## @skip volumePermissions.image.tag Init container volume-permissions image tag
907
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
908
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
909
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
910
##
911
image:
912
registry: cgr.dev
913
repository: chainguard-private/os-shell-iamguarded
914
tag: 1.0.0
915
digest: ""
916
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
917
##
918
pullPolicy: IfNotPresent
919
## Optionally specify an array of imagePullSecrets.
920
## Secrets must be manually created in the namespace.
921
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
922
## e.g:
923
## pullSecrets:
924
## - myRegistryKeySecretName
925
##
926
pullSecrets: []
927
## Init container Security Context
928
## Note: the chown of the data folder is done to securityContext.runAsUser
929
## and not the below volumePermissions.securityContext.runAsUser
930
## When runAsUser is set to special value "auto", init container will try to chwon the
931
## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
932
## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed).
933
## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with
934
## pod securityContext.enabled=false and shmVolume.chmod.enabled=false
935
## @param volumePermissions.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
936
## @param volumePermissions.securityContext.runAsUser User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto")
937
##
938
securityContext:
939
seLinuxOptions: {}
940
runAsUser: 0
941
## @section InfluxDB(TM) backup parameters
942
backup:
943
## @param backup.enabled Enable InfluxDB(TM) backup
944
##
945
enabled: false
946
## @param backup.directory Directory where backups are stored
947
##
948
directory: "/backups"
949
## @param backup.retentionDays Retention time in days for backups (older backups are deleted)
950
##
951
retentionDays: 10
952
## Persistence parameters
953
##
954
persistence:
955
## @param backup.persistence.ownConfig Prefer independent own persistence parameters to configure the backup volume
956
## When set to `false` (for backwards compatibility), the rest of the persistence parameters below will be ignored.
957
## This parameter will be set to `true` and removed in a future release.
958
##
959
ownConfig: false
960
## @param backup.persistence.enabled Enable data persistence for backup volume
961
##
962
enabled: true
963
## @param backup.persistence.existingClaim Use a existing PVC which must be created manually before bound
964
## If defined, PVC must be created manually before volume will be bound
965
## The value is evaluated as a template
966
##
967
existingClaim: ""
968
## @param backup.persistence.storageClass Specify the `storageClass` used to provision the volume
969
## If defined, storageClassName: <storageClass>
970
## If set to "-", storageClassName: "", which disables dynamic provisioning
971
## If undefined (the default) or set to null, no storageClassName spec is
972
## set, choosing the default provisioner.
973
##
974
storageClass: ""
975
## @param backup.persistence.accessModes Access mode of data volume
976
##
977
accessModes:
978
- ReadWriteOnce
979
## @param backup.persistence.size Size of data volume
980
##
981
size: 8Gi
982
## @param backup.persistence.annotations Persistent Volume Claim annotations
983
##
984
annotations: {}
985
## Cronjob configuration
986
## This cronjob is used to create InfluxDB(TM) backups
987
##
988
cronjob:
989
## @param backup.cronjob.schedule Schedule in Cron format to save snapshots
990
## See https://en.wikipedia.org/wiki/Cron
991
##
992
schedule: "0 2 * * *"
993
## @param backup.cronjob.historyLimit Number of successful finished jobs to retain
994
##
995
historyLimit: 1
996
##
997
## Option to include ca-bundle
998
##
999
caBundle:
1000
## @param backup.cronjob.caBundle.enabled Boolean flag to enable/disable the inclusion of a CA bundle for backup CronJob.
1001
## If enabled a configmap should be created with key as ca-bundle.crt and value to be the actual CA Bundle
1002
##
1003
enabled: false
1004
## @param backup.cronjob.caBundle.existingConfigMap Name of the existing ConfigMap that contains the CA bundle for SSL Communication.
1005
##
1006
existingConfigMap: ""
1007
## @param backup.cronjob.caBundle.mountPath The path inside the CronJob container where the CA bundle will be mounted.
1008
##
1009
mountPath: "/opt/ca-certificates/ca-bundle.crt"
1010
## @param backup.cronjob.caBundle.subPath The filename within the mountPath directory where the CA bundle will be available.
1011
##
1012
subPath: "ca-bundle.crt"
1013
##
1014
## @param backup.cronjob.podAnnotations Pod annotations
1015
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1016
##
1017
podAnnotations: {}
1018
## K8s Security Context for Backup Cronjob pods
1019
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
1020
## @param backup.cronjob.podSecurityContext.enabled Enable security context for InfluxDB(TM) backup pods
1021
## @param backup.cronjob.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
1022
## @param backup.cronjob.podSecurityContext.sysctls Set kernel settings using the sysctl interface
1023
## @param backup.cronjob.podSecurityContext.supplementalGroups Set filesystem extra groups
1024
## @param backup.cronjob.podSecurityContext.fsGroup Group ID for the InfluxDB(TM) filesystem
1025
##
1026
podSecurityContext:
1027
enabled: true
1028
fsGroupChangePolicy: Always
1029
sysctls: []
1030
supplementalGroups: []
1031
fsGroup: 1001
1032
## K8s Security Context for Backup Cronjob containers
1033
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
1034
## @param backup.cronjob.containerSecurityContext.enabled Enabled containers' Security Context
1035
## @param backup.cronjob.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1036
## @param backup.cronjob.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
1037
## @param backup.cronjob.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
1038
## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
1039
## @param backup.cronjob.containerSecurityContext.privileged Set container's Security Context privileged
1040
## @param backup.cronjob.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
1041
## @param backup.cronjob.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
1042
## @param backup.cronjob.containerSecurityContext.capabilities.drop List of capabilities to be dropped
1043
## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1044
containerSecurityContext:
1045
enabled: true
1046
seLinuxOptions: {}
1047
runAsUser: 1001
1048
runAsGroup: 1001
1049
runAsNonRoot: true
1050
privileged: false
1051
readOnlyRootFilesystem: true
1052
allowPrivilegeEscalation: false
1053
capabilities:
1054
drop: ["ALL"]
1055
seccompProfile:
1056
type: "RuntimeDefault"
1057
## @param backup.cronjob.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production).
1058
##
1059
resourcesPreset: "none"
1060
## @param backup.cronjob.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1061
## Example:
1062
## resources:
1063
## requests:
1064
## cpu: 2
1065
## memory: 512Mi
1066
## limits:
1067
## cpu: 3
1068
## memory: 1024Mi
1069
##
1070
resources: {}
1071
## @param backup.podAffinityPreset Backup ™ Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1072
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1073
##
1074
podAffinityPreset: ""
1075
## @param backup.podAntiAffinityPreset Backup™ Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1076
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1077
##
1078
podAntiAffinityPreset: soft
1079
## Node affinity preset
1080
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1081
##
1082
nodeAffinityPreset:
1083
## @param backup.nodeAffinityPreset.type Backup™ Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1084
type: ""
1085
## @param backup.nodeAffinityPreset.key Backup™ Node label key to match Ignored if `affinity` is set.
1086
## E.g.
1087
## key: "kubernetes.io/e2e-az-name"
1088
##
1089
key: ""
1090
## @param backup.nodeAffinityPreset.values Backup™ Node label values to match. Ignored if `affinity` is set.
1091
## E.g.
1092
## values:
1093
## - e2e-az1
1094
## - e2e-az2
1095
##
1096
values: []
1097
## @param backup.affinity Backup™ Affinity for backup pod assignment
1098
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1099
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
1100
##
1101
affinity: {}
1102
## @param backup.nodeSelector Backup™ Node labels for backup pod assignment
1103
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1104
##
1105
nodeSelector: {}
1106
## @param backup.tolerations Backup™ Tolerations for backup pod assignment
1107
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1108
##
1109
tolerations: []
1110
## Storage providers where to upload backups
1111
##
1112
uploadProviders:
1113
## Google Storage Bucket configuration
1114
## @param backup.uploadProviders.google.enabled enable upload to google storage bucket
1115
## @param backup.uploadProviders.google.secret json secret with serviceaccount data to access Google storage bucket
1116
## @param backup.uploadProviders.google.secretKey service account secret key name
1117
## @param backup.uploadProviders.google.existingSecret Name of existing secret object with Google serviceaccount json credentials
1118
## @param backup.uploadProviders.google.bucketName google storage bucket name name
1119
##
1120
google:
1121
enabled: false
1122
secret: ""
1123
secretKey: "key.json"
1124
existingSecret: ""
1125
bucketName: "gs://bucket/influxdb"
1126
## Iamguarded Google Cloud SDK image
1127
## @param backup.uploadProviders.google.image.registry [default: REGISTRY_NAME] Google Cloud SDK image registry
1128
## @param backup.uploadProviders.google.image.repository [default: REPOSITORY_NAME/google-cloud-sdk] Google Cloud SDK image name
1129
## @skip backup.uploadProviders.google.image.tag Google Cloud SDK image tag
1130
## @param backup.uploadProviders.google.image.digest Google Cloud SDK image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
1131
## @param backup.uploadProviders.google.image.pullPolicy Google Cloud SDK image pull policy
1132
## @param backup.uploadProviders.google.image.pullSecrets Specify docker-registry secret names as an array
1133
##
1134
image:
1135
registry: cgr.dev
1136
repository: chainguard-private/google-cloud-sdk-iamguarded
1137
tag: 559.0.0
1138
digest: ""
1139
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
1140
##
1141
pullPolicy: IfNotPresent
1142
## Optionally specify an array of imagePullSecrets.
1143
## Secrets must be manually created in the namespace.
1144
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1145
## e.g:
1146
## pullSecrets:
1147
## - myRegistryKeySecretName
1148
##
1149
pullSecrets: []
1150
## @param backup.uploadProviders.google.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production).
1151
##
1152
resourcesPreset: "none"
1153
## @param backup.uploadProviders.google.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1154
## Example:
1155
## resources:
1156
## requests:
1157
## cpu: 2
1158
## memory: 512Mi
1159
## limits:
1160
## cpu: 3
1161
## memory: 1024Mi
1162
##
1163
resources: {}
1164
## Azure Storage Container configuration
1165
##
1166
azure:
1167
## @param backup.uploadProviders.azure.enabled Enable upload to azure storage container
1168
## @param backup.uploadProviders.azure.secret Secret with credentials to access Azure storage
1169
## @param backup.uploadProviders.azure.secretKey Service account secret key name
1170
## @param backup.uploadProviders.azure.existingSecret Name of existing secret object
1171
## @param backup.uploadProviders.azure.containerName Destination container
1172
enabled: false
1173
secret: ""
1174
secretKey: "connection-string"
1175
existingSecret: ""
1176
containerName: "influxdb-container"
1177
## Iamguarded Azure CLI image
1178
## @param backup.uploadProviders.azure.image.registry [default: REGISTRY_NAME] Azure CLI image registry
1179
## @param backup.uploadProviders.azure.image.repository [default: REPOSITORY_NAME/azure-cli] Azure CLI image repository
1180
## @skip backup.uploadProviders.azure.image.tag Azure CLI image tag (immutable tags are recommended)
1181
## @param backup.uploadProviders.azure.image.digest Azure CLI image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
1182
## @param backup.uploadProviders.azure.image.pullPolicy Azure CLI image pull policy
1183
## @param backup.uploadProviders.azure.image.pullSecrets Specify docker-registry secret names as an array
1184
##
1185
image:
1186
registry: cgr.dev
1187
repository: chainguard-private/az-iamguarded
1188
tag: 2.84.0
1189
digest: ""
1190
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
1191
##
1192
pullPolicy: IfNotPresent
1193
## Optionally specify an array of imagePullSecrets.
1194
## Secrets must be manually created in the namespace.
1195
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1196
## e.g:
1197
## pullSecrets:
1198
## - myRegistryKeySecretName
1199
##
1200
pullSecrets: []
1201
## @param backup.uploadProviders.azure.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production).
1202
##
1203
resourcesPreset: "none"
1204
## @param backup.uploadProviders.azure.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1205
## Example:
1206
## resources:
1207
## requests:
1208
## cpu: 2
1209
## memory: 512Mi
1210
## limits:
1211
## cpu: 3
1212
## memory: 1024Mi
1213
##
1214
resources: {}
1215
aws:
1216
## @param backup.uploadProviders.aws.enabled Enable upload to aws s3 bucket
1217
## @param backup.uploadProviders.aws.accessKeyID Access Key ID to access aws s3
1218
## @param backup.uploadProviders.aws.secretAccessKey Secret Access Key to access aws s3
1219
## @param backup.uploadProviders.aws.region Region of aws s3 bucket
1220
## @param backup.uploadProviders.aws.existingSecret Name of existing secret object
1221
## @param backup.uploadProviders.aws.bucketName aws s3 bucket name
1222
## @param backup.uploadProviders.aws.endpoint aws s3 endpoint, no value default public endpoint aws s3 endpoint
1223
## @param backup.uploadProviders.aws.usePasswordFiles Mount aws s3 credentials as files instead of using environment variables
1224
enabled: false
1225
accessKeyID: ""
1226
secretAccessKey: ""
1227
region: "us-east-1"
1228
existingSecret: ""
1229
bucketName: "s3://bucket/influxdb"
1230
endpoint: ""
1231
usePasswordFiles: true
1232
## Iamguarded AWS CLI image
1233
## @param backup.uploadProviders.aws.image.registry [default: REGISTRY_NAME] AWS CLI image registry
1234
## @param backup.uploadProviders.aws.image.repository [default: REPOSITORY_NAME/aws-cli] AWS CLI image repository
1235
## @skip backup.uploadProviders.aws.image.tag AWS CLI image tag (immutable tags are recommended)
1236
## @param backup.uploadProviders.aws.image.digest AWS CLI image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
1237
## @param backup.uploadProviders.aws.image.pullPolicy AWS CLI image pull policy
1238
## @param backup.uploadProviders.aws.image.pullSecrets Specify docker-registry secret names as an array
1239
##
1240
image:
1241
registry: cgr.dev
1242
repository: chainguard-private/aws-cli-iamguarded
1243
tag: 2.34.4
1244
digest: ""
1245
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
1246
##
1247
pullPolicy: IfNotPresent
1248
## Optionally specify an array of imagePullSecrets.
1249
## Secrets must be manually created in the namespace.
1250
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1251
## e.g:
1252
## pullSecrets:
1253
## - myRegistryKeySecretName
1254
##
1255
pullSecrets: []
1256
## @param backup.uploadProviders.aws.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if influxdb.resources is set (influxdb.resources is recommended for production).
1257
##
1258
resourcesPreset: "none"
1259
## @param backup.uploadProviders.aws.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1260
## Example:
1261
## resources:
1262
## requests:
1263
## cpu: 2
1264
## memory: 512Mi
1265
## limits:
1266
## cpu: 3
1267
## memory: 1024Mi
1268
##
1269
resources: {}
1270