-
Notifications
You must be signed in to change notification settings - Fork 28
/
Copy pathvalues.yaml
385 lines (362 loc) · 14.6 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
# -- The name of the chart deployment (can be overridden)
nameOverride: ""
# -- The full name of the release (can be overridden)
fullnameOverride: ""
# -- A Connect version to override the "tag" for the Posit Connect image and the Content Init image. Necessary until https://github.com/helm/helm/issues/8194
versionOverride: ""
sharedStorage:
# -- Whether to create the persistentVolumeClaim for shared storage
create: false
# -- The name of the pvc. By default, computes a value from the release name
name: ""
# -- Whether the persistentVolumeClaim should be mounted (even if not created)
mount: false
# -- The path to mount the sharedStorage claim within the Connect pod
path: /var/lib/rstudio-connect
# -- Whether the persistentVolumeClaim should be mounted to the content pods created by the Launcher
mountContent: true
# -- The type of storage to use. Must allow ReadWriteMany
storageClassName: false
# -- A list of accessModes that are defined for the storage PVC (represented as YAML)
accessModes:
- ReadWriteMany
requests:
# -- The volume of storage to request for this persistent volume claim
storage: "10Gi"
# -- Annotations for the Persistent Volume Claim
annotations:
helm.sh/resource-policy: keep
# -- selector for PVC definition
selector: {}
# -- the volumeName passed along to the persistentVolumeClaim. Optional
volumeName: ""
# -- an optional subPath for the volume mount
subPath: ""
rbac:
# -- Whether to create rbac. (also depends on launcher.enabled = true)
create: true
# -- Whether to create the ClusterRole that grants access to the Kubernetes nodes API. This is used by the Launcher
# to get all of the IP addresses associated with the node that is running a particular job. In most cases, this can
# be disabled as the node's internal address is sufficient to allow proper functionality.
clusterRoleCreate: false
# -- The serviceAccount to be associated with rbac (also depends on launcher.enabled = true)
serviceAccount:
create: true
name: ""
annotations: {}
labels: {}
# -- Extra objects to deploy (value evaluated as a template)
extraObjects: []
# -- A map used verbatim as the pod's "affinity" definition
affinity: {}
# -- A map used verbatim as the pod's "nodeSelector" definition
nodeSelector: {}
# -- An array used verbatim as the pod's "topologySpreadConstraints" definition
topologySpreadConstraints: []
# -- An array used verbatim as the pod's "tolerations" definition
tolerations: []
# -- The pod's priorityClassName
priorityClassName: ""
# -- Pod disruption budget
podDisruptionBudget: {}
# -- Defines the Posit Connect image to deploy
image:
# -- The repository to use for the main pod image
repository: ghcr.io/rstudio/rstudio-connect
# -- A tag prefix for the server image (common selections: jammy-, ubuntu2204-). Only used if tag is not defined
tagPrefix: ubuntu2204-
# -- Overrides the image tag whose default is the chart appVersion.
tag: ""
# -- The imagePullPolicy for the main pod image
imagePullPolicy: "IfNotPresent"
# -- an array of kubernetes secrets for pulling the main pod image from private registries
imagePullSecrets: []
# -- Defines the update strategy for a deployment
strategy:
type: "RollingUpdate"
rollingUpdate:
maxSurge: "100%"
maxUnavailable: 0
service:
# -- Annotations for the service, for example to specify [an internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer)
annotations: {}
# -- The service type, usually ClusterIP (in-cluster only) or LoadBalancer (to
# expose the service using your cloud provider's load balancer)
type: ClusterIP
# -- The cluster-internal IP to use with `service.type` ClusterIP
clusterIP: ""
# -- The external IP to use with `service.type` LoadBalancer, when supported
# by the cloud provider
loadBalancerIP: ""
# -- The explicit nodePort to use for `service.type` NodePort. If not
# provided, Kubernetes will choose one automatically
nodePort: false
# -- The port to use for the Connect service
port: 80
# -- The port to forward to on the Connect pod. Also see pod.port
targetPort: 3939
pod:
# -- A helper that defines the RSTUDIO_CONNECT_HASTE environment variable
haste: true
# -- An array of maps that is injected as-is into the "env:" component of the pod.container spec
env: []
# -- An array of maps that is injected as-is into the "volumes:" component of the pod spec
volumes: []
# -- An array of maps that is injected as-is into the "volumeMounts" component of the pod spec
volumeMounts: []
# -- Additional annotations to add to the rstudio-connect pods
annotations: {}
# -- Additional labels to add to the rstudio-connect pods
labels: {}
# -- An array of containers that will be run alongside the main pod
sidecar: false
# -- A map used verbatim as the pod's "affinity" definition
affinity: {}
# -- Values to set the `securityContext` for the connect pod
securityContext: {}
# -- The containerPort used by the main pod container
port: 3939
# -- The termination grace period seconds allowed for the pod before shutdown
terminationGracePeriodSeconds: 120
# -- Array of hostnames to supply to the main pod
hostAliases: []
# -- The pod's run command. By default, it uses the container's default
command: []
# -- The pod's run arguments. By default, it uses the container's default
args: []
# -- The number of replica pods to maintain for this service
replicas: 1
license:
# -- key is the license to use
key: null
# -- server is the <hostname>:<port> for a license server
server: false
# -- the file section is used for licensing with a license file
file:
# -- contents is an in-line license file
contents: false
# -- mountPath is the place the license file will be mounted into the container
mountPath: "/etc/rstudio-licensing"
# -- mountSubPath is whether to mount the subPath for the file secret.
# -- It can be preferable _not_ to enable this, because then updates propagate automatically
mountSubPath: false
# -- secretKey is the key for the secret to use for the license file
secretKey: "license.lic"
# -- secret is an existing secret with a license file in it
secret: false
# -- Values to set the `securityContext` for Connect container. It must include "privileged: true" or "CAP_SYS_ADMIN" when
# launcher is not enabled. If launcher is enabled, this can be removed with `securityContext: null`
securityContext:
privileged: true
prometheus:
# -- The parent setting for whether to enable prometheus metrics. Default is to use the built-in product exporter
enabled: true
# -- The port that prometheus will listen on. If legacy=true, then this will be hard-coded to 9108
port: 3232
# -- Whether to enable the legacy prometheusExporter INSTEAD OF the built-in product exporter. If you change this to
# `true`, please let us know why! Requires prometheusExporter.enabled=true too
legacy: false
prometheusExporter:
# -- DEPRECATED. Whether the prometheus exporter sidecar should be enabled. See prometheus.enabled instead.
enabled: true
# -- Yaml that defines the graphite exporter mapping. null by default, which uses the embedded / default mapping yaml file
mappingYaml: null
# -- securityContext for the prometheus exporter sidecar
securityContext: {}
# -- resource specification for the prometheus exporter sidecar
resources: {}
image:
repository: "prom/graphite-exporter"
tag: "v0.9.0"
imagePullPolicy: IfNotPresent
serviceMonitor:
# -- Whether to create a ServiceMonitor CRD for use with a Prometheus Operator
enabled: false
# -- Namespace to create the ServiceMonitor in (usually the same as the one in
# which the Prometheus Operator is running). Defaults to the release namespace
namespace: ""
# -- additionalLabels normally includes the release name of the Prometheus
# Operator
additionalLabels: {}
# release: kube-prometheus-stack
# -- Defines resources for the rstudio-connect container
resources: {}
# requests:
# memory: "1Gi"
# cpu: "100m"
# ephemeral-storage: "100Mi"
# limits:
# enabled: false
# memory: "2Gi"
# cpu: "2000m"
# ephemeral-storage: "200Mi"
# -- Used to configure the container's livenessProbe. Only included if enabled = true
livenessProbe:
enabled: false
httpGet:
path: /__ping__
port: 3939
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 2
failureThreshold: 10
# -- Used to configure the container's startupProbe. Only included if enabled = true
startupProbe:
enabled: false
httpGet:
path: /__ping__
port: 3939
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
# -- failureThreshold * periodSeconds should be strictly > worst case startup time
failureThreshold: 30
# -- Used to configure the container's readinessProbe. Only included if enabled = true
readinessProbe:
enabled: true
httpGet:
path: /__ping__
port: 3939
initialDelaySeconds: 3
periodSeconds: 3
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
# -- The initContainer spec that will be used verbatim
initContainers: false
ingress:
enabled: false
# -- The ingressClassName for the ingress resource. Only used for clusters that support
# networking.k8s.io/v1 Ingress resources
ingressClassName: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
# - host: chart-example.local
# paths: []
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
launcher:
# -- Whether to enable the launcher
enabled: false
# -- The namespace to launch sessions into. Uses the Release namespace by default
namespace: ""
# -- Optional. The runtime.yaml definition of Kubernetes runtime containers. Defaults to "base", which pulls in the default
# runtime.yaml file. If changing this value, be careful to include the images that you have already used. If set to "pro", will
# pull in the "pro" versions of the default runtime images (i.e. including the pro drivers at the cost of a larger image).
# Starting with Connect v2023.05.0, this configuration is used to bootstrap the initial set of execution environments
# the first time the server starts. If any execution environments already exist in the database, these values are ignored;
# execution environments are not created or modified during subsequent restarts.
customRuntimeYaml: "base"
# -- Optional. Additional images to append to the end of the "launcher.customRuntimeYaml" (in the "images" key).
# If `customRuntimeYaml` is a "map", then "additionalRuntimeImages" will only be used if it is a "list".
additionalRuntimeImages: []
# -- User definition of launcher.kubernetes.profiles.conf for job customization
launcherKubernetesProfilesConf: {}
# -- Whether to use launcher templates when launching sessions. Defaults to true
useTemplates: true
# -- extra templates to render in the template directory.
extraTemplates: {}
# -- whether to include the default `job.tpl` and `service.tpl` files included with the chart
includeDefaultTemplates: true
# -- whether to include the templateValues rendering process
includeTemplateValues: true
# -- Values to pass along to the Posit Connect session templating process
templateValues:
service:
type: ClusterIP
annotations: {}
labels: {}
pod:
annotations: {}
labels: {}
serviceAccountName: ""
volumes: []
volumeMounts: []
env: []
imagePullPolicy: ""
imagePullSecrets: []
initContainers: []
extraContainers: []
containerSecurityContext: {}
defaultSecurityContext: {}
securityContext: {}
tolerations: []
affinity: {}
nodeSelector: {}
hostAliases: []
priorityClassName: ""
# -- command for all pods. This is really not something we should expose and will be removed once we have a better option
command: []
job:
annotations: {}
labels: {}
# -- Image definition for the default Posit Connect Content InitContainer
defaultInitContainer:
# -- Whether to enable the defaultInitContainer. If disabled, you must ensure that the session components are available another way.
enabled: true
# -- The repository to use for the Content InitContainer image
repository: ghcr.io/rstudio/rstudio-connect-content-init
# -- A tag prefix for the Content InitContainer image (common selections: jammy-, ubuntu2204-). Only used if tag is not defined
tagPrefix: ubuntu2204-
# -- Overrides the image tag whose default is the chart appVersion.
tag: ""
# -- The imagePullPolicy for the default initContainer
imagePullPolicy: ""
# -- Optional resources for the default initContainer
resources: {}
# requests:
# cpu: "128m"
# memory: "128Mi"
# limits:
# cpu: "512m"
# memory: "512Mi"
# -- The securityContext for the default initContainer
securityContext: {}
# -- A nested map of maps that generates the rstudio-connect.gcfg file
# @default -- [Posit Connect Configuration Reference](https://docs.posit.co/connect/admin/appendix/off-host/helm-reference/)
config:
HTTP:
Listen: :3939
Authentication:
Provider: password
'RPackageRepository "CRAN"':
URL: https://packagemanager.rstudio.com/cran/__linux__/jammy/latest
'RPackageRepository "RSPM"':
URL: https://packagemanager.rstudio.com/cran/__linux__/jammy/latest
Server:
Address: http://localhost:3939
DataDir: /var/lib/rstudio-connect
Python:
Enabled: true
# Note: The `Executable` listed below are only used for Local Execution.
# For Off-Host Execution, Python versions are defined by the set of Execution Environments
# https://docs.posit.co/connect/admin/python/
Executable:
- /opt/python/3.12.1/bin/python
- /opt/python/3.11.7/bin/python
Quarto:
Enabled: true
# Note: The `Executable` listed below is only used for Local Execution.
# For Off-Host Execution, Quarto versions are defined by the set of Execution Environments
# https://docs.posit.co/connect/admin/quarto/
Executable: "/opt/quarto/1.4.557/bin/quarto"
TensorFlow:
Enabled: true
# Note: The `Executable` listed below is only used for Local Execution.
# For Off-Host Execution, TensorFlow versions are defined by the set of Execution Environments
# https://docs.posit.co/connect/admin/tensorflow/
Executable: "/usr/bin/tensorflow_model_server"
Scheduler:
InitTimeout: 5m
Logging:
ServiceLog: STDOUT
ServiceLogLevel: INFO # INFO, WARNING or ERROR
ServiceLogFormat: TEXT # TEXT or JSON
AccessLog: STDOUT
AccessLogFormat: COMMON # COMMON, COMBINED, or JSON
Metrics:
Enabled: true