-
Notifications
You must be signed in to change notification settings - Fork 20
/
values.yaml
1531 lines (1329 loc) · 65.6 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
###############################################################################
# Main configuration file #
# To override single property use --set #
# To override multiple, provide another values-override.yaml with the -f flag #
# See https://helm.sh/docs/chart_template_guide/values_files/ #
###############################################################################
#########################
# Global Configurations #
#########################
global:
# Overrides image.registry
# Can be used to override it globally when using umbrella charts.
imageRegistry: ""
# Inserts additional pull secret references together along with any from .Values.image.pullSecrets
# Can be used to override it globally when using umbrella charts.
# Values are processed as Helm templates.
# Ref: https://kubernetes.io/docs/concepts/configuration/secret/#using-imagepullsecrets
#
# Example:
# imagePullSecrets:
# - name: my-pull-secret
imagePullSecrets: []
# The default domain suffix of the Kubernetes cluster
# Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
clusterDomain: cluster.local
###############################
# Metadata Configurations #
# Naming and labels overrides #
###############################
# Overrides the name of the chart affecting the names of GraphDB resources.
# Note: To override the GraphDB proxy's resource names, use .Values.proxy.nameOverride
nameOverride: ""
# Overrides the naming of all GraphDB resources, effectively removing the chart's name and the release name prefix.
# This override takes precedence over anything in .Values.nameOverride
# Note: To override the GraphDB proxy's full name, use .Values.proxy.fullnameOverride
fullnameOverride: ""
# Overrides the deployment namespace in case of multi-namespace deployments, for example when using umbrella charts where some sub-charts should be
# deployed in different namespaces.
# This affects every resource deployed by this chart.
# The default value is .Release.Namespace if this is left unspecified.
namespaceOverride: ""
# Additional common labels to add to all resources for both GraphDB and the GraphDB proxy.
# Values are processed as Helm templates.
# Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
#
# Example:
# labels:
# foo: bar
# some-label: {{ .Values.someValue }}
labels: {}
# Additional common annotations to add to all resources for both GraphDB and the GraphDB proxy.
# Values are processed as Helm templates.
# Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
#
# Example:
# annotations:
# foo: bar
# some-annotation: {{ .Values.someValue }}
annotations: {}
################################
# GraphDB Image Configurations #
################################
# Image configurations for GraphDB.
# All containers in this chart use the GraphDB image, this includes the proxy, all init containers and any Jobs as well.
# Ref: https://kubernetes.io/docs/concepts/containers/images/
image:
# The registry that hosts the GraphDB image.
# The default is to pull it from the official Docker registry, but this can be overridden to pull from other public or private registries.
registry: docker.io
# The repository name of the GraphDB image.
repository: ontotext/graphdb
# Image tag that corresponds to the version of GraphDB.
# By default, the chart uses .Chart.AppVersion to construct the full image name.
# Use this to override the value from .Chart.AppVersion and effectively deploy a custom GraphDB version.
tag: ""
# Expected SHA256 digest of the used GraphDB image, e.g. "sha256@abc"
# Use the digest to make sure you are always deploying the exact same GraphDB image.
# Defining this would override .Chart.AppVersion and image.tag
digest: ""
# Defines the policy for pulling images
# Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
pullPolicy: IfNotPresent
# Secrets for pulling GraphDB's Docker image from secured registries.
# Values are processed as Helm templates.
# Ref: https://kubernetes.io/docs/concepts/configuration/secret/#using-imagepullsecrets
#
# Example:
# pullSecrets:
# - name: my-pull-secret
pullSecrets: []
##########################
# Scaling Configurations #
##########################
# Number of GraphDB nodes to be deployed as part of the StatefulSet.
# Set value to 1 to run a standalone GraphDB instance
# Set value to more than 1 to form a GraphDB cluster with GraphDB cluster proxies.
# This setting control the deployment of the cluster proxies and cluster jobs as well.
# Ref: https://graphdb.ontotext.com/documentation/10.8/creating-a-cluster.html
replicas: 1
##########################
# GraphDB Configurations #
##########################
# Commercial license is required for using GraphDB Enterprise Edition features.
license:
# Reference to a secret containing 'graphdb.license' file that will be mounted in the GraphDB pod.
# The value is processed as a Helm template.
existingSecret: ""
# File name of the GraphDB license file in the existing license secret.
# The default is graphdb.license, but it can be changed to map to a different secret key.
licenseFilename: graphdb.license
# Directory where the license file will be mounted.
# Can be used to place the license outside the persistence directory if needed.
# Note: We use the license/ sub-folder instead of subPath volume mount so kubelet can replace the mounted license at runtime when the
# Secret is updated with a new GraphDB license. This avoids having to restart the GraphDB pods.
mountPath: /opt/graphdb/home/conf/license/
# Defines the secret volume as optional or not.
# Note: Useful if the GraphDB license has not yet been provisioned but will be, for example by an external system or an operator such as
# External Secret Operator.
optional: false
# Marks the secret mount as read-only to prevent any modifications to the license file.
readOnly: true
# GraphDB runtime configuration settings.
# For reference, see https://graphdb.ontotext.com/documentation/10.8/directories-and-config-properties.html
configuration:
# The external URL at which GraphDB should be accessible.
# This can be a publicly available domain name, an internal one or even a Kubernetes service address.
#
# This configures the address resolving in GraphDB and the GraphDB proxy as well, if enabled.
# It also configures the hostname in the default Ingress resource, if enabled.
# The value is processed as a Helm template.
#
# Note: If the external URL uses HTTPS and the default Ingress is enabled, you have to configure .Values.ingress.tls
#
# Note: When deploying on a context path different from /, you need to properly configure the Ingress according to the requirements of the
# Ingress controller implementation.
externalUrl: http://graphdb.127.0.0.1.nip.io/
# GraphDB properties to insert in the default graphdb.properties ConfigMap.
# Values are processed as Helm templates.
#
# Example:
# properties:
# graphdb.append.request.id.headers: "true"
properties: {}
# Sensitive GraphDB properties to insert in the default graphdb.properties Secret.
# Values defined here will be merged with the values from the default graphdb.properties ConfigMap.
# Values are processed as Helm templates.
# Note: Consider mounting existing Secret objects as environment variables or files
#
# Example:
# secretProperties:
# graphdb.connector.keystorePass: "xxxx"
secretProperties: {}
# Additional GraphDB configurations that will be appended to graphdb.properties, effectively overriding anything configured
# in the default graphdb.properties ConfigMap and Secret resources.
# Note: The exact processing and order of precedence is visible in the initContainers.
# Note: These as processed as graphdb.properties files, not as separate configurations.
#
# Example:
# extraProperties:
# existingConfigmap: my-graphdb-properties
# existingSecret: my-secret-graphdb-properties
extraProperties:
# Reference to an existing ConfigMap resource containing GraphDB configurations under a graphdb.properties file.
# The value is processed as a Helm template.
existingConfigmap: ""
# Key in the existing ConfigMap that holds the properties for GraphDB.
configmapKey: graphdb.properties
# Reference to an existing Secret resource containing sensitive GraphDB configurations under a graphdb.properties file.
# The value is processed as a Helm template.
existingSecret: ""
# Key in the existing Secret that holds the properties for GraphDB.
secretKey: graphdb.properties
# Default Java arguments with which GraphDB instances will be launched.
# GraphDB configuration properties can also be passed here in the format -Dproperty=value
# Takes precedence over any configurations provided in graphdb.properties
# The value is processed as a Helm template.
# Ref: https://graphdb.ontotext.com/documentation/10.8/directories-and-config-properties.html#configuration
defaultJavaArguments: -XX:+UseContainerSupport -XX:MaxRAMPercentage=70 -XX:-UseCompressedOops -Ddefault.min.distinct.threshold=100m
# Java arguments to append after .Values.configuration.defaultJavaArguments
# Use this one in order to avoid overriding the default values.
# The value is processed as a Helm template.
javaArguments: ""
# Configurations for GraphDB's Logback
# Ref: https://graphdb.ontotext.com/documentation/10.8/diagnosing-and-reporting-critical-errors.html#logs
#
# Example:
# logback:
# existingConfigmap: custom-logback-config
logback:
# Reference to an existing ConfigMap containing a Logback XML configuration.
# The value is processed as a Helm template.
existingConfigmap: ""
# Key in the existing ConfigMap that maps to the Logback XML configuration.
configmapKey: logback.xml
# Configurations for provisioning an initial settings.js to GraphDB.
# Note: Once provisioned, changes made to settings.js won't be re-applied!
#
# There are three cases to be aware of:
# - By default, no settings.js configuration is provisioned initially, so GraphDB will initialize its default one.
# - If the security is enabled, a default initial settings.js will be provided to GraphDB, see files/config/settings.js
# - If a custom existing settings.js is provided, it will be used no matter if the security is enabled or not.
#
# Example:
# initialSettings:
# existingConfigmap: custom-initial-settings
initialSettings:
# Reference to an existing ConfigMap with initial GraphDB settings.js to provision.
# The value is processed as a Helm template.
existingConfigmap: ""
# Key in the existing ConfigMap that maps to the settings.js file
configmapKey: settings.js
###################################
# GraphDB Security Configurations #
###################################
security:
# Toggles the security in GraphDB.
#
# This setting controls the initial setup of the security and the provisioning of the default initial users.js and settings.js files from this chart.
# If the security has been enabled after the initial start, changing this flag won't provision anything in order to protect from overriding changes.
# This setting also controls the authentication in the cluster provisioning jobs.
# Ref: https://graphdb.ontotext.com/documentation/10.8/enabling-security.html
enabled: false
# Administrator user with ROLE_ADMIN authority.
# Provisioned as part of the default initial users.js if no custom Secret has been provided, see files/config/users.js
admin:
# Define an initial password for the administrator user.
# If the password is not specified, it will use the default one for GraphDB which is "root"
# Important: This value must be a bcrypt encrypted hash, not a plaintext string. The format is "{bcrypt}<the-encrypted-hash>"
initialPassword: ""
# Provisioning user with ROLE_ADMIN authority
# Provisioned as part of the default initial users.js if no custom Secret has been provided, see files/config/users.js
# If the security is enabled, it's mandatory to have a provisioning user, so the cluster provisioning jobs can work properly.
provisioner:
# The following user will be created in the default initial users.js and used in the cluster provisioning.
# Note: The user is created regardless of if the existingSecret is provided or not.
username: provisioner
password: iHaveSuperpowers
# Define an initial password for the provisioner user as a bcrypt hash.
# If the password is not specified, it will use the default one specified in the provisioner.password.
# Important: This value must be a bcrypt encrypted hash, not a plaintext string.
passwordHash: ""
# Reference to Secret with a basic authentication token of an existing user to use for provisioning tasks instead of the default user in the initial
# user.js that is created using the plaintext username and password configurations from above.
# Note that the user must already exist in GraphDB for this to work properly.
existingSecret: ""
# Key in the existing Secret holding the authentication token.
tokenKey: GRAPHDB_AUTH_TOKEN
# Initial users to provision to GraphDB before starting for the first time.
# Note: If the security has already been enabled and is not the initial provisioning, this won't be applied.
#
# There are three cases to be aware of:
# - By default, no users.js configuration is provisioned initially, so GraphDB will initialize its default one.
# - If the security is enabled, a default initial users.js will be provided to GraphDB, see files/config/users.js
# - If a custom existing users.js is provided, it will be used no matter if the security is enabled or not.
initialUsers:
# Additional users to insert in the default users.js (see files/config/users.js) when the security is enabled for the first time.
# Check the default user.js syntax for details.
# Note that this won't be applied if you provide a custom Secret object with user.js via existingSecret below.
#
# Example:
# users:
# tester:
# username: tester
# password: {bcrypt}xxxxxx
# grantedAuthorities: [ROLE_USER]
users: {}
# Existing initial users.js to provision to GraphDB. Overrides any users configured in users above.
# Note that this is provisioned just once and any updates on the Secret won't be re-applied on consecutive upgrades.
# The value is processed as a Helm template.
existingSecret: ""
# Key in the Secret object mapping to users.js
secretKey: users.js
##################################
# GraphDB Cluster Configurations #
##################################
# Configurations for creating and configuring the GraphDB cluster.
# Ref: https://graphdb.ontotext.com/documentation/10.8/creating-a-cluster.html
cluster:
# Configurations for shared token authentication in the cluster.
# The secret token is used to encrypt and decrypt the communication between GraphDB nodes in the cluster.
# Ref: https://graphdb.ontotext.com/documentation/10.8/creating-a-cluster.html#prerequisites
token:
# Defines the secret token as plaintext.
# Note: Consider providing an existing Secret object with the token via .Values.cluster.token.existingSecret
secret: s3cr37
# Reference to an existing Secret that contains the cluster secret token.
# This overrides any value defined under .Values.cluster.token.secret
# The value is processed as a Helm template.
existingSecret: ""
# Key in the existing Secret that holds the secret cluster token for GraphDB
secretKey: ""
# Timeout for cURL queries used for the cluster creation and update.
clusterCreationTimeout: 60
# Cluster configuration parameters.
# Changing the parameters would trigger a Job that patches the configuration.
# Ref: https://graphdb.ontotext.com/documentation/10.8/creating-a-cluster.html#creation-parameters
config:
# Reference to a ConfigMap with a custom JSON configuration to use when creating the cluster.
# This setting overrides any other values specified under .Values.cluster.config.params
# The value is processed as a Helm template.
existingConfigmap: ""
# The key in the cluster config configmap that contains the cluster configuration JSON
configmapKey: cluster-config.json
# Inline cluster configuration parameters.
# Note that the "nodes" parameter is calculated based on the final GraphDB pods names. Check the "graphdb.cluster.nodes.json" template function.
params:
# The minimum wait time in milliseconds for a heartbeat from a leader.
electionMinTimeout: 8000
# The variable portion of each waiting period in milliseconds for a heartbeat.
electionRangeTimeout: 6000
# The interval in milliseconds between each heartbeat that is sent to follower nodes by the leader.
heartbeatInterval: 2000
# The size in KB of the data blocks transferred during data replication streaming through the RPC protocol.
messageSizeKB: 64
# Maximum size of the transaction log in GBs. The transaction log will be automatically truncated if it becomes bigger than this value.
transactionLogMaximumSizeGB: 50
# The amount of time in milliseconds a follower node would wait before attempting to verify the last committed entry when the first verification is unsuccessful.
verificationTimeout: 1500
# Configurations for the cluster automation Jobs.
# Note that there are common configurations under jobs.<> as well.
jobs:
# Job for creating the GraphDB cluster.
createCluster:
# Enables or disables the cluster creation Job
enabled: true
# Job for patching the GraphDB cluster configuration.
patchCluster:
# Enables or disables the Job for patching the cluster configuration
enabled: true
# Jobs for scaling up or down the GraphDB cluster, depending on the .Values.replica value.
scaleCluster:
# Enables or disables the Jobs for scaling up or down the cluster
enabled: true
##########################
# Ingress Configurations #
##########################
# Configurations for the default Ingress resource for GraphDB.
#
# The default Ingress in this chart makes no assumptions of what Ingress controller is being used, it's up to you to define any specific annotations
# required by the controller implementation in your cluster.
#
# There are two modes to be aware of:
# - If .Values.replicas is set to 1, meaning single GraphDB node: the Ingress uses the GraphDB ClusterIP service.
# - If .Values.replicas is set to more than 1, meaning GraphDB cluster: the Ingress uses the GraphDB proxy ClusterIP service.
#
# Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
ingress:
# Toggles the deployment of the default Ingress resource.
enabled: true
# Specifies the ingress controller implementation that will control this Ingress resource.
# Not defining this would result in using the default ingress controller in the cluster, if there is one.
className: ""
# Additional labels to append to the Ingress resource.
# Values are processed as Helm templates.
labels: {}
# Additional annotations to append to the Ingress resource.
# Values are processed as Helm templates.
annotations: {}
# If set, overrides the host from .Values.configuration.externalUrl
host: ""
# If set, overrides the context path from .Values.configuration.externalUrl
path: ""
# Sets the ingress path type.
# If you need to use ImplementationSpecific, make sure to set any annotations needed by the controller implementation.
pathType: Prefix
# Configures SSL termination on Ingress level.
# Ref: https://kubernetes.github.io/ingress-nginx/examples/tls-termination/
tls:
# Feature toggle for SSL termination. Disabled by default.
# If TLS is enabled, the .Values.configuration.externalUrl should also be updated to use HTTPS.
enabled: false
# Name of a Kubernetes Secret object with the key and certificate.
# If TLS is enabled, it's required to be provided, depending on the deployment.
# This could be an existing Secret or one that is not yet created.
secretName: ""
# List of additional hostnames to append to the Ingress resource.
# Values are processed as Helm templates.
extraHosts: []
# List of additional TLS records to append to the Ingress resource.
# Values are processed as Helm templates.
extraTLS: []
##########################
# Service Configurations #
##########################
# Configurations for GraphDB Service.
# This Service is deployed only when the .Values.replicas are set to 1.
# In cluster mode (replicas > 1), this Service is not created.
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/
service:
# Enables or disables the Service deployment
enabled: true
# Additional labels to append to the Service resource.
# Values are processed as Helm templates.
labels: {}
# Additional annotations to append to the Service resource.
# Values are processed as Helm templates.
annotations: {}
# Service type
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
type: ClusterIP
# Ports exposed by the Service.
# Note: If you want to add additional ports, use .Values.service.extraPorts.
ports:
# Port mapped to GraphDB's HTTP API.
http: 7200
# Exposes the Service on a specific node port on the host machine when "serviceType: NodePort"
# If left undefined, K8S will pick a random port from the node port range of the cluster.
nodePort: ""
# Defines the policy for treating external ingress traffic.
# By default, Cluster does not preserve client IPs. Change to Local to preserve them.
# See https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
externalTrafficPolicy: ""
# NodePort used by external load balancers when the external traffic policy is set to Local.
# By default, Kubernetes will assign a random port, use this to override it.
healthCheckNodePort: ""
# Defines the class that should select a particular load balancer implementation.
# By default, Kubernetes will assign the cluster default implementation, use this to override it.
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
loadBalancerClass: ""
# Source IP ranges for restricting external ingress traffic
loadBalancerSourceRanges: []
# External IP addresses at which the Service will be exposed
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
externalIPs: []
# Additional ports to expose with the Service.
extraPorts: []
# Configurations for GraphDB headless Service.
# This Service is deployed regardless of the amount of .Values.replicas, so it exists for both single node and for cluster mode.
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/
headlessService:
# Enables or disables the headless Service deployment.
enabled: true
# Additional labels to append to the headless Service
# Values are processed as Helm templates.
labels: {}
# Additional annotations to append to the Service
# Values are processed as Helm templates.
annotations: {}
# Ports exposed by the Service
# Note: If you want to add additional ports, use .Values.headlessService.extraPorts.
ports:
# Port mapped to GraphDB's HTTP API.
http: 7200
# Port mapped to GraphDB's gRPC API.
rpc: 7300
# Additional ports to expose with the Service.
extraPorts: []
##############################
# Persistence Configurations #
##############################
persistence:
# Toggles the persistence of GraphDB data.
# - If enabled, the StatefulSet will use a PVC template and rely on the CSI to dynamically provision Persistent Volumes.
# - If disabled, it falls back to an emptyDir volume.
enabled: true
# Configurations for PVC based persistence.
# Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#volume-claim-templates
# Ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
volumeClaimTemplate:
# Prefix used when naming the PVCs for the StatefulSet
name: "storage"
# Additional labels to add to the PVC template.
# Values are processed as Helm templates.
labels: {}
# Additional annotations to add to the PVC template.
# Values are processed as Helm templates.
annotations: {}
# Specification for a PVC to be created by the StatefulSet.
# Tune according to your needs.
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 5Gi
# Overrides the retention policy of the StatefulSet's PVC.
# This requires Kubernetes v1.27 or greater.
# Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
#
# Example:
# volumeClaimRetentionPolicy:
# whenScaled: Retain
# whenDeleted: Delete
volumeClaimRetentionPolicy: {}
# Configurations for an emptyDir volume to be used for data storage by the StatefulSet.
# Used when the persistence is disabled with .Values.persistence.enabled
# Ref: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/
emptyDir:
# Default emptyDir limit, override to your needs.
sizeLimit: 1Gi
# Configurations for an emptyDir volume for the /tmp folder in each GraphDB container.
# Because the default security context in .Values.securityContext configures the root filesystem to be in read-only mode, certain GraphDB features
# cannot create and write files in /tmp. If you don't use a read-only root filesystem, you can disable this with .Values.tempVolume.enabled
tempVolume:
# Toggles the temp folder emptyDir volume creation.
# - If enabled, the StatefulSet will use an emptyDir volume for /tmp.
# - If disabled, the chart won't create and mount ephemeral volumes for /tmp.
enabled: true
# Configurations for an emptyDir volume to be used for /tmp.
# Ref: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/
emptyDir:
# Default emptyDir limit, override to your needs.
sizeLimit: 128Mi
####################################
# Scheduled Backups Configurations #
####################################
# Configurations for scheduling regular GraphDB backups with a Kubernetes CronJob.
# The type of the backups are defined with .Values.backup.type and supports either cloud backup or local backup.
#
# Note that you will be responsible for rotating backups, either cloud or local.
# Note that you can configure backup specific configurations with one of the available mechanics in .Values.configuration
# Note that the CronJob will use the provisioner credentials from .Values.security.provisioner
# Note that the CronJob configurations are affected from the common settings in .Values.jobs
#
# Ref: https://graphdb.ontotext.com/documentation/10.8/backup-and-restore.html#creating-a-cloud-backup
backup:
# Toggles the creation of the CronJob for scheduled GraphDB backups.
enabled: false
# Defines the type of backup to schedule, possible values are:
# - cloud - Configures the CronJob to perform a cloud GraphDB backup in a compatible cloud object storage service.
# Configured with .Values.backup.cloud
# - local - Configures the CronJob to perform a local GraphDB backup that downloads and stores the backup in the persistence volume .
# Configured with .Values.backup.local
type: cloud
# Specifies the backups schedule as a Cron expression.
#
# Ref: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#schedule-syntax
schedule: "@midnight"
# Backup options that will be injected as JSON in the default backup options Secret. \
# These configurations define the backup behaviour such as including or excluding repositories or system data.
#
# Ref: https://graphdb.ontotext.com/documentation/10.8/backup-and-restore.html#backup-options
options:
backupSystemData: true
# GraphDB specific configuration options when creating backups.
# These options are not bound to the type of the backup (local or cloud).
# These will be projected in the default backup options Secret object as JSON.
#
# Ref: https://graphdb.ontotext.com/documentation/10.8/backup-and-restore.html#backup-options
optionsSecret:
# Reference to an existing Secret that contains the backup options.
# This overrides any value defined under .Values.backup.options
# The value is processed as a Helm template.
existingSecret: ""
# The key in the backup options Secret that contains the options JSON
secretKey: backup_options.json
# Configurations for a cloud GraphDB backup.
# Used when .Values.backup.type is set to "cloud".
cloud:
# This specifies the URI of the used cloud object storage service.
#
# Possible configurations include:
# - AWS S3: s3:///<bucket-name>/${BACKUP_NAME}?region=<AWSRegion>
# - AWS compatible S3: s3://[<endpoint-hostname>:<endpoint-port>]/<bucket-name>/${BACKUP_NAME}?region=<AWSRegion>
# - Azure Storage Account: az://<container-name>/${BACKUP_NAME}?blob_storage_account=<storage_account_name>
#
# This value is interpolated by the CronJob, so you can use environment variables in the following syntax: ${VARIABLE_NAME}
# This allows you to provide credentials with .Values.backup.extraEnv .Values.backup.extraEnvFrom and render them in the bucketUri
# without hardcoding anything in values.yaml
#
# To avoid hardcoding credentials in the bucketUri, you can utilize IAM roles with a ServiceAccount (IRSA).
#
# Special environment variables that are rendered by the CronJob are:
# - ${BACKUP_TIMESTAMP} - Timestamp in the format of %Y-%m-%d_%H-%M-%S
# - ${BACKUP_NAME} - A timestamped archive name in the format of graphdb-backup-%Y-%m-%d_%H-%M-%S.tar
# You can use these to create backups with a dynamic name.
#
# Note: This won't be used if an existing secret has been provided with .Values.backup.optionsSecret.existingSecret
#
# Ref: https://graphdb.ontotext.com/documentation/10.8/backup-and-restore.html#creating-and-restoring-cloud-backups
bucketUri: ""
# Configurations for a local GraphDB backup.
# Used when .Values.backup.type is set to "local".
local:
# Reference to an existing PVC that will be used by the CronJob to store local backups.
# Note that this is a required field when .Values.backup.type is set to "local".
#
# Ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims
existingPVC: ""
# Defines the volume path within the backup pod when mounting the existing PVC for local backups.
mountPath: /opt/graphdb/backups/
# Defines the number of successful backup jobs to keep.
#
# Ref: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#jobs-history-limits
successfulJobsHistoryLimit: 3
# Defines the number of failed backup jobs to keep.
#
# Ref: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#jobs-history-limits
failedJobsHistoryLimit: 3
# Additional environment variables to be set for the backup container.
# Values are processed as Helm templates.
extraEnvFrom: []
# Additional environment variables to be set for the backup container.
# Values are processed as Helm templates.
extraEnv: []
##############################
# StatefulSet Configurations #
##############################
# Configures the strategy of updating StatefulSet Pods.
# The default type of RollingUpdate ensures that there will always be .Values.replicas amount of running nodes at the same time.
# Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
updateStrategy:
type: RollingUpdate
# Configures how Pods are created and scaled.
# Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
podManagementPolicy: Parallel
# Changes the maximum amount of revisions that are kept.
revisionHistoryLimit: 10
# Grace period in seconds before terminating the Pods.
# Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination
terminationGracePeriodSeconds: 120
# Toggles the auto mounting of API credentials token into the Pods.
# Enable this if you need to contact either the API server or need web identity credentials for federated authentication in cloud APIs.
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting
automountServiceAccountToken: false
# Overrides the default Kubernetes scheduler.
# See https://kubernetes.io/docs/tasks/extend-kubernetes/configure-multiple-schedulers/#specify-schedulers-for-pods
schedulerName: ""
# Overrides the Pod's DNS settings.
# Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config
dnsConfig: {}
# Defines the Pod's policy for DNS resolution.
# Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
dnsPolicy: ""
# Name of an existing PriorityClass to assign, defining the importance of the pods compared to other pods in the cluster.
# Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
priorityClassName: ""
# Overrides the default GraphDB container command.
# Use only for troubleshooting!
# See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/
command: []
# Overrides the default GraphDB container command's arguments.
# Use only for troubleshooting!
# See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/
args: []
# Ports used by the GraphDB container
# Note: If you want to add additional ports, use .Values.extraContainerPorts.
containerPorts:
# Port mapped to GraphDB's HTTP API.
http: 7200
# Port mapped to GraphDB's gRPC API.
rpc: 7300
# Additional labels to append to the Pod definition.
# Values are processed as Helm templates.
# Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
podLabels: {}
# Additional annotations to append to the Pod definition.
# Values are processed as Helm templates.
# Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
podAnnotations: {}
###################################
# Security Context Configurations #
###################################
# Defines privilege and access control settings for all containers in the GraphDB Pod.
# See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
podSecurityContext:
runAsNonRoot: true
runAsUser: 10001
runAsGroup: 10001
fsGroup: 10001
fsGroupChangePolicy: OnRootMismatch
seccompProfile:
type: RuntimeDefault
# Defines privilege and access control settings for the container running GraphDB.
# See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop: [ "ALL" ]
seccompProfile:
type: RuntimeDefault
# Defines privilege and access control settings for the init containers provisioning configurations for GraphDB.
# See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
initContainerSecurityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop: [ "ALL" ]
seccompProfile:
type: RuntimeDefault
#############################
# Scheduling Configurations #
#############################
# Selector labels to match when selecting nodes.
# Values are processed as Helm templates.
# Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
# See https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/
nodeSelector: {}
# Node and pod affinity & anti affinity configurations for constraining the Pod scheduling.
# Values are processed as Helm templates.
# Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
# Default podAntiAffinity rule ensuring that GraphDB pods are scheduled on different Kubernetes nodes.
# Note that this would take effect when GraphDB is deployed in a cluster.
#
# Possible values for .Values.podAntiAffinity.preset are:
# - "soft" (default) - Configures a preferredDuringSchedulingIgnoredDuringExecution rule.
# - "hard" - Configures a requiredDuringSchedulingIgnoredDuringExecution rule.
# Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
podAntiAffinity:
enabled: true
preset: soft
topology: kubernetes.io/hostname
# List of taint tolerations.
# Values are processed as Helm templates.
# Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
tolerations: []
# Configurations for spreading Pods across different failure domains.
# Values are processed as Helm templates.
# Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#pod-topology-spread-constraints
# Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
topologySpreadConstraints: []
##########################
# Resource Configuration #
##########################
# Resource configurations for the GraphDB containers.
# For resizing to your needs, refer to the GraphDB documentation https://graphdb.ontotext.com/documentation/10.8/requirements.html
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/
resources:
limits:
memory: 4Gi
requests:
memory: 4Gi
cpu: 500m
# Resource configurations for the init containers in the GraphDB Pod.
initContainerResources:
limits:
memory: 16Mi
cpu: 50m
requests:
memory: 16Mi
cpu: 50m
#########################
# Probes Configurations #
#########################
# Configurations for the GraphDB container startup probe.
# Note: A misconfigured probe can lead to a failing GraphDB cluster!
startupProbe:
httpGet:
path: /protocol
port: http
failureThreshold: 30
timeoutSeconds: 5
periodSeconds: 10
# Configurations for the GraphDB container readiness probe.
# Note: A misconfigured probe can lead to a failing GraphDB cluster!
readinessProbe:
httpGet:
path: /protocol
port: http
initialDelaySeconds: 5
timeoutSeconds: 5
periodSeconds: 10
# Configurations for the GraphDB container liveness probe.
# Note: A misconfigured probe can lead to a failing GraphDB cluster!
livenessProbe:
httpGet:
path: /protocol
port: http
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 10
#########################################
# Additional StatefulSet Configurations #
#########################################
# Additional environment variables to be set for the GraphDB containers.
# Values are processed as Helm templates.
extraEnvFrom: []
# Additional environment variables to be set for the GraphDB containers.
# Values are processed as Helm templates.
extraEnv: []
# Additional volumes to be set for the GraphDB Pod.
# Values are processed as Helm templates.
extraVolumes: []
# Additional volume mounts to be set for the GraphDB containers.
# Values are processed as Helm templates.
extraVolumeMounts: []
# Additional volume claim templates to be set in GraphDB's StatefulSet.
# Values are processed as Helm templates.
extraVolumeClaimTemplates: []
# Additional init containers to be inserted after the provisioning init containers.
# Values are processed as Helm templates.
extraInitContainers: []
# Additional GraphDB container ports to expose.
extraContainerPorts: {}
# Additional containers to insert into the GraphDB Pod, e.g. sidecar containers
# Values are processed as Helm templates.
extraContainers: []
########################################
# Pod Disruption Budget Configurations #
########################################
# Configurations for GraphDB's default Pod Disruption Budget.
# The GraphDB cluster requires a quorum of replicas/2 + 1 amount of GraphDB nodes (>50%) in order to work properly.
# The default configuration protects against losing quorum in the GraphDB cluster.
# Ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets
podDisruptionBudget:
enabled: true
minAvailable: 51%
maxUnavailable: ""
##################################
# Service Account Configurations #
##################################
# Configurations for the default ServiceAccount for GraphDB.
# GraphDB by itself has no need to communicate with the Kubernetes API but the service account tokens can be used
# as ODIC federated web identity tokens for authentication in cloud APIs.
# Ref: https://kubernetes.io/docs/concepts/security/service-accounts/
serviceAccount:
# Specifies whether a ServiceAccount should be created for GraphDB.
create: false
# The name of the ServiceAccount to use.
#
# There are three cases to be aware of when using this:
# - If not set and create is true, a name is generated using the fullname template
# - If set and create is true, it will use the provided name when creating the ServiceAccount
# - If set but create is false, it will use the provided ServiceAccount.
name: ""
# If .Values.serviceAccount.create is true, insert additional annotations to the created ServiceAccount.
# Values are processed as Helm templates.
annotations: {}
#################################
# GraphDB Import Configurations #
#################################
# Settings for importing data into GraphDB
import:
# Attach additional PV which will be used as an import directory
# See https://graphdb.ontotext.com/documentation/10.8/loading-data-using-the-workbench.html#importing-server-files
volumeMount:
# Toggles the attachment of the additional PV via StatefulSet's PVC templates.
enabled: false
# Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#volume-claim-templates
# Ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
volumeClaimTemplate:
# Prefix used when naming the PVCs for the StatefulSet
name: "import"
# Additional labels to add to the PVC template.
# Values are processed as Helm templates.
labels: {}
# Additional annotations to add to the PVC template.
# Values are processed as Helm templates.
annotations: {}
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 10Gi
######################################
# Custom Repositories Configurations #
######################################
repositories:
# Optional configmap containing repository configuration .ttl file(s).
# GraphDB will automatically create repositories with the provided repositories configuration files.
# Each key in the existing configmap will be treated as the config.ttl of a repository.
existingConfigmap: ""
################################################
# Persistent Volume Permissions Configurations #
################################################
# Optional init container that can change the permissions in the PV for GraphDB to match the security context settings.
# Use when you have existing persistent volumes with mismatching permissions.
# Note that the container has to run as root to be able to change the permissions, hence the different security context.
initContainerDataPermissions:
enabled: false
securityContext:
runAsNonRoot: false
runAsUser: 0
######################
# Job Configurations #
######################
# Common settings for Job resources servicing and automating GraphDB and the cluster.
# Ref: https://kubernetes.io/docs/concepts/workloads/controllers/job/
jobs:
# Number of retries before considering the jobs failed
backoffLimit: 10
# Time in seconds before deleting finished pods
ttlSecondsAfterFinished: 300
# Overrides the default Kubernetes scheduler.
# See https://kubernetes.io/docs/tasks/extend-kubernetes/configure-multiple-schedulers/#specify-schedulers-for-pods
schedulerName: ""