A Helm chart for gen3 indexd
| Repository | Name | Version |
|---|---|---|
| file://../common | common | 0.1.16 |
| https://charts.bitnami.com/bitnami | postgresql | 11.9.13 |
| Key | Type | Default | Description |
|---|---|---|---|
| affinity | map | {} |
Affinity to use for the deployment. |
| autoscaling | map | {"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80} |
Autoscaling options. |
| autoscaling.maxReplicas | int | 100 |
Maximum number of replicas |
| autoscaling.minReplicas | int | 1 |
Minimum number of replicas |
| autoscaling.targetCPUUtilizationPercentage | int | 80 |
Target CPU utilization percentage |
| commonLabels | map | nil |
Will completely override the commonLabels defined in the common chart's _label_setup.tpl |
| criticalService | string | "true" |
Valid options are "true" or "false". If invalid option is set- the value will default to "false". |
| defaultPrefix | string | "PREFIX/" |
default prefix for indexd |
| env | list | [{"name":"ARBORIST","value":"true"},{"name":"GEN3_DEBUG","value":"False"}] |
Environment variables to pass to the container |
| externalSecrets | map | {"createK8sServiceCredsSecret":false,"dbcreds":null,"serviceCreds":"indexd-service-creds"} |
External Secrets settings. |
| externalSecrets.createK8sServiceCredsSecret | string | false |
Will create the Helm "indexd-service-creds" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. |
| externalSecrets.dbcreds | string | nil |
Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" |
| fullnameOverride | string | "" |
Override the full name of the deployment. |
| global.aws | map | {"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false} |
AWS configuration |
| global.aws.awsAccessKeyId | string | nil |
Credentials for AWS stuff. |
| global.aws.awsSecretAccessKey | string | nil |
Credentials for AWS stuff. |
| global.aws.enabled | bool | false |
Set to true if deploying to AWS. Controls ingress annotations. |
| global.dev | bool | true |
Whether the deployment is for development purposes. |
| global.dictionaryUrl | string | "https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json" |
URL of the data dictionary. |
| global.dispatcherJobNum | int | "10" |
Number of dispatcher jobs. |
| global.environment | string | "default" |
Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. |
| global.externalSecrets | map | {"deploy":false,"separateSecretStore":false} |
External Secrets settings. |
| global.externalSecrets.deploy | bool | false |
Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any indexd secrets you have deployed. |
| global.externalSecrets.separateSecretStore | string | false |
Will deploy a separate External Secret Store for this service. |
| global.hostname | string | "localhost" |
Hostname for the deployment. |
| global.kubeBucket | string | "kube-gen3" |
S3 bucket name for Kubernetes manifest files. |
| global.logsBucket | string | "logs-gen3" |
S3 bucket name for log files. |
| global.minAvialable | int | 1 |
The minimum amount of pods that are available at all times if the PDB is deployed. |
| global.netPolicy | map | {"enabled":false} |
Controls network policy settings |
| global.pdb | bool | false |
If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. |
| global.portalApp | string | "gitops" |
Portal application name. |
| global.postgres.dbCreate | bool | true |
Whether the database should be created. |
| global.postgres.externalSecret | string | "" |
Name of external secret. Disabled if empty |
| global.postgres.master | map | {"host":null,"password":null,"port":"5432","username":"postgres"} |
Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres |
| global.postgres.master.host | string | nil |
hostname of postgres server |
| global.postgres.master.password | string | nil |
password for superuser in postgres. This is used to create or restore databases |
| global.postgres.master.port | string | "5432" |
Port for Postgres. |
| global.postgres.master.username | string | "postgres" |
username of superuser in postgres. This is used to create or restore databases |
| global.publicDataSets | bool | true |
Whether public datasets are enabled. |
| global.revproxyArn | string | "arn:aws:acm:us-east-1:123456:certificate" |
ARN of the reverse proxy certificate. |
| global.tierAccessLevel | string | "libre" |
Access level for tiers. acceptable values for tier_access_level are: libre, regular and private. If omitted, by default common will be treated as private |
| global.tierAccessLimit | int | "1000" |
Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. |
| image | map | {"pullPolicy":"IfNotPresent","repository":"quay.io/cdis/indexd","tag":""} |
Docker image information. |
| image.pullPolicy | string | "IfNotPresent" |
When to pull the image. |
| image.repository | string | "quay.io/cdis/indexd" |
The Docker image repository for the indexd service |
| image.tag | string | "" |
Overrides the image tag whose default is the chart appVersion. |
| imagePullSecrets | list | [] |
Docker image pull secrets. |
| metricsEnabled | bool | false |
Whether Metrics are enabled. |
| nameOverride | string | "" |
Override the name of the chart. |
| netPolicy | map | {"egressApps":["fence","presigned-url-fence","fenceshib","peregrine","sheepdog","ssjdispatcherjob","metadata","mariner","mariner-engine"],"ingressApps":["fence","presigned-url-fence","fenceshib","peregrine","sheepdog","ssjdispatcherjob","metadata","mariner","mariner-engine"]} |
Configuration for network policies created by this chart. Only relevant if "global.netPolicy.enabled" is set to true |
| netPolicy.egressApps | array | ["fence","presigned-url-fence","fenceshib","peregrine","sheepdog","ssjdispatcherjob","metadata","mariner","mariner-engine"] |
List of apps that this app requires egress to |
| netPolicy.ingressApps | array | ["fence","presigned-url-fence","fenceshib","peregrine","sheepdog","ssjdispatcherjob","metadata","mariner","mariner-engine"] |
List of app labels that require ingress to this service |
| nodeSelector | map | {} |
Node Selector for the pods |
| partOf | string | "S3-GS" |
Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. |
| podAnnotations | map | {} |
Annotations to add to the pod |
| podSecurityContext | map | {} |
Security context for the pod |
| postgres | map | {"database":null,"dbCreate":null,"dbRestore":false,"host":null,"password":null,"port":"5432","separate":false,"username":null} |
Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you |
| postgres.database | string | nil |
Database name for postgres. This is a service override, defaults to - |
| postgres.dbCreate | bool | nil |
Whether the database should be created. Default to global.postgres.dbCreate |
| postgres.host | string | nil |
Hostname for postgres server. This is a service override, defaults to global.postgres.host |
| postgres.password | string | nil |
Password for Postgres. Will be autogenerated if left empty. |
| postgres.port | string | "5432" |
Port for Postgres. |
| postgres.separate | string | false |
Will create a Database for the individual service to help with developing it. |
| postgres.username | string | nil |
Username for postgres. This is a service override, defaults to - |
| postgresql | map | {"primary":{"persistence":{"enabled":false}}} |
Postgresql subchart settings if deployed separately option is set to "true". Disable persistence by default so we can spin up and down ephemeral environments |
| postgresql.primary.persistence.enabled | bool | false |
Option to persist the dbs data. |
| release | string | "production" |
Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". |
| replicaCount | int | 1 |
Number of desired replicas |
| resources | map | {"limits":{"cpu":1,"memory":"512Mi"},"requests":{"cpu":0.1,"memory":"12Mi"}} |
Resource requests and limits for the containers in the pod |
| resources.limits | map | {"cpu":1,"memory":"512Mi"} |
The maximum amount of resources that the container is allowed to use |
| resources.limits.cpu | string | 1 |
The maximum amount of CPU the container can use |
| resources.limits.memory | string | "512Mi" |
The maximum amount of memory the container can use |
| resources.requests | map | {"cpu":0.1,"memory":"12Mi"} |
The amount of resources that the container requests |
| resources.requests.cpu | string | 0.1 |
The amount of CPU requested |
| resources.requests.memory | string | "12Mi" |
The amount of memory requested |
| secrets | map | {"awsAccessKeyId":null,"awsSecretAccessKey":null,"userdb":{"fence":null,"sheepdog":null}} |
Values for indexd secret. |
| secrets.awsAccessKeyId | str | nil |
AWS access key ID to access the db restore job S3 bucket. Overrides global key. |
| secrets.awsSecretAccessKey | str | nil |
AWS secret access key ID to access the db restore job S3 bucket. Overrides global key. |
| securityContext | map | {} |
Security context for the containers in the pod |
| selectorLabels | map | nil |
Will completely override the selectorLabels defined in the common chart's _label_setup.tpl |
| service | map | {"port":80,"type":"ClusterIP"} |
Kubernetes service information. |
| service.port | int | 80 |
The port number that the service exposes. |
| service.type | string | "ClusterIP" |
Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". |
| serviceAccount | map | {"annotations":{},"create":false,"name":""} |
Service account to use or create. |
| serviceAccount.annotations | map | {} |
Annotations to add to the service account. |
| serviceAccount.create | bool | false |
Specifies whether a service account should be created. |
| serviceAccount.name | string | "" |
The name of the service account |
| tolerations | list | [] |
Tolerations for the pods |
| uwsgi | map | {"listen":1024} |
Values for overriding uwsgi settings |
| volumeMounts | list | [{"mountPath":"/var/www/indexd/local_settings.py","name":"config-volume","readOnly":true,"subPath":"local_settings.py"}] |
Volumes to mount to the container. |
| volumes | list | [{"configMap":{"name":"indexd-uwsgi"},"name":"uwsgi-config"},{"name":"config-volume","secret":{"secretName":"indexd-settings"}}] |
Volumes to attach to the pod |