Search K
Appearance
Palomar Cluster Controller chart
Configuration
| Parameter | Description | Type | Default |
|---|---|---|---|
global.cassandra.datacenter | Cassandra datacenter name. It can hold 1 or more Dovecot sites. | string | 'dc1' |
global.cassandra.datacenterToReplicationFactor | List of (datacenter: replicationFactor) pairs for initialization of Cassandra schema. This is required if any of the following parameters is enabled:- global.dictmap.initSchema- global.geodb.initSchema | array | - dc: dc1 |
global.cassandra.externalDomain | DNS endpoint of the Cassandra cluster. This is not compatible with the global.cassandra.externalIPs parameter. | string | '' |
global.cassandra.externalIPs | List of IP addresses of the Cassandra nodes. This is not compatible with the global.cassandra.externalDomain parameter. | array | [] |
global.cassandra.tls.enabled | boolean | false | |
global.controllerClientKey | Experimental Client key for authentication against the Palomar Cluster Controller API. This is used when the parameter global.secretsAsValues is enabled, otherwise a Secret named controller-client should be created with a CONTROLLER_AUTH__SECRET_KEY data key. It should be either a PEM key or a 32 byte secret key (optional). | string | '' |
global.development | Caution This is for internal development only. | boolean | false |
global.dictmap.enabled | Whether to enable fs-dictmap in Obox, with Object name to Object ID mapping. fs-dictmap is always required for all object storage installations. However, it's not required for NFS. For further info please visit Dictmap | boolean | true |
global.dictmap.initSchema | Whether to initialize the Cassandra schema (keyspace and tables) used for Obox. This functionality is implemented within the controller-scheduler Deployment as initContainer. | boolean | false |
global.dictmap.keyspace | Cassandra keyspace used for Obox. | string | 'd8s_dovecot' |
global.externalPrometheus.namespace | Palomar Cluster Controller comes with its own built-in Prometheus deployment. However, if there is an external, cluster-wide Prometheus fetching metrics from all applications, it's possible to provide the namespace where this Prometheus deployment is located in order to allow access from there. It's assumed there is no external Prometheus by default. | string | '' |
global.geodb.initSchema | Whether to initialize the Cassandra schema (keyspace and tables) used for Palomar. This functionality is implemented within the controller-scheduler Deployment as initContainer. | boolean | true |
global.geodb.keyspace | Cassandra keyspace used for Palomar. | string | 'd8s_geodb' |
global.image.pullPolicy | Supported values: Always, IfNotPresent, Never. | enum<string> | 'Always' |
global.image.pullSecret | Kubernetes Secret name containing an image pull secret. This is used when global.secretsAsValues is disabled. | string | 'registry' |
global.image.registry | Registry address where the images are located. This should include the registry hostname and, optionally, the HTTP sub-path (i.e. Harbor project name). Currently the Open-Xchange and Azure registries are allowed only. This container registry address is used as global default. | string | 'registry.open-xchange.com/dovecot-pro' |
global.image.tag | Container image tag used as global default. Caution Normally this shouldn't be changed. | string | '<released-version>' |
global.imagePullSecret.password | Password for authenticating against the container registry. This is used when global.secretsAsValues is enabled. | string | '' |
global.imagePullSecret.registryUrl | Container registry URL (domain). This is used when global.secretsAsValues is enabled. | string | 'registry.open-xchange.com' |
global.imagePullSecret.username | Username for authenticating against the container registry. This is used when global.secretsAsValues is enabled. | string | '' |
global.secretsAsValues | Provide secrets (passwords/keys) as Helm chart values and let the chart handle Secrets directly. | boolean | false |
global.site.loadBalancer | Public FQDN of the Dovecot site load balancer. This is optional for single-site and required for multi-site. | string | '' |
global.site.name | Dovecot site name. | string | 'dc1a' |
api.allowInTrafficFromIpBlocks | Enable ingress traffic from all pods of 1 or more Kubernetes Namespaces. | array | [] |
api.allowInTrafficFromNamespaces | Enable ingress traffic from a list of IP blocks. | array | [] |
api.flower.resources.requests.memory | Kubernetes memory request for this container. | string | '128Mi' |
api.log.level | Flask log levels. Supported values: notset, debug, info, warning, error, critical. | enum<string> | 'info' |
api.replicaCount | Number of pod replicas for this deployment. Caution Normally this shouldn't be changed. Minimum: 0 | integer | 1 |
api.resources.requests.memory | Kubernetes memory request for this container. | string | '512Mi' |
api.secretKey | Experimental Client key for authentication against the Palomar Cluster Controller API. This is used when the parameter global.secretsAsValues is enabled, otherwise a Secret named controller-api should be created with a CONTROLLER_SECRET_KEY data key. It should contain an API secret generated via the following shell command: 32 byte secret - dd if=/dev/random bs=1 count=32 status=none | xxd -ps -c64. | string | '' |
api.service.type | Kubernetes Service type for the Palomar Cluster Controller API. Warning It should only be accessible to trusted clients only, particularly because client requests are not authenticated by default. Supported values: ClusterIP, LoadBalancer, NodePort. | enum<string> | 'ClusterIP' |
celery.taskResultExpiresSecs | Time to live of task results in Redis (in seconds). Minimum: 1 | integer | 600 |
groupBalance.enabled | Whether to enable group balance feature. | boolean | false |
groupBalance.groupSizeSlackPercent | Experimental If group size differences are larger than the given percentage, users will be redistributed. Minimum: 1 | integer | 10 |
groupBalance.maxUserMoveBetweenGroups | Experimental Maximum number of users that can be moved between individual groups at each iteration of balancing. Used to prevent big swings in group sizes and too much load on Cassandra. For more information see Automatic Group Rebalancing Minimum: 1 | integer | 100 |
groupBalance.maxUserMovesPerPass | Experimental Maximum total number of users that can be moved (across all groups) at each iteration of group balancing. Minimum: 1 | integer | 200 |
hostFailure.coolTimeSecs | Experimental Minimum time in seconds between moving groups from hosts with failing logins to other hosts. If a host has high failure rate and the cool off time from its last group move has passed, controller will try to find another host which also has passed its cool-off period to move a group to. Minimum: 1 | integer | 3600 |
hostFailure.minLogins | Experimental Minimum number of logins needed in past 5 minutes to start processing host's health (i.e. change backend status if necessary or move groups from it if there is high failure rate). Minimum: 1 | integer | 10 |
hostFailure.ratio | Experimental Ratio of failed logins or mail deliveries to trigger group moves. Minimum: 0.0 (excluded)Maximum: 1.0 (excluded) | number | 0.1 |
hostLoadBalance.minCoolTimeSecs | Experimental Minimum time in seconds a group will not be moved to a new backend. If a group needs to be moved for load balancing, this period is honored and groups that have been moved recently will not be moved again. Minimum: 1 | integer | 3600 |
hostLoadBalance.minSamples | Experimental Number of samples over the last 24 hours needed for all the Z-scores for a host to do load balancing. Minimum: 0 | integer | 3000 |
hostLoadBalance.scoreDeltaThresholdRatio | Experimental Minimum load score difference between backends to initiate group move. See Cluster controller load balancing. Minimum: 0.0 (excluded) | number | 0.5 |
image.registry | Registry address where the image is located. This should include the registry hostname and, optionally, the HTTP sub-path (i.e. Harbor project name). Currently the Open-Xchange and Azure registries are allowed only. If empty, the global.image.registry parameter is used. | string | '' |
image.tag | Container image tag used for this chart. If empty, the global.image.tag parameter is used. Caution Normally this shouldn't be changed. | string | '<released-version>' |
prometheus.server.resources.requests.memory | Kubernetes memory request for this container. | string | '512Mi' |
prometheus.service.type | Kubernetes Service type. Supported values: ClusterIP, LoadBalancer, NodePort. | enum<string> | 'ClusterIP' |
redis.commonConfiguration | When overriding the maxmemory setting, please provide the default maxmemory-policy setting as well and adjust the redis.replica.resources.requests.memory parameter accordingly. | string | maxmemory 200MB |
redis.replica.replicaCount | Number of replicas of Redis pods, including the elected master. When increased, the redis.sentinel.quorum parameter should be adjusted accordingly.Minimum: 3 | integer | 3 |
redis.replica.resources.requests.memory | The requested memory should be at least 20% higher than maxmemory setting of the redis.commonConfiguration parameter. | string | '256Mi' |
redis.sentinel.quorum | Required quorum for Redis master election. Minimum: 2 | integer | 2 |
redis.sentinel.resources.requests.memory | Kubernetes memory request for this container. | string | '128Mi' |
scheduler.enabled | Whether to enable Palomar Cluster Controller scheduler. Caution Normally this shouldn't not be disabled. Please enable the worker.dryrun parameter instead. | boolean | true |
scheduler.log.level | Celery log levels. Supported values: debug, info, warning, error, critical, fatal. | enum<string> | 'info' |
scheduler.resources.requests.memory | Kubernetes memory request for this container. | string | '256Mi' |
securityContext.allowPrivilegeEscalation | boolean | false | |
securityContext.capabilities.drop | array | - ALL | |
securityContext.runAsGroup | Minimum: 0 | integer | 65534 |
securityContext.runAsNonRoot | boolean | true | |
securityContext.runAsUser | Minimum: 0 | integer | 65534 |
securityContext.seccompProfile.type | string | 'RuntimeDefault' | |
sentry.dsn | Experimental The Sentry's DSN endpoint to use to push data through. This is the main parameter to enable the Sentry integration. If only this is set only logging and error tracking are on. Please check other sentry.* parameters for more information. | string | '' |
sentry.profilesSampleRate | Experimental Percentage chance of profiling a sampled transaction. Minimum: 0.0Maximum: 1.0 | number | 0.0 |
sentry.tags | Experimental Dictionary indicating the tags under which push the Sentry's events. | object | {} |
sentry.tracesSampleRate | Experimental Percentage chance that a given transaction will be sent to Sentry. Minimum: 0.0Maximum: 1.0 | number | 0.0 |
worker.config | List of configuration for sets of workers. Each worker set needs the be configured in the following way: - name - number of replicas - Redis queue name (optional) | array | - name: low-prio |
worker.dryrun | Whether to enable DRY_RUN mode to log but not perform controller worker actions, such as: set_host_offline, set_host_online and move group. | boolean | false |
worker.livenessProbe.enabled | Whether to enable the probe for this container. | boolean | true |
worker.livenessProbe.failureThreshold | 2 minutes by default. Minimum: 1 | integer | 12 |
worker.livenessProbe.periodSeconds | Minimum: 1 | integer | 10 |
worker.livenessProbe.timeoutSeconds | Minimum: 1 | integer | 10 |
worker.log.level | Celery log levels. Supported values: debug, info, warning, error, critical, fatal. | enum<string> | 'info' |
worker.readinessProbe.enabled | Whether to enable the probe for this container. | boolean | true |
worker.readinessProbe.failureThreshold | 30 seconds by default. Minimum: 1 | integer | 3 |
worker.readinessProbe.periodSeconds | Minimum: 1 | integer | 10 |
worker.readinessProbe.timeoutSeconds | Minimum: 1 | integer | 10 |
worker.resources.requests.memory | Kubernetes memory request for this container. | string | '256Mi' |