Palomar: Cluster Controller Chart

Parameter	Description	Type	Default
api.allowInTrafficFromIpBlocks	Enable ingress traffic from all pods of 1 or more Kubernetes Namespaces.	array	[]
api.allowInTrafficFromNamespaces	Enable ingress traffic from a list of IP blocks.	array	[]
api.flower.resources.requests.memory	Kubernetes memory request for this container.	string	256Mi
api.log.level	Flask log levels. Supported Values: notset, debug, info, warning, error, critical	enum<string>	info
api.replicaCount	Number of pod replicas for this deployment. Caution Normally this shouldn't be changed. Minimum: 0	integer	1
api.resources.requests.memory	Kubernetes memory request for this container.	string	256Mi
api.secretKey	Experimental Client key for authentication against the Palomar Cluster Controller API. This is used when the parameter global.secretsAsValues is enabled, otherwise a Secret named controller-api should be created with a CONTROLLER_SECRET_KEY data key. It should contain an API secret generated via the following shell command: 32 byte secret - dd if=/dev/random bs=1 count=32 status=none | xxd -ps -c64.	string
api.service.type	Kubernetes Service type. Supported Values: ClusterIP, LoadBalancer, NodePort	enum<string>	ClusterIP
celery.taskResultExpiresSecs	Time to live of task results in Redis (in seconds). Minimum: 1	integer	600
global.cassandra.datacenter	Cassandra datacenter name. It can hold 1 or more Dovecot sites.	string	dc1
global.cassandra.datacenterToReplicationFactor	List of (datacenter: replicationFactor) pairs for initialization of Cassandra schema. This is required if any of the following parameters is enabled: - global.dictmap.initSchema - global.geodb.initSchema	array	- dc: dc1   rf: 1
global.cassandra.datacenterToReplicationFactor/items/properties/dc		string	dc1
global.cassandra.datacenterToReplicationFactor/items/properties/rf	Minimum: 1	integer	1
global.cassandra.externalDomain	DNS endpoint of the Cassandra cluster. This is not compatible with the global.cassandra.externalIPs parameter.	string
global.cassandra.externalIPs	List of IP addresses of the Cassandra nodes. This is not compatible with the global.cassandra.externalDomain parameter.	array	[]
global.cassandra.loadBalancingPolicy	Cassandra load balancing policy. Supported Values: RoundRobin, DCAwareRoundRobin	enum<string>	DCAwareRoundRobin
global.cassandra.tls.enabled		boolean	true
global.cassandra.usedHostsPerRemoteDc	If DCAwareRoundRobin is chosen as Cassandra load balancing policy, controls how many nodes in each remote datacenter will have connections opened against them. Minimum: 0	integer	0
global.controllerClientKey	Experimental Client key for authentication against the Palomar Cluster Controller API. This is used when the parameter global.secretsAsValues is enabled, otherwise a Secret named controller-client should be created with a CONTROLLER_AUTH__SECRET_KEY data key. It should be either a PEM key or a 32 byte secret key (optional).	string
global.development	Caution This is for internal development only.	boolean	false
global.dictmap.enabled	Whether to enable fs-dictmap in Obox, with Object name to Object ID mapping. fs-dictmap is always required for all object storage installations. However, it's not required for NFS. For further info please visit Dictmap	boolean	true
global.dictmap.initSchema	Whether to initialize the Cassandra schema (keyspace and tables) used for Obox. This functionality is implemented within the controller-scheduler Deployment as initContainer.	boolean	false
global.dictmap.keyspace	Cassandra keyspace used for Obox.	string	d8s_dovecot
global.externalPrometheus	Settings for enabling external, cluster-wide Prometheus integration.	N/A
global.externalPrometheus.namespace	Palomar Cluster Controller comes with its own built-in Prometheus deployment. However, if there is an external, cluster-wide Prometheus fetching metrics from all applications, it's possible to provide the namespace where this Prometheus deployment is located in order to allow access from there. It's assumed there is no external Prometheus by default.	string
global.geodb.initSchema	Whether to initialize the Cassandra schema (keyspace and tables) used for Palomar. This functionality is implemented within the controller-scheduler Deployment as initContainer.	boolean	true
global.geodb.keyspace	Cassandra keyspace used for Palomar.	string	d8s_geodb
global.image.pullPolicy	Supported Values: Always, IfNotPresent, Never	enum<string>	Always
global.image.pullSecret	Kubernetes Secret name containing an image pull secret. This is used when global.secretsAsValues is disabled.	string	registry
global.image.registry	Registry address where the images are located. This should include the registry hostname and, optionally, the HTTP sub-path (i.e. Harbor project name). This container registry address is used as global default.	string	registry.open-xchange.com/dovecot-pro
global.image.tag	Container image tag used as global default. Caution Normally this shouldn't be changed.	string	<released-version>
global.imagePullSecret.password	Password for authenticating against the container registry. This is used when global.secretsAsValues is enabled.	string
global.imagePullSecret.registryUrl	Container registry URL (domain). This is used when global.secretsAsValues is enabled.	string	registry.open-xchange.com
global.imagePullSecret.username	Username for authenticating against the container registry. This is used when global.secretsAsValues is enabled.	string
global.secretsAsValues	Provide secrets (passwords/keys) as Helm chart values and let the chart handle Secrets directly.	boolean	false
global.site.loadBalancer	Public FQDN of the Dovecot site load balancer. This is optional for single-site and required for multi-site.	string
global.site.name	Dovecot site name.	string	dc1a
groupBalance.enabled	Whether to enable group balance feature.	boolean	false
groupBalance.groupSizeSlackPercent	Experimental If group size differences are larger than the given percentage, users will be redistributed. Minimum: 1	integer	10
groupBalance.maxUserMoveBetweenGroups	Experimental Maximum number of users that can be moved between individual groups at each iteration of balancing. Used to prevent big swings in group sizes and too much load on Cassandra. For more information see Automatic Group Rebalancing Minimum: 1	integer	100
groupBalance.maxUserMovesPerPass	Experimental Maximum total number of users that can be moved (across all groups) at each iteration of group balancing. Minimum: 1	integer	200
hostFailure.coolTimeSecs	Experimental Minimum time in seconds between moving groups from hosts with failing logins to other hosts. If a host has high failure rate and the cool off time from its last group move has passed, controller will try to find another host which also has passed its cool-off period to move a group to. Minimum: 1	integer	3600
hostFailure.minLogins	Experimental Minimum number of logins needed in past 5 minutes to start processing host's health (i.e. change backend status if necessary or move groups from it if there is high failure rate). Minimum: 1	integer	10
hostFailure.ratio	Experimental Ratio of failed logins or mail deliveries to trigger group moves.	number	0.1
hostLoadBalance.minCoolTimeSecs	Experimental Minimum time in seconds a group will not be moved to a new backend. If a group needs to be moved for load balancing, this period is honored and groups that have been moved recently will not be moved again. Minimum: 1	integer	3600
hostLoadBalance.minSamples	Experimental Number of samples over the last 24 hours needed for all the Z-scores for a host to do load balancing. Minimum: 0	integer	3000
hostLoadBalance.scoreDeltaThresholdRatio	Experimental Minimum load score difference between backends to initiate group move. See Cluster controller load balancing.	number	0.5
image	Non-global model for images. There are basically 2 use cases: * chart-level: applied to all images within a chart * specific images within a chart	N/A
image.registry	Registry address where the image is located. This should include the registry hostname and, optionally, the HTTP sub-path (i.e. Harbor project name). If empty, the global.image.registry parameter is used.	string
image.tag	Container image tag used for this chart. If empty, the global.image.tag parameter is used. Caution Normally this shouldn't be changed.	string	<released-version>
prometheus	Prometheus chart configuration. Defaults: https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus/values.yaml	N/A
prometheus.server.resources.requests.memory	Kubernetes memory request for this container.	string	256Mi
prometheus.service.type	Kubernetes Service type. Supported Values: ClusterIP, LoadBalancer, NodePort	enum<string>	ClusterIP
redis	Redis chart configuration Docs: https://github.com/bitnami/charts/tree/main/bitnami/redis/ Defaults: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml	N/A
redis.commonConfiguration	When overriding the maxmemory setting, please adjust the redis.replica.resources.requests.memory parameter accordingly.	string	maxmemory 200MB
redis.replica.replicaCount	Number of replicas of Redis pods, including the elected master. When increased, the redis.sentinel.quorum parameter should be adjusted accordingly. Minimum: 3	integer	3
redis.replica.resources.requests.memory	The requested memory should be at least 20% higher than maxmemory setting of the redis.commonConfiguration parameter.	string	256Mi
redis.sentinel.quorum	Required quorum for Redis master election. Minimum: 2	integer	2
redis.sentinel.resources.requests.memory	Kubernetes memory request for this container.	string	256Mi
scheduler.enabled	Whether to enable Palomar Cluster Controller scheduler. Caution Normally this shouldn't not be disabled. Please enable the worker.dryrun parameter instead.	boolean	true
scheduler.log.level	Celery log levels. Supported Values: debug, info, warning, error, critical, fatal	enum<string>	info
scheduler.resources.requests.memory	Kubernetes memory request for this container.	string	256Mi
securityContext.capabilities.drop		array	- ALL
securityContext.runAsGroup	Minimum: 0	integer	65534
securityContext.runAsNonRoot		boolean	true
securityContext.runAsUser	Minimum: 0	integer	65534
securityContext.seccompProfile.type		string	RuntimeDefault
sentry.dsn	Experimental The Sentry's DSN endpoint to use to push data through. This is the main parameter to enable the Sentry integration. If only this is set only logging and error tracking are on. Please check other sentry.* parameters for more information.	string
sentry.profilesSampleRate	Experimental Percentage chance of profiling a sampled transaction. Maximum: 1 Minimum: 0	number	0
sentry.tags	Experimental Dictionary indicating the tags under which push the Sentry's events.	object	{}
sentry.tracesSampleRate	Experimental Percentage chance that a given transaction will be sent to Sentry. Maximum: 1 Minimum: 0	number	0
worker.config	List of configuration for sets of workers. Each worker set needs the be configured in the following way: - name - number of replicas - Redis queue name (optional)	array	- name: low-prio   replica_count: 2   queue: null - name: high-prio   replica_count: 1   queue: high-priority-task-queue
worker.dryrun	Whether to enable DRY_RUN mode to log but not perform controller worker actions, such as: set_host_offline, set_host_online and move group.	boolean	false
worker.livenessProbe.enabled	Whether to enable the probe for this container.	boolean	true
worker.livenessProbe.failureThreshold	2 minutes by default. Minimum: 1	integer	12
worker.livenessProbe.periodSeconds	Minimum: 1	integer	10
worker.livenessProbe.timeoutSeconds	Minimum: 1	integer	10
worker.log.level	Celery log levels. Supported Values: debug, info, warning, error, critical, fatal	enum<string>	info
worker.readinessProbe.enabled	Whether to enable the probe for this container.	boolean	true
worker.readinessProbe.failureThreshold	30 seconds by default. Minimum: 1	integer	3
worker.readinessProbe.periodSeconds	Minimum: 1	integer	10
worker.readinessProbe.timeoutSeconds	Minimum: 1	integer	10
worker.resources.requests.memory	Kubernetes memory request for this container.	string	256Mi